FOSS is here to stay, displacing malevolent privative counterparts—great!
FOSS exposes bugs to be found and fixed by the community—great!
FOSS shows security issues than can be exploited by attackers—gr..what?
In the last decades, source code transparency has made the job of black-hat hackers increasingly easy. We now have security websites exposing vulnerabilities and even exploits online—and despite good practices like responsible disclosure, it is the sheer amount of (external) code what makes everyone ultimately vulnerable. In plain words, nobody's safe.
From that base, this talk puts forward the need for a concept of *probability of future exploits*. This is crucial for project management, but also at developer level, to see the risks of not upgrading (or yes upgrading!) a dependency. We show how this probability can, and must, be computed from a project's dependency tree, in a manner that only the use of FOSS can allow. We also show that the development history of the project and its dependencies is key to getting useful results.
Finally, we merge the dependency tree and development history of a project into a white-box model, which we use to estimate the probability of future exploits. We show how to do it for the Java-Maven environment, for which we can use the FOSS tool 'FIG'. FIG, written in C++ and released under GPLv3, was designed for statistical estimations and can compute the probability of attacks in complex scenarios like the ones at hand.
Sling is an established web application framework, with a multitude of core features and extensions. It has a very productive inner loop, with OSGi bundle deployment, JCR content editing and live configuration updates. The less-told story is how an application should be assembled, configured, deployed, and monitored.
In this talk we will present the main approaches for bootstrapping, deploying, updating, and monitoring Sling-based applications, based on Open Source tools and libraries.
The participants will gain a better understanding of the options available for managing their own Sling-based application and will be able to minimise the effort needed to manage such an application.
Talk on "Recon Resurgence: Level up your Recon skills for Maximum impact in Bug-Bounty" by "Agnibha Dutta" at null/OWASP Kolkata Meetup on 27 January 2024
This a really short and compact introduction to CMake mechanisum and common variables used. Showed in a simple groupe meeting of the REVES team of the INRIA Sophia Antipolis (France) to sudents/PhD.
Beyond Golden Containers: Complementing Docker with Puppetlutter
Often, Docker or more generally containers and immutable infrastructure are viewed as a replacement for configuration management. This talk explains why that is not the case, and that they are in fact complementary.
Containers move the challenges that configuration management solves to different places in the application lifecycle. The talk explains where Puppet fits into this changed lifecycle, and what tools Puppet provides there.
Slides for a talk I gave at the Linux Foundation Colaboration Summit 2015
Sling is an established web application framework, with a multitude of core features and extensions. It has a very productive inner loop, with OSGi bundle deployment, JCR content editing and live configuration updates. The less-told story is how an application should be assembled, configured, deployed, and monitored.
In this talk we will present the main approaches for bootstrapping, deploying, updating, and monitoring Sling-based applications, based on Open Source tools and libraries.
The participants will gain a better understanding of the options available for managing their own Sling-based application and will be able to minimise the effort needed to manage such an application.
Talk on "Recon Resurgence: Level up your Recon skills for Maximum impact in Bug-Bounty" by "Agnibha Dutta" at null/OWASP Kolkata Meetup on 27 January 2024
This a really short and compact introduction to CMake mechanisum and common variables used. Showed in a simple groupe meeting of the REVES team of the INRIA Sophia Antipolis (France) to sudents/PhD.
Beyond Golden Containers: Complementing Docker with Puppetlutter
Often, Docker or more generally containers and immutable infrastructure are viewed as a replacement for configuration management. This talk explains why that is not the case, and that they are in fact complementary.
Containers move the challenges that configuration management solves to different places in the application lifecycle. The talk explains where Puppet fits into this changed lifecycle, and what tools Puppet provides there.
