The slides were part of a much more detailed talk and walkthrough, which was given at the Stripe Capture the Flag Meetup on March 1st.
https://stripe.com/blog/stripe-ctf-meetup
CTF (Capture the Flag) competitions involve two main types: Jeopardy-style and Attack-Defense. Jeopardy involves challenges in areas like pwnning, reverse engineering, web hacking, and cryptography, while Attack-Defense pits teams against each other on a network. To succeed in CTFs requires skills like exploiting, cryptography, and scripting as well as teamwork and problem-solving abilities. Recommended resources for learning include online CTF platforms, past competition archives, write-ups from other teams, and wargaming sites.
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
Target Group: SysAdmins, Developer, DevOps
Focus: technical
Talk language: English
Abstract
**********
What are Containers and what makes them secure to use? Which different types of Containers are out there and how can I best use them securely? What container types are there beyond Docker?
About the Speaker:
*********************
Mathias Tausig is Security Consultant at SBA Research. Mathias received a master’s degree (DI / MSc) in Technical Mathematics from the University of Technology Vienna (TU Wien). His professional experience includes a tenure as a Security Officer for a Certification Authority and lecturing IT-Security at the University of Applied Sciences Campus Vienna.
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
Gluster Cloud Night in Tokyo 2013 -- Tips for getting startedKeisuke Takahashi
The document discusses using deployment automation tools like Capistrano to simplify the installation of GlusterFS across multiple nodes. It recommends copying the commands output by a deployment tool rather than requiring operations teams to learn how to use the tools. It then provides details on Capistrano and a Capistrano plugin called capistrano-glusterfs that facilitates automated deployment of GlusterFS. Tasks are defined for common operations like preparing nodes, installing dependencies, building GlusterFS, and configuring the cluster.
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
The document discusses threats to DNS security and solutions to mitigate those threats. It describes how distributed denial of service (DDoS) attacks target name servers and use name servers to amplify attacks. It then discusses solutions such as monitoring DNS traffic levels and top queriers, using anycast to distribute queries to the closest name server, and response rate limiting to reduce amplification effects. It also covers threats like cache poisoning and malware propagation and solutions like DNSSEC and response policy zones.
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...APNIC
APNIC Senior Internet Security Specialist Adli Wahid shares his insights on observations from the APNIC Community Honeynet Project at InfoSec Taiwan 2023, held in Taipei from 1 to 4 August 2023.
CTF (Capture the Flag) competitions involve two main types: Jeopardy-style and Attack-Defense. Jeopardy involves challenges in areas like pwnning, reverse engineering, web hacking, and cryptography, while Attack-Defense pits teams against each other on a network. To succeed in CTFs requires skills like exploiting, cryptography, and scripting as well as teamwork and problem-solving abilities. Recommended resources for learning include online CTF platforms, past competition archives, write-ups from other teams, and wargaming sites.
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
Target Group: SysAdmins, Developer, DevOps
Focus: technical
Talk language: English
Abstract
**********
What are Containers and what makes them secure to use? Which different types of Containers are out there and how can I best use them securely? What container types are there beyond Docker?
About the Speaker:
*********************
Mathias Tausig is Security Consultant at SBA Research. Mathias received a master’s degree (DI / MSc) in Technical Mathematics from the University of Technology Vienna (TU Wien). His professional experience includes a tenure as a Security Officer for a Certification Authority and lecturing IT-Security at the University of Applied Sciences Campus Vienna.
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
Gluster Cloud Night in Tokyo 2013 -- Tips for getting startedKeisuke Takahashi
The document discusses using deployment automation tools like Capistrano to simplify the installation of GlusterFS across multiple nodes. It recommends copying the commands output by a deployment tool rather than requiring operations teams to learn how to use the tools. It then provides details on Capistrano and a Capistrano plugin called capistrano-glusterfs that facilitates automated deployment of GlusterFS. Tasks are defined for common operations like preparing nodes, installing dependencies, building GlusterFS, and configuring the cluster.
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
The document discusses threats to DNS security and solutions to mitigate those threats. It describes how distributed denial of service (DDoS) attacks target name servers and use name servers to amplify attacks. It then discusses solutions such as monitoring DNS traffic levels and top queriers, using anycast to distribute queries to the closest name server, and response rate limiting to reduce amplification effects. It also covers threats like cache poisoning and malware propagation and solutions like DNSSEC and response policy zones.
