Pharo is an open-source live-programming environment and programming language started in 2008. The official web site is http://www.pharo-project.org. By providing a stable and small core system, excellent dev tools, and maintained releases, Pharo is an attractive platform to build and deploy mission-critical applications.
Developing high-performance network servers in LispVladimir Sedach
Overview of current high-performance Common Lisp web servers and implementation techniques, and description of a new hybrid approach to asynchronous I/O based on separate racing accept() and epoll() thread pools.
Architecture-Driven Programming for Sense/Compute/Control ApplicationsDamien Cassou
Software architectures have long been used to design the structure of a software and to impose constraints on the software implementation. Existing approaches are capable of formally verifying properties on these constraints at the design stage. However, few approaches verify that a given implementation conforms to the software architecture constraints, and even fewer use these constraints to guide developers during implementation.
In this presentation, we propose a generative approach to enforce the software architecture constraints during implementation. Toward this goal, we focus on a specific application area, Sense/Compute/Control applications, which are applications that interact with a physical or virtual environment. Our work is based on a domain-specific architectural pattern dedicated to SCC applications. The data-flow of this pattern is restricted by interaction constraints. For specifying such constraints, we propose a dedicated language of behavioral contracts, adapted to our architectural pattern. These behavioral contracts are used for automatically generating a dedicated programming framework. This framework enforces the conformance of the resulting implementation with the software architecture constraints and provides guidance to developers.
Pharo is an open-source live-programming environment and programming language started in 2008. The official web site is http://www.pharo-project.org. By providing a stable and small core system, excellent dev tools, and maintained releases, Pharo is an attractive platform to build and deploy mission-critical applications.
Developing high-performance network servers in LispVladimir Sedach
Overview of current high-performance Common Lisp web servers and implementation techniques, and description of a new hybrid approach to asynchronous I/O based on separate racing accept() and epoll() thread pools.
Architecture-Driven Programming for Sense/Compute/Control ApplicationsDamien Cassou
Software architectures have long been used to design the structure of a software and to impose constraints on the software implementation. Existing approaches are capable of formally verifying properties on these constraints at the design stage. However, few approaches verify that a given implementation conforms to the software architecture constraints, and even fewer use these constraints to guide developers during implementation.
In this presentation, we propose a generative approach to enforce the software architecture constraints during implementation. Toward this goal, we focus on a specific application area, Sense/Compute/Control applications, which are applications that interact with a physical or virtual environment. Our work is based on a domain-specific architectural pattern dedicated to SCC applications. The data-flow of this pattern is restricted by interaction constraints. For specifying such constraints, we propose a dedicated language of behavioral contracts, adapted to our architectural pattern. These behavioral contracts are used for automatically generating a dedicated programming framework. This framework enforces the conformance of the resulting implementation with the software architecture constraints and provides guidance to developers.
AMIRA: Automated Malware Incident Response and Analysis (Black Hat USA Arsena...Jakub "Kuba" Sendor
Even for a larger incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts have spent a lot of time chasing digital forensics from potentially infected Mac OS X systems, leveraging open source tools, like OSXCollector. Early on, we have automated some part of the analysis process, augmenting the initial set of digital forensics collected from the machines with the information gathered from the threat intelligence APIs. They helped us with additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.
Enter automation: turning all of your repetitive tasks in a scripted way that will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We went ahead and turned OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to follow the investigation. Thanks to that, the incident response team members can focus on what they excel at: finding unusual patterns and the novel ways that malware was trying to sneak into the corporate infrastructure.
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Robotlegs is a popular framework to build Flex applications. This presentation will walk you through some handy extensions which can be used with Robotlegs.
Nous entendons aujourd’hui parler de Deep Learning un peu partout : reconnaissance d’images, de sons, génération de textes, etc. Suite aux récentes annonces sur Android Neural Network API et TensorFlowLite et à la release du framework CoreML d’Apple, tout nous pousse vers le “on-device intelligence”.
Bien que les techniques et frameworks soient en train de se démocratiser, il reste difficile d’en voir les applications concrètes en entreprise, et encore moins sur des applications mobiles. Nous avons donc décidé de construire un Proof Of Concept pour relever les défis du domaine.
A travers une application mobile à but éducatif, utilisant du Deep Learning pour de la reconnaissance d’objets, nous aborderons les impacts de ce type de modèles sur les smartphones, l’architecture pour l’entraînement et le déploiement de modèles sur un service Cloud, ainsi que la construction de l’application mobile avec les dernières nouveautés annoncées.
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Describe how Android input system designed.
Describe the ways to make input event(such as touch, key press, ...) on Android in programmatic way, not manual way.
This can be helpful for some people thinking about Android remote control or test automation.
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)Alexandre Borges
Malware threats have been impacting the way that companies make and protect their business. In general, most of companies have bought several different products to compose their infrastructure and defense line, but they are only efficient against known and simple threats. Curiously, most infections start through simple vector such as a malicious document or a simple fishing. However, the problem is another one: what kind of malware a simple dropper can download in the system? Most ring 3 threats are visible, but some of them are not. Additionally, ring 0 threats are usually very dangerous because they work under the radar, compromising deeply the system and bypassing my protection. Worse, they can make the monitoring tools useless and open the way to advanced threats like BIOS/UEFI malware. What kind of techniques are used by these threats? What protections do we have? This presentation aims to show and explain some techniques used by malware advanced threats and protections against them.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
AMIRA: Automated Malware Incident Response and Analysis (Black Hat USA Arsena...Jakub "Kuba" Sendor
Even for a larger incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts have spent a lot of time chasing digital forensics from potentially infected Mac OS X systems, leveraging open source tools, like OSXCollector. Early on, we have automated some part of the analysis process, augmenting the initial set of digital forensics collected from the machines with the information gathered from the threat intelligence APIs. They helped us with additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.