Slides for a talk I gave at the Linux Foundation Colaboration Summit 2015
containerit at useR!2017 conference, BrusselsDaniel Nüst
**Webpage**
https://github.com/o2r-project/containerit/
**Abstract**
Reproducibility of computations is crucial in an era where data is born digital and analysed algorithmically. Most studies however only publish the results, often with figures as important interpreted outputs. But where do these figures come from? Scholarly articles must provide not only a description of the work but be accompanied by data and software. R offers excellent tools to create reproducible works, i.e. Sweave and RMarkdown. Several approaches to capture the workspace environment in R have been made, working around CRAN’s deliberate choice not to provide explicit versioning of packages and their dependencies. They preserve a collection of packages locally (packrat, pkgsnap, switchr/GRANBase) or remotely (MRAN timemachine/checkpoint), or install specific versions from CRAN or source (requireGitHub, devtools). Installers for old versions of R are archived on CRAN. A user can manually re-create a specific environment, but this is a cumbersome task.
We introduce a new possibility to preserve a runtime environment including both, packages and R, by adding an abstraction layer in the form of a container, which can execute a script or run an interactive session. The package containeRit automatically creates such containers based on Docker. Docker is a solution for packaging an application and its dependencies, but shows to be useful in the context of reproducible research (Boettiger 2015). The package creates a container manifest, the Dockerfile, which is usually written by hand, from sessionInfo(), R scripts, or RMarkdown documents. The Dockerfiles use the Rocker community images as base images. Docker can build an executable image from a Dockerfile. The image is executable anywhere a Docker runtime is present. containeRit uses harbor for building images and running containers, and sysreqs for installing system dependencies of R packages. Before the planned CRAN release we want to share our work, discuss open challenges such as handling linked libraries (see discussion on geospatial libraries in Rocker), and welcome community feedback.
containeRit is developed within the DFG-funded project Opening Reproducible Research to support the creation of Executable Research Compendia (ERC) (Nüst et al. 2017).
**References**
Boettiger, Carl. 2015. “An Introduction to Docker for Reproducible Research, with Examples from the R Environment.” ACM SIGOPS Operating Systems Review 49 (January): 71–79. doi:10.1145/2723872.2723882.
Nüst, Daniel, Markus Konkol, Edzer Pebesma, Christian Kray, Marc Schutzeichel, Holger Przibytzin, and Jörg Lorenz. 2017. “Opening the Publication Process with Executable Research Compendia.” D-Lib Magazine 23 (January). doi:10.1045/january2017-nuest.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Support helping to make safety backups of your PC before testing secureboot (disclamer), to know about its ubuntu implementation (hardware & firmware), to test it.
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with UciprovZabbix
Beesip (Bright Efficient Embedded Solution for IP Telephony) is platform based on OpenWrt, primarily made for IP telephony purposes. The aim of the project is the development and implementation of embedded SIP communication server with an easy integration into the computer network based on open-source solutions. Beesip uses uciprov for remote management and provisioning. Next to this, it uses Zabbix for inventory and monitoring utilizing auto-discovery and auto-registration. Even if it is used primarily for IP telephony, it is common to use Beesip build system for other purposes like monitoring probes distribution or Eduroam AP management. Talk will be practically oriented showing possibilities of provisioning and auto inventory in OpenWrt world.
Zabbix Conference 2015
The complexity of agricultural droughts requires a consistent, reliable, and systematic method for monitoring and reporting. Amongst the various indices used to monitor this phenomenon, the soil moisture anomaly has been proven to be a more reliable predictor. However, the datasets required for computing this index are often large and computationally demanding. To address this challenge, we have developed SMODEX, a Python package that enables scalable, fast, and open-source standard-compliant computation and visualization of soil moisture anomalies.
SMODEX simplifies the computation and visualization of time-series for soil moisture and soil moisture anomalies from high-dimensional climate datasets. It allows for quick and easy parallelization of the computation on a daily, weekly, and monthly timescale. Additionally, SMODEX implements a straightforward workflow for automating the use of FAIR (Findable, Accessible, Interoperable, and Reusable) principles in producing and sharing outputs by leveraging the open source STAC API. The package is extendible and provides information on how to contribute to the project, test suites, test coverage, and a use case for the South Tyrol region, all provided in the package repository. In the future, additional agricultural drought indices and indicators would be included to serve to even larger community of researchers, policy makers, and individual users.