InfoSec Taiwan 2023: APNIC Community Honeynet Project — Observations and Insi...APNIC
APNIC Senior Internet Security Specialist Adli Wahid shares his insights on observations from the APNIC Community Honeynet Project at InfoSec Taiwan 2023, held in Taipei from 1 to 4 August 2023.
The document discusses synchronization in Linux device drivers. It provides examples of race conditions that can occur when multiple threads access shared memory like a global variable without synchronization. Specifically, it shows how the value of a global variable i may be different depending on whether thread A fully executes before thread B or if there is a context switch in the middle of A's execution. Proper synchronization techniques like mutex locks are needed to prevent race conditions when accessing shared resources from multiple threads.
We issued 20 young coders with smartphones pre-loaded with an app that gathered data on the network activity of the other apps they used. Their data was captured using the Python-based data portal CKAN, analysed with SciKit-Learn, then returned to them using Docker and the Ipython Notebook. Python also played a role in the reverse-engineering of some of the more interesting apps we discovered.
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
Matt "Grizz" Griswold and Chris Grundemann are both IX founders, internetworking experts, and automation proponents. With over 4 decades of combined experience they are now turning to sharing what they've learned about automating BGP and interconnection through a set of open source tools, along with support and services for those that need it.
This talk will share what they have learned both from personal experience as well as through dozens of recent interviews with IX operators and interconnection engineers over the past several months. Including common challenges, productive methodologies, and best practices.
The highlight of the talk will be announcing and describing two open source automation tools built to make interconnection and BGP easier for everyone. One is ixCtl, which is built to automate the most common and problematic tasks involved in running an internet exchange point, particularly configuring and managing secure route servers. The other is PeerCtl, which is built to automate the most common and problematic tasks involved in interconnecting an AS; from bilateral and multilateral peering to PNI and also transit connections.
Code for both (along with several other tools) is available on GitHub: https://github.com/fullctl.
Speaker: Chris Grundemann
Speaker: Matt Griswold
HypriotOS is a minimal Debian-based operating system optimized for running Docker containers on ARM boards like Raspberry Pi. It includes an up-to-date Docker version, tools like Compose and Swarm, and is designed to be easy to use. The document demonstrates pulling Docker images, running containers, and accessing GPIO pins on the Raspberry Pi using the hypriot/rpi-gpio image.
DAIS19: Developing Secure Services for IoT with OP-TEE: A First Look at Perfo...LEGATO project
In this presentation, we describe the usability and performance of secure services in OP-TEE exploiting ARM TrustZone. Like many other trusted execution environments (TEE), OP-TEE complies with GlobalPlatform specifications and provides a common interface to TEE APIs. This allows for transparent development of secure services. We conducted performance evaluations of shared memory and secure storage in OP-TEE. On Raspberry Pi and QEMU platforms we deployed a secure key-value store and the OP-TEE Sanity Testsuite. The results of our evaluation indicate a significant world switching overhead.
These are the slides that I presented at MOSSCon 2013 (slightly edited, because the original slides contained some animations that I morphed to look ok on Slideshare).
The general talk is about two things:
1. General philosophy of open source at Cisco.
2. My specific open source work at Cisco.
Enjoy!
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
My session in the Mobile World Congress WIPJam, Barcelona 2014.
In the cloud era, most software projects have shifted from asking "What hardware architecture should be chosen for my backend?" to "Which cloud configuration should be used for my backend?" Bringing up a cloud server has become an obvious choice for any Linux- or Windows-based deployment. As Android emerges as the new Embedded Linux for a growing number of industries, it only makes sense to consider its cloud application as a server. This session will discuss why and how Android can be brought on the cloud system, and on any cloud infrastructure, using AWS (Amazon Web Services) as an example.
The document provides an overview of high performance computing (HPC) systems and how to interact with them. It describes what HPC systems are, including their architecture using many nodes connected by high-speed networks. It also reviews the Stampede2 supercomputer specifications and demonstrates how to log in, move around the file systems, submit jobs using sbatch, and write simple serial and parallel programs using MPI.
This document discusses subnetting IP networks. It covers subnetting IPv4 networks using prefixes such as /24, /16, and /8. It explains how to calculate the number of subnets and hosts for different prefix lengths. Variable length subnet masking (VLSM) is also introduced to allow flexible subnet sizes. The document concludes by discussing IPv6 addressing and how to implement IPv6 in a business network using a /48 global routing prefix.