Enter automation: turning all of your repetitive tasks in a scripted way that will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We went ahead and turned OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to follow the investigation. Thanks to that, the incident response team members can focus on what they excel at: finding unusual patterns and the novel ways that malware was trying to sneak into the corporate infrastructure.
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Robotlegs is a popular framework to build Flex applications. This presentation will walk you through some handy extensions which can be used with Robotlegs.
Nous entendons aujourd’hui parler de Deep Learning un peu partout : reconnaissance d’images, de sons, génération de textes, etc. Suite aux récentes annonces sur Android Neural Network API et TensorFlowLite et à la release du framework CoreML d’Apple, tout nous pousse vers le “on-device intelligence”.
Bien que les techniques et frameworks soient en train de se démocratiser, il reste difficile d’en voir les applications concrètes en entreprise, et encore moins sur des applications mobiles. Nous avons donc décidé de construire un Proof Of Concept pour relever les défis du domaine.
A travers une application mobile à but éducatif, utilisant du Deep Learning pour de la reconnaissance d’objets, nous aborderons les impacts de ce type de modèles sur les smartphones, l’architecture pour l’entraînement et le déploiement de modèles sur un service Cloud, ainsi que la construction de l’application mobile avec les dernières nouveautés annoncées.
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Describe how Android input system designed.
Describe the ways to make input event(such as touch, key press, ...) on Android in programmatic way, not manual way.
This can be helpful for some people thinking about Android remote control or test automation.
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)Alexandre Borges
Malware threats have been impacting the way that companies make and protect their business. In general, most of companies have bought several different products to compose their infrastructure and defense line, but they are only efficient against known and simple threats. Curiously, most infections start through simple vector such as a malicious document or a simple fishing. However, the problem is another one: what kind of malware a simple dropper can download in the system? Most ring 3 threats are visible, but some of them are not. Additionally, ring 0 threats are usually very dangerous because they work under the radar, compromising deeply the system and bypassing my protection. Worse, they can make the monitoring tools useless and open the way to advanced threats like BIOS/UEFI malware. What kind of techniques are used by these threats? What protections do we have? This presentation aims to show and explain some techniques used by malware advanced threats and protections against them.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
National Security Agency - NSA mobile device best practices
Leveraging Software Architectures to Guide and Verify the Development of Sense/Compute/Control Applications
1. Leveraging Software Architecturesto Guide and Verify the Development of Sense/Compute/Control Applications Damien Cassou1,2, Emilie Balland1, Charles Consel1, Julia Lawall3 1Phoenix, INRIA, France 2Software Architecture Group, HPI, Germany 3APL, DIKU, Denmark
2. Contributions A design language to specify a software system A compiler to process such specification for the verification of safety properties the guidance of the implementation the conformance 2 Context: Sense/Compute/Control software systems
11. The SCC Architectural Style sources sensors actuators actions orders control operators Environment refined information context operators raw data 7 [Chen et al., Context aggregation and dissemination in ubiquitous computing, WMCSA’02] [Edwards et al., Architecture-driven self-adaptation and self-management in robotics, SEAMS’09]
12. The SCC Architectural Style 8 sources actuators sensors actions Control orders control operators Sense Environment Compute refined information context operators raw data
18. Compiling a Design Design Language abstract generated Design Compiler Software system defeats guidance and verification concrete Design 13
19. Compiling a Design Design Language abstract generated Design Compiler Software system mixes design and implementation generated concrete Software System Design Compiler 14
20. Compiling a Design Design Language abstract generated Software system Design Compiler generated Compiler Software System Design generated concrete Software System Design Compiler 15
66. Summary A design language dedicated to specifying SCC software systems A compiler to process such specification for the guidance of the implementation the conformance 57
67. Status Report Implementation using standard language tools Java, ANTLR, StringTemplate Safety property verification generation of Promela specifications e.g., interaction invariants Several application domains avionics: simulated auto-pilot and AR drone building automation: light, fire, security, newscast, etc. misc.: web-server monitoring, home messenger, etc. Ongoing empirical evaluation with both students and professional software engineers http://diasuite.inria.fr Damien Cassou, Emilie Balland, Charles Consel, Julia Lawall
73. A Research Vehicle This work is part of a larger research project with 7 PhDs leveraging the frameworks QoS (FASE’11) security (ICPS’09, DAIS’11) error-handling (OOPSLA’10) virtual testing (Mobiquitous’10 and ‘09) SIP (ICC’10, ICIN’09, IPTComm’08) end-user programming (DSLWC’09) 64
74. Limitations Applies only to new projects Applies only to Sense/Compute/Control Requires architects to learn a new language Imposes small run-time overhead 65
Editor's Notes
Software architectures have long been used as a way to make software design explicit. However, these architectures are barely leveraged to guide subsequent phases of a software development cycle. In this work, we propose to leverage software architectures for the implementation and verification phases
SCC applications are applications that interact with an external environment
In this pattern, sensors…Interactions between these components are restricted.Explain that it separates the logic and the environment handling
In this style, sensors…Interactions between these components are restricted
In this style, sensors…Interactions between these components are restricted
In this style, sensors…Interactions between these components are restricted
The pattern guides the architect in describing his application. We want to go further and use this description to guide…