The Open Hardware PowerPC Notebook designed around GNU/Linux will be showed at NOI Techpark. We had presented here its motherboard design in 2018. We will updates regarding last developments for u-boot AMD video drivers, re-design of heat pipes, and CE test certification process. We will give future availability milestones of this notebook and details regarding the GNU/Linux distributions or other OS that could runs on it.
More Related Content
Similar to SFSCON23 - Carlos Esteban Budde - Predict security attacks in FOSS
containerit at useR!2017 conference, BrusselsDaniel Nüst
**Webpage**
https://github.com/o2r-project/containerit/
**Abstract**
Reproducibility of computations is crucial in an era where data is born digital and analysed algorithmically. Most studies however only publish the results, often with figures as important interpreted outputs. But where do these figures come from? Scholarly articles must provide not only a description of the work but be accompanied by data and software. R offers excellent tools to create reproducible works, i.e. Sweave and RMarkdown. Several approaches to capture the workspace environment in R have been made, working around CRAN’s deliberate choice not to provide explicit versioning of packages and their dependencies. They preserve a collection of packages locally (packrat, pkgsnap, switchr/GRANBase) or remotely (MRAN timemachine/checkpoint), or install specific versions from CRAN or source (requireGitHub, devtools). Installers for old versions of R are archived on CRAN. A user can manually re-create a specific environment, but this is a cumbersome task.
We introduce a new possibility to preserve a runtime environment including both, packages and R, by adding an abstraction layer in the form of a container, which can execute a script or run an interactive session. The package containeRit automatically creates such containers based on Docker. Docker is a solution for packaging an application and its dependencies, but shows to be useful in the context of reproducible research (Boettiger 2015). The package creates a container manifest, the Dockerfile, which is usually written by hand, from sessionInfo(), R scripts, or RMarkdown documents. The Dockerfiles use the Rocker community images as base images. Docker can build an executable image from a Dockerfile. The image is executable anywhere a Docker runtime is present. containeRit uses harbor for building images and running containers, and sysreqs for installing system dependencies of R packages. Before the planned CRAN release we want to share our work, discuss open challenges such as handling linked libraries (see discussion on geospatial libraries in Rocker), and welcome community feedback.
containeRit is developed within the DFG-funded project Opening Reproducible Research to support the creation of Executable Research Compendia (ERC) (Nüst et al. 2017).
**References**
Boettiger, Carl. 2015. “An Introduction to Docker for Reproducible Research, with Examples from the R Environment.” ACM SIGOPS Operating Systems Review 49 (January): 71–79. doi:10.1145/2723872.2723882.
Nüst, Daniel, Markus Konkol, Edzer Pebesma, Christian Kray, Marc Schutzeichel, Holger Przibytzin, and Jörg Lorenz. 2017. “Opening the Publication Process with Executable Research Compendia.” D-Lib Magazine 23 (January). doi:10.1045/january2017-nuest.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Support helping to make safety backups of your PC before testing secureboot (disclamer), to know about its ubuntu implementation (hardware & firmware), to test it.
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with UciprovZabbix
Beesip (Bright Efficient Embedded Solution for IP Telephony) is platform based on OpenWrt, primarily made for IP telephony purposes. The aim of the project is the development and implementation of embedded SIP communication server with an easy integration into the computer network based on open-source solutions. Beesip uses uciprov for remote management and provisioning. Next to this, it uses Zabbix for inventory and monitoring utilizing auto-discovery and auto-registration. Even if it is used primarily for IP telephony, it is common to use Beesip build system for other purposes like monitoring probes distribution or Eduroam AP management. Talk will be practically oriented showing possibilities of provisioning and auto inventory in OpenWrt world.
Zabbix Conference 2015
The complexity of agricultural droughts requires a consistent, reliable, and systematic method for monitoring and reporting. Amongst the various indices used to monitor this phenomenon, the soil moisture anomaly has been proven to be a more reliable predictor. However, the datasets required for computing this index are often large and computationally demanding. To address this challenge, we have developed SMODEX, a Python package that enables scalable, fast, and open-source standard-compliant computation and visualization of soil moisture anomalies.