Nubank is the leading fintech in Latin America. Using bleeding-edge technology, design, and data, the company aims to fight complexity and empower people to take control of their finances. We are disrupting an outdated and bureaucratic system by building a simple, safe and 100% digital environment.
In order to succeed, we need to constantly make better decisions in the speed of insight, and that’s what We aim when building Nubank’s Data Platform. In this talk we want to explore and share the guiding principles and how we created an automated, scalable, declarative and self-service platform that has more than 200 contributors, mostly non-technical, to build 8 thousand distinct datasets, ingesting data from 800 databases, leveraging Apache Spark expressiveness and scalability.
The topics we want to explore are:
– Making data-ingestion a no-brainer when creating new services
– Reducing the cycle time to deploy new Datasets and Machine Learning models to production
– Closing the loop and leverage knowledge processed in the analytical environment to take decisions in production
– Providing the perfect level of abstraction to users
You will get from this talk:
– Our love for ‘The Log’ and how we use it to decouple databases from its schema and distribute the work to keep schemas up to date to the entire team.
– How we made data ingestion so simple using Kafka Streams that teams stopped using databases for analytical data.
– The huge benefits of relying on the DataFrame API to create datasets which made possible having tests end-to-end verifying that the 8000 datasets work without even running a Spark Job and much more.
– The importance of creating the right amount of abstractions and restrictions to have the power to optimize.
In this presentation, we’ll show security mechanisms and protections related to OpenShift Container Platform and our experiences deploying and using OpenShift, including:
Security mechanisms, such as user and network access control and policies in Openshift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets, and the concealment of application data.
How to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.
Security practices in Docker containers.
Use OpenSCAP auditing tool and profiles to audit virtual machine (VM) hosts and container images in our release pipeline.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
The document discusses options for replicating code repositories between a central site and remote sites to enable efficient code sharing and disaster recovery. It recommends Option 3 of having cloned repositories at remote sites that pull from and push to the central origin repository. This allows faster local pulling and pushing of code while reducing errors from having a single Gerrit location to push to. The implementation would involve updating scripts to pull and push from the correct origins based on user location and setting up triggers to notify remote clones to pull updates. Cloned disaster recovery repositories would be set up and regularly updated from the central repository.
The document provides an overview of introductory GPGPU programming with CUDA. It discusses why GPUs are useful for parallel computing applications due to their high FLOPS and memory bandwidth capabilities. It then outlines the CUDA programming model, including launching kernels on the GPU with grids and blocks of threads, and memory management between CPU and GPU. As an example, it walks through a simple matrix multiplication problem implemented on the CPU and GPU to illustrate CUDA programming concepts.
Keep it out - How to keep Drupal SecureAlex Burrows
The document discusses how to keep a Drupal site secure. It recommends regularly applying security updates to Drupal core and contrib modules when they are released. It also recommends securing user accounts by using two-factor authentication and password policies. Additional tips include using HTTPS, restricting server access, sanitizing code and user input, backing up the site regularly, and subscribing to security newsletters to stay informed of vulnerabilities.
The document discusses options for replicating code repositories to improve efficiency and enable disaster recovery. It recommends Option 3 of cloning repositories at remote sites. This allows teams to more quickly pull down code locally and push to a single Gerrit location, reducing errors. It suggests automating pulls and pushes between the main repository and remote clones. Clones in different locations would enable restoring code if one site has an outage.
Molecular Shape Searching on GPUs: A Brave New WorldCan Ozdoruk
Shape is a fundamental three dimensional molecular property and a powerful descriptor for molecular comparison and similarity assessment; similarity in shape has proven to be a very effective method for predicting similarity in biology. As such shape-based virtual screening has become an integral part of computational drug discovery, due to both its speed and efficacy. OpenEye’s recent port of their shape similarity application, ROCS, to the GPU has resulted in a virtual screening tool of unprecedented power – FastROCS. FastROCS’ speed allows it to perform large-scale calculations of a kind inaccessible in the past and has accelerated more routine shape searching to the point that it has become competitive with more traditional, but less effective, two dimensional methods. Go through the slides to learn more. Try GPUs for free here: www.Nvidia.com/GPUTestDrive
The document discusses synchronization in Linux device drivers. It provides examples of race conditions that can occur when multiple threads access shared memory like a global variable without synchronization. Specifically, it shows how the value of a global variable i may be different depending on whether thread A fully executes before thread B or if there is a context switch in the middle of A's execution. Proper synchronization techniques like mutex locks are needed to prevent race conditions when accessing shared resources from multiple threads.