SMODEX simplifies the computation and visualization of time-series for soil moisture and soil moisture anomalies from high-dimensional climate datasets. It allows for quick and easy parallelization of the computation on a daily, weekly, and monthly timescale. Additionally, SMODEX implements a straightforward workflow for automating the use of FAIR (Findable, Accessible, Interoperable, and Reusable) principles in producing and sharing outputs by leveraging the open source STAC API. The package is extendible and provides information on how to contribute to the project, test suites, test coverage, and a use case for the South Tyrol region, all provided in the package repository. In the future, additional agricultural drought indices and indicators would be included to serve to even larger community of researchers, policy makers, and individual users.
The Open Hardware PowerPC Notebook designed around GNU/Linux will be showed at NOI Techpark. We had presented here its motherboard design in 2018. We will updates regarding last developments for u-boot AMD video drivers, re-design of heat pipes, and CE test certification process. We will give future availability milestones of this notebook and details regarding the GNU/Linux distributions or other OS that could runs on it.
Tracking aeroplanes in real time with Open Source Software is possible. Aircrafts must continuously send their current flight parameters to air traffic controllers on the ground and to other aircrafts. This generates a lot of data, especially when planes are being tracked by multiple sensors.
The Open Data Hub on the other hand offers a great backbone for data storing and processing, where the correct datasets have to be identified and filtered. After all transformation on the data is done, it will be exposed via API to be further used by a web application.
Bringing together sensor generated data, the Open Data Hub and custom web applications, is a showcase on how the Open Data Hub can be used as a service: OaaS.
The transition from Web 2.0 to Web 3.0 has fueled the need for a secure and decentralized cloud storage solution for digital assets. Web 2.0 was characterized by centralized platforms where user data was under the control of companies. In contrast, Web 3.0 aims to empower individuals and foster a decentralized web that supports and benefits the Free Software and Open Data Communities.
Blockchain technologies facilitate seamless collaboration and interoperability among diverse stakeholders in the Free Software and Open Data communities. Developers can establish open and transparent ecosystems where data can be shared, verified, and integrated across multiple platforms.
Beez, with its own blockchain infrastructure, offers a secure and transparent platform for digital asset exchanges, bolstering transaction integrity and trust. By distributing data across a network of nodes, Beez ensures security and mitigates the risk of single points of failure. Users retain control over their data, safeguard their privacy, and can take advantage of the incentive mechanisms offered by blockchain networks.
During our presentation, we will explore the role of AI within Beez's ecosystem, facilitating accelerated data processing, correlation, and intelligent automation. AI unlocks valuable insights from blockchain data, and we will touch upon the use of Inductive Logic Programming (ILP) to enhance programming performance.
The integration of Blockchain and AI technologies holds great potential for advancing the safety and efficiency of the Open Data ecosystem. By combining decentralized data storage, trust-building mechanisms, and intelligent data processing, Beez is paving the way for a more secure, transparent, and user-centric digital landscape.
We are becoming more and more dependent on the Internet for our work, education, communication, personal relations and entertainment. Our digital devices conquered an unprecedented level of importance in our life.
However, we are facing a loss of control over our smartphones, tablets and other devices for internet connection. It's time to resolve monopolies and re-establish democratic control over the technology we most depend upon.
This talk will present the challenges end-users are facing to get more control over their devices and how Free Software is key for a consumer re-empowerement.
The talk will present real-life examples of policy demands against gatekeepers on digital markets, such as the struggle for Router Freedom in the last years and how Device Neutrality can serve as an important instrument for pushing forward end-user-oriented digital policies.
MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR ( MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR (Consiglio Nazionale delle Ricerche), Santagata 1907 and Enginius are searching the system for finding and trace their presence in the virgin and extra virgin olive oils by using open fingerprints methods, open hardware and open source blockchain and AI technologies.
Up-to date measurements of surface meteorological variables are essential to monitor weather conditions, their spatio-temporal variability and the potential effects on a wide range of sectors and applications. Moreover, when included in continuous records of long historical observations spanning several decades, they become essential for assessing long-term climate variability and change locally and on a regional level.
Automated pipelines capable of retrieving and processing near-real time meteorological data satisfy the primary prerequisites towards the development and advancement of effective and operational climate services.
With a public and operational near real-time monitoring web platform in mind, we present automated pipelines to collect and process up-to-date daily temperature and precipitation records for Trentino South Tyrol (Italy) and surrounding areas, and to derive their spatially interpolated fields at sub-km scale. Our pipelines are composed by multiple steps including data download, sanity checks, reconstruction of missing daily records, integration into the historical archive, spatial interpolation and publication onto online FAIR catalogues as (openEO) “datacubes”. The different APIs, data formats and structure across the various data sources, and the need to merge the data onto harmonized meteorological layers, make this a typical case of the so-called Extract, Transform and Load (ETL) pipelines, and, in order to follow the principles of data reproducibility and Open Science, we embraced open-source automated workflow management through GitLab’s Continuous Integration / Continuous Development (CI/CD) capabilities.
CI/CD workflows greatly help the management of the relatively complex graphs of tasks required for our climate application, ensuring seamless orchestration with thorough flow monitoring, application logs, transactions rollbacks, and exception handling in general. Native pipeline-oriented software development also fosters a clean separation of roles among the tasks, and a more modular architecture. This effectively reduces barriers to collaborative development and paves the way for robust operational climate services for researchers and decision makers in the face of the changing climate.
The Open Science movement aims to increase the transparency, reproducibility and inclusiveness of academic research. One of its central goals is therefore to make research outputs broadly available, e.g., manuscripts (Open Access) or research data (Open Data). While software/code created in the course of scientific research is a key artifact of scientific research that is clear distinct from the latter two, it has until recently not received the same attention as manuscripts or data, although it follows its own set of paradigms.
In this talk I will present an overview on how the core concepts of Free Software and the FAIR (findable, accessible, interoperable, reuseable) Principles intersect, what this means for managing code as research output and recent initiatives on the European level that will provide support for these issues.
Software freedom can be defined in many ways but in legal terms it is squarely defined by a set of approved FSF and OSI software licenses. Yet everyone realizes that beyond these licenses the goal of software freedom and digital sovereignty cannot be achieved without the ability to master and create hardware components and systems - and beyond that, to rely on open digital infrastructure (servers, datacenters, and resources) . This talk will present the challenges around these topics and what we, collectively in Europe already do and can do to ensure our independence and our freedoms.
EDP-portal is the access point to the Environmental Data Platform of Eurac Research since 2021 to achieve FAIRness of our datasets. It allows to publish data and metadata and provides APIs and web services for data access. In the last 2 years the EDP improved the findability and accessibility of the data collected throughout the curation of metadata that was improved with the DOI registration for datasets. The result is a higher metadata quality where the final user can easily find how to properly cite datasets with a persistent identifier. The portal itself and main data repositories are registered in FAIR-sharing portal with their own DOI. The SW components of the EDP are totally based on open source projects.
This lightning talk will explore the transformative potential of integrating Internet of Things (IoT) and Artificial Intelligence (AI) in Mass Customization (MC). There is a significant collective impact of these technologies on businesses, enabling the delivery of personalized products and exceptional customer experiences. Besides giving an overview of MC and the potential ways of integrating IoT and AI, the focus will be on the process of real-time data collection and facilitation of the customization process by IoT on one hand, and on the role of AI in data analysis and generation of personalized recommendations on the other hand. By presenting real-world case studies to demonstrate the practical implementation of IoT and AI in providing customized products and seamless customer experiences, attendees will gain insights into the future of customization and learn actionable strategies to effectively leverage IoT and AI.
Since 2020 Stadtwerke Meran have realized 5 Use cases:
- Control of the control cabinets of public lighting.
- Optimizing the service on Waste Press container.
- Bike Boxes
- Just Nature Project , temperature measuring over Lorawan
- Smart Lighting , communication with single light points over Lorwan.