We issued 20 young coders with smartphones pre-loaded with an app that gathered data on the network activity of the other apps they used. Their data was captured using the Python-based data portal CKAN, analysed with SciKit-Learn, then returned to them using Docker and the Ipython Notebook. Python also played a role in the reverse-engineering of some of the more interesting apps we discovered.
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
Matt "Grizz" Griswold and Chris Grundemann are both IX founders, internetworking experts, and automation proponents. With over 4 decades of combined experience they are now turning to sharing what they've learned about automating BGP and interconnection through a set of open source tools, along with support and services for those that need it.
This talk will share what they have learned both from personal experience as well as through dozens of recent interviews with IX operators and interconnection engineers over the past several months. Including common challenges, productive methodologies, and best practices.
The highlight of the talk will be announcing and describing two open source automation tools built to make interconnection and BGP easier for everyone. One is ixCtl, which is built to automate the most common and problematic tasks involved in running an internet exchange point, particularly configuring and managing secure route servers. The other is PeerCtl, which is built to automate the most common and problematic tasks involved in interconnecting an AS; from bilateral and multilateral peering to PNI and also transit connections.
Code for both (along with several other tools) is available on GitHub: https://github.com/fullctl.
Speaker: Chris Grundemann
Speaker: Matt Griswold
HypriotOS is a minimal Debian-based operating system optimized for running Docker containers on ARM boards like Raspberry Pi. It includes an up-to-date Docker version, tools like Compose and Swarm, and is designed to be easy to use. The document demonstrates pulling Docker images, running containers, and accessing GPIO pins on the Raspberry Pi using the hypriot/rpi-gpio image.
DAIS19: Developing Secure Services for IoT with OP-TEE: A First Look at Perfo...LEGATO project
In this presentation, we describe the usability and performance of secure services in OP-TEE exploiting ARM TrustZone. Like many other trusted execution environments (TEE), OP-TEE complies with GlobalPlatform specifications and provides a common interface to TEE APIs. This allows for transparent development of secure services. We conducted performance evaluations of shared memory and secure storage in OP-TEE. On Raspberry Pi and QEMU platforms we deployed a secure key-value store and the OP-TEE Sanity Testsuite. The results of our evaluation indicate a significant world switching overhead.
These are the slides that I presented at MOSSCon 2013 (slightly edited, because the original slides contained some animations that I morphed to look ok on Slideshare).
The general talk is about two things:
1. General philosophy of open source at Cisco.
2. My specific open source work at Cisco.
Enjoy!
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
My session in the Mobile World Congress WIPJam, Barcelona 2014.
In the cloud era, most software projects have shifted from asking "What hardware architecture should be chosen for my backend?" to "Which cloud configuration should be used for my backend?" Bringing up a cloud server has become an obvious choice for any Linux- or Windows-based deployment. As Android emerges as the new Embedded Linux for a growing number of industries, it only makes sense to consider its cloud application as a server. This session will discuss why and how Android can be brought on the cloud system, and on any cloud infrastructure, using AWS (Amazon Web Services) as an example.
The document provides an overview of high performance computing (HPC) systems and how to interact with them. It describes what HPC systems are, including their architecture using many nodes connected by high-speed networks. It also reviews the Stampede2 supercomputer specifications and demonstrates how to log in, move around the file systems, submit jobs using sbatch, and write simple serial and parallel programs using MPI.
This document discusses subnetting IP networks. It covers subnetting IPv4 networks using prefixes such as /24, /16, and /8. It explains how to calculate the number of subnets and hosts for different prefix lengths. Variable length subnet masking (VLSM) is also introduced to allow flexible subnet sizes. The document concludes by discussing IPv6 addressing and how to implement IPv6 in a business network using a /48 global routing prefix.
Nubank is the leading fintech in Latin America. Using bleeding-edge technology, design, and data, the company aims to fight complexity and empower people to take control of their finances. We are disrupting an outdated and bureaucratic system by building a simple, safe and 100% digital environment.
In order to succeed, we need to constantly make better decisions in the speed of insight, and that’s what We aim when building Nubank’s Data Platform. In this talk we want to explore and share the guiding principles and how we created an automated, scalable, declarative and self-service platform that has more than 200 contributors, mostly non-technical, to build 8 thousand distinct datasets, ingesting data from 800 databases, leveraging Apache Spark expressiveness and scalability.