As open source software becomes the foundation to build digital products, to run the backbones of ICT infrastructure and to ensure digital sovereignty and cyber resilience, both the technology as well as the communities that develop it inevitably move into the focus of regulators. The European Union is advancing a number of policy initiatives that regulate liability, cyber security, data handling and AI applications in digital products, among others. This is a challenge for the still quite decentralised and globally operating open source community. How could the open source community participate in legislative processes, and what may be the potential impacts of the upcoming regulation on the open source development process and community dynamics?
The public transport in South Tyrol is going through a huge transformation: new investments, many new green vehicles and a brand new software. Transition will take time and how do we develop a fleet monitoring system to use during the transition without spending a fortune ? maybe with free software!
AICS is the Italian Agency for Development Cooperation that started operating in 2016 with the ambition of aligning Italy with the main European and international partners in the commitment to development. KNOWAGE Labs are developing for AICS a platform that is probably unique in the world and will allow both the Agency and the public to access all the major indicators on the UN Sustainable Development Goals provided by international sources (World Bank, WTO, ILO..) and easily compare them. The solution will allow analysis to start from 3 different touch points: the infographic of SDG goals, the advanced search criteria, and the virtual assistant. Then, a customized dashboard will be provided to the user, allowing to further expand the analysis by interacting with charts, maps, tables, etc. This talk will show the state of art of the solution, highlighting objectives and expected results of the project, but also the new developments of KNOWAGE related to AI.
Interoperability is a core element of the ongoing digitalisation of Europe. With the Interoperable Europe Act, the EU is aiming to create a dedicated legal framework for interoperability and to enhance cross-border digital public services across the European Union. This talk will give an overview of the state of play of this proposed regulation in the ongoing EU legislative process, some of its flaws, and the important role that Free Software and its community can play in it.
How to sharpen the demand for public code across Europe and monitor progress with TEDective
For six years, the Free Software Foundation Europe has been calling with a broad alliance for publicly funded software to be published as Free Software. This initiative has become a great success: Our demand "Public Money? Public Code!" has found its way into government strategy papers, party programs, as well as coalition treaties, and is being discussed in public administrations across Europe.
At the same time, we see less progress than expected and vendor lock ins remain a crucial issue. Digital sovereignty is redefined bypassing Free Software. There is openwashing in publicly funded companies, and government projects in favour of Free Software remain empty words. Public statistics on the procurement of Free Software are largely unavailable.
It is therefore no longer enough to promote the idea of "Public Money? Public Code!". We as the Free Software community should be even more vigilant than before – continuing to praise small steps in the right direction, but pointing out and criticising omissions and lack of implementation. We should become more like watchdogs.
In the talk we will look at some examples of lack of implementation of Free Software policies. We will discuss how we, as civil society, can identify such shortcomings and how to deal with them. We will present our initiative TEDective – a free-software solution that makes European public procurement data explorable for non-experts, aiming to provide you with a powerful tool to keep an eye on real progress towards "Public Money? Public Code!" across Europe.
The Internet today forms the backbone of the digitisation of our society and economy. As connectivity increases, the boundaries between the real and digital world get increasingly blurred. However, there has been an erosion of trust in the Internet following revelations about the exploitation of personal data, large-scale cybersecurity and data breaches, and growing awareness of the proliferation and impacts of online disinformation.
What can be done to improve the Internet as a platform for future generations? What initiatives are currently in place to build key technological blocks of an Internet that supports human-centric values, such as privacy, security, and inclusion, while reflecting the values and norms all citizens should enjoy in Europe?
This talk will explore why the current state of the internet must be re-imagined and re-engineered in order to support healthy societies, the existing European Commission initiative to work towards doing so, and the role of Free Software in accomplishing these goals.
2023 saw the launch, after a long and well-structured revision and development process, all based on a fruitful collaboration between several departments of the Autonomous Province of Bolzano, most of the township in South Tyrol, Informatica Alto Adige (SIAG - Technical partner) and the Consortium of Municipalities of the Province of Bolzano, of the new version of the integrated geographic data management system IGis Maps. In use for years in South Tyrol, has in the Consortium one of its most enthusiastic contributors and supporters.
The very first version was released about eight years ago and its implementation was based on the idea of creating a multi-purpose GIS management system that could support different types of users, that was highly customizable, and, above all, that could be widely shared among the various management entities, both public and private, present within our territory.
After years of use and ad-hoc developments, we can finally present the new version of the IGis Maps system, which incorporates all the technical and technological improvements we realized the system needed.
It was not just a major update together with new functionalities combined inside the previous software structure, but a true re-engineering that led, among other things, to a new and more efficient user interface, a major advancement regarding the internal security, an optimization and improvement of the entire editing section as well as an optimization of the section regarding the automatic geo-processes.
A mobile version is currently under development to better support any field activities, for which a very powerful option will be included, the possibility of creating special work sessions in off-line mode so as to be able to operate even in areas without a proper cellular line network coverage.
Other very important peculiarities concern that the system is developed using a totally free software code and infrastructure, that a detailed documentation has been produced to ensure sustainability to any further future evolution, even in case of technical partner turnover, and finally, that by taking advantage of the high standards and levels of security access can be guaranteed to any type of user. From professional users, through dedicated access and qualifications or, using the ordinary SPID, to the private citizen.
We will show examples of how different types of users and stakeholders now permanently use the system for the management of a variety of tasks related to their activities, and how it was possible to customize IGis Maps to create visualization and data management contexts that best meet their needs.
We will also present a related project concerning the updating and the correction of the new technical basal cartography, built upon the new Basic Core specification, achieved through the automatic conversion implemented by the SIAG team starting from the previous National Core cartography. With the new IGis Maps it was possible to create an a
KNOWAGE is the open source analytics and business intelligence suite made in Italy. KNOWAGE aims to provide company and organizations with analytical capabilities to exploit data to increase their efficiency and sustainability. Also thanks to the open source community support, the suite is constantly evolving combining the reliability of the most popular business intelligence solutions with the security and the transparency guaranteed by open source.
This talk will show the last year advancements and new features towards a more mobile, accessible and user-friendly product, focusing on the newly rewritten dashboarding tool.
More from South Tyrol Free Software Conference (20)
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
SFSCON23 - Carlos Esteban Budde - Predict security attacks in FOSS
1. >>> Predict security attacks in FOSS
>>> Why you want it and how to do it
Name: Carlos E. Budde
Inst: University of Trento, Italy
Date: 10th November 2023
[~]$ _ [1/9]
36. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
[4. Challenges]$ _ [7/9]
37. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
[4. Challenges]$ _ [7/9]
38. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
[4. Challenges]$ _ [7/9]
39. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
* Software features for classification
that are relevant for security
[4. Challenges]$ _ [7/9]
40. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
* Software features for classification
that are relevant for security
Some SW metric
Some
other
SW
metric
Types of so�tware library
[4. Challenges]$ _ [7/9]
41. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
* Software features for classification
that are relevant for security
Some SW metric
Some
other
SW
metric
Types of so�tware library
[4. Challenges]$ _ [7/9]
42. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
* Software features for classification
that are relevant for security
Some SW metric
Some
other
SW
metric
Types of so�tware library
[4. Challenges]$ _ [7/9]
43. >>> But:
* Vulnerabilities are rare events ⇒ very few to fit from
– Aggregate vulnerabilities from many libraries
* Not every vulnerability (or library) is equivalent
– Partition software libraries per type
* Software features for classification
that are relevant for security
Some SW metric
Some
other
SW
metric
Types of so�tware library
Features used to partition data,
not to predict vulnerabilities
[4. Challenges]$ _ [7/9]
44. >>> Preliminary outcomes
Time from release date of library to publication date of CVE
Probability
of
CVE
in
own_code
of
library
Small/Medium Large
Local
Remote
network
[5. Results]$ _ [8/9]
45. >>> Predict security attacks in FOSS
>>> Why you want it and how to do it
Name: Carlos E. Budde†
Inst: University of Trento, Italy
https://vuass.eu.qualtrics.com/
jfe/form/SV_cFSKOHjHZnaH2Si
Ethical
security
survey
—
Vrije
Universiteit
Amsterdam
†
carlosesteban.budde@unitn.it
[~]$ _ [9/9]