The topics we want to explore are:
– Making data-ingestion a no-brainer when creating new services
– Reducing the cycle time to deploy new Datasets and Machine Learning models to production
– Closing the loop and leverage knowledge processed in the analytical environment to take decisions in production
– Providing the perfect level of abstraction to users
You will get from this talk:
– Our love for ‘The Log’ and how we use it to decouple databases from its schema and distribute the work to keep schemas up to date to the entire team.
– How we made data ingestion so simple using Kafka Streams that teams stopped using databases for analytical data.
– The huge benefits of relying on the DataFrame API to create datasets which made possible having tests end-to-end verifying that the 8000 datasets work without even running a Spark Job and much more.
– The importance of creating the right amount of abstractions and restrictions to have the power to optimize.
In this presentation, we’ll show security mechanisms and protections related to OpenShift Container Platform and our experiences deploying and using OpenShift, including:
Security mechanisms, such as user and network access control and policies in Openshift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets, and the concealment of application data.
How to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.
Security practices in Docker containers.
Use OpenSCAP auditing tool and profiles to audit virtual machine (VM) hosts and container images in our release pipeline.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
The document discusses options for replicating code repositories between a central site and remote sites to enable efficient code sharing and disaster recovery. It recommends Option 3 of having cloned repositories at remote sites that pull from and push to the central origin repository. This allows faster local pulling and pushing of code while reducing errors from having a single Gerrit location to push to. The implementation would involve updating scripts to pull and push from the correct origins based on user location and setting up triggers to notify remote clones to pull updates. Cloned disaster recovery repositories would be set up and regularly updated from the central repository.
The document provides an overview of introductory GPGPU programming with CUDA. It discusses why GPUs are useful for parallel computing applications due to their high FLOPS and memory bandwidth capabilities. It then outlines the CUDA programming model, including launching kernels on the GPU with grids and blocks of threads, and memory management between CPU and GPU. As an example, it walks through a simple matrix multiplication problem implemented on the CPU and GPU to illustrate CUDA programming concepts.
Keep it out - How to keep Drupal SecureAlex Burrows
The document discusses how to keep a Drupal site secure. It recommends regularly applying security updates to Drupal core and contrib modules when they are released. It also recommends securing user accounts by using two-factor authentication and password policies. Additional tips include using HTTPS, restricting server access, sanitizing code and user input, backing up the site regularly, and subscribing to security newsletters to stay informed of vulnerabilities.
The document discusses options for replicating code repositories to improve efficiency and enable disaster recovery. It recommends Option 3 of cloning repositories at remote sites. This allows teams to more quickly pull down code locally and push to a single Gerrit location, reducing errors. It suggests automating pulls and pushes between the main repository and remote clones. Clones in different locations would enable restoring code if one site has an outage.
Molecular Shape Searching on GPUs: A Brave New WorldCan Ozdoruk
Shape is a fundamental three dimensional molecular property and a powerful descriptor for molecular comparison and similarity assessment; similarity in shape has proven to be a very effective method for predicting similarity in biology. As such shape-based virtual screening has become an integral part of computational drug discovery, due to both its speed and efficacy. OpenEye’s recent port of their shape similarity application, ROCS, to the GPU has resulted in a virtual screening tool of unprecedented power – FastROCS. FastROCS’ speed allows it to perform large-scale calculations of a kind inaccessible in the past and has accelerated more routine shape searching to the point that it has become competitive with more traditional, but less effective, two dimensional methods. Go through the slides to learn more. Try GPUs for free here: www.Nvidia.com/GPUTestDrive
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
16. Implementation: chroot jail
User for each level
Debootstrap full install inside chroot
Separate filesystem for writable data
No /proc, no setuid binaries in /bin
Limited nodes in /dev
22. Isolation: fork bombs
Causes
- script kiddies
- people trying to brute force level06
- process exhaustion from lots of users
23. Isolation: fork bombs
Mitigation
- cgroups
- ulimits
- killall -STOP …; killall -KILL …
- by tty - by pgid or sid
- by user + process name
- send CONT to innocent bystanders
24. Isolation: others
- disk exhaustion
- memory exhaustion
- greedy I/O
- level05 server
Didn't want setuid for python
Arbitrary code execution
Cron job to kill & restart
25. Next time
make user accounts!
let built-in user isolation do the work
control level access with groups, setgid
27. Cloud supported
Completely isolated from the rest of our servers
Outbound traffic open during spin-up, but firewalled off
in production
Spin up capacity to handle unexpected load