These are the slides for the talk "Managing and Visualizing JavaScript Complexity" given at QCon SF 2013 by Jarrod Overson
Презентація присвячена 25-й річниці Революції на граніті, що відбулася 2-17 жовтня 1990 року.
Навіщо ж читати фентезі якщо у світі є багато цікавих книжок різнопланових жанрів? Але фентезі той жанр, до якого ніхто не ставиться байдуже. Даний список містить передмову та інформацію про книги, які знаходяться у фонді бібліотеки № 117.
Урок з теми: "Церковне життя в другій половині XVI ст. Берестейська церковна унія"
Balochistan has a history spanning thousands of years. It was previously an independent state but joined Pakistan in 1947. Balochistan is Pakistan's largest province by area, with its capital in Quetta. It is rich in minerals and has the important Gwadar seaport. The culture includes traditional Balochi and Brahui clothing. Local music features the violin and drums, and their cuisine includes sajji, a roasted mutton dish eaten with chapati. Eid and the Sibi Mela festival are celebrated events in the region. Balochistan has valuable natural resources like minerals, natural gas, and coal.
The document discusses React, Redux, and ES6/7 features. It begins with an overview of React lifecycles and class components. It then provides a brief introduction to Redux, including core concepts like actions, reducers, and unidirectional data flow. The document also includes an example to demonstrate how React and Redux can work together, with Redux managing application state in the store and React components interacting via container components.
GDG Seoul 발표. React, Redux, React Native
The document discusses various ways to measure code quality, including objective and subjective metrics. It describes metrics like cyclomatic complexity, Halstead metrics, and NPATH complexity which measure different aspects of code such as complexity, readability, maintainability, and testability. The document also discusses tools that can analyze code quality and produce reports on lines of code, arguments per function, and other metrics. Overall, the document provides an overview of different techniques for measuring code quality both quantitatively and qualitatively.
This document provides an overview and introduction to software metrics. It discusses measurement concepts and why measurement is important for software engineering. It covers topics like the basics of measurement, collecting metrics data, analyzing data, and measuring internal and external attributes of software. Specific metrics discussed include size, structure, complexity, reliability, and test coverage. The document is intended to introduce readers to fundamental software metrics concepts.
New design trends 2018: https://www.slideshare.net/romankotyk/presentation-design-trends-in-2018 5 Presentation design trends in 2017 that make a difference. 1. Oversized Photography 2. Bright Gradients 3. Minimalist Design 4. Dramatic Typography 5. Double Exposures
Javascript is actually called ECMAScript. The document provides an overview of JavaScript including how it interacts with the DOM in the browser, using JavaScript in web pages, syntax, control structures like loops and conditionals, objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, libraries like jQuery, and resources for learning more. The global scope in JavaScript is discussed and the importance of using var is emphasized to avoid polluting the global namespace.
Vulnerabilities are the same things as common errors. Why do we distinguish them? Do this, if you want to earn more money. CWE - Common Weakness Enumeration. CVE - Common Vulnerabilities and Exposures. Now using Valgrind you're searching not for a memory leak, but for a denial of service.
This presentation explores lessons learned from building a highly complex single page application that's used by 100's of automotive dealerships to finance and sell cars. We’ll walk through how to manage a pure client-side application with 1000’s of lines of custom JavaScript and review how Web API, Knockout, Durandal, RequireJS, KendoUI, and surprisingly little jQuery can join forces to make the browser sing. You’ll gain a clear understanding of when a single page app approach makes sense and learn how to pragmatically divide responsibilities between the client and server. This session will give you an appreciation for how far you can push ultra-responsive client-side rendering in the real-world.
This document discusses the benefits of polyglot and poly-paradigm programming approaches for building more agile applications. It describes how using multiple languages and programming paradigms can optimize both performance and developer productivity. Specifically, it suggests that statically-typed compiled languages be used for core application components while dynamically-typed scripting languages connect and customize these components. This approach allows optimizing areas that require speed/efficiency separately from those requiring flexibility. The document also advocates aspects and functional programming to address cross-cutting concerns and concurrency challenges that arise in modern applications.
This document provides instructions for creating shellcode using only alphanumeric characters. It begins by outlining the plan, which is to use IMUL and XOR instructions to reconstruct bytes not in the alphanumeric range. It then provides a blueprint, explaining how IMUL and XOR can be used to generate needed values. The first code example walks through transforming an existing 24-byte shellcode into an alphanumeric version by pushing and popping values and using XOR to zero registers.
Apps with millions lines of code maintained by hundreds of SWEs. Can vanilla JS + HTML5 do the job? If not, what can? TypeScript? Dart?
This document discusses various challenges with browser compatibility and standards compliance when working with technologies like JavaScript, CSS, and HTML. It explores issues with window sizing, mouse and keyboard events, scrolling, and more across different browsers. It emphasizes that browsers continue to evolve and change, so developers need strategies like fallback capabilities and compatibility layers to account for inconsistencies.
JavaScript used to be confined to the browser. But these days, it becoming increasingly popular in server-side applications in the form of NodeJS. NodeJS provides event-driven, non-blocking I/O model that supposedly makes it easy to build scalable network application. In this talk you will learn about the consequences of combining the event-driven programming model with a prototype-based, weakly typed, dynamic language. We will share our perspective as a server-side Java developer who wasn’t entirely happy about JavaScript in the browser, let alone on the server. You will learn how to use NodeJS effectively in modern, polyglot applications.
This document discusses managing complexity in JavaScript projects. It addresses coming to terms with the challenges of dynamic languages being messy, having an immature tooling ecosystem, and rapid evolution. It emphasizes respecting code style conventions, enforcing linting rules, documenting code, and using metrics like cyclomatic complexity to reduce testing difficulty. The overall message is that perseverance is needed to tame JavaScript's complexity through automation, visualization, honesty and acceptance of its challenges and opportunities.
This document summarizes the key lessons learned from converting a legacy robotics project from Objective-C to Swift. It discusses issues with the original Objective-C code like silent nil failures, weak type safety with NSCoding, and problems with error handling. The document then covers how Swift addresses these issues through features like optional values, type safety, value types, and improved error handling with enums, throws, and do-catch. Overall, converting to Swift reduced the code base size by 75%, removed classes of bugs, found subtle bugs earlier, and allowed new features by making the code more robust.
This document provides an overview of JavaScript concepts and best practices. It discusses objects as hashes, functions as first-class objects, loose typing, closures, prototypes, JSON, cross-domain AJAX, testing with Jasmine, CoffeeScript, libraries like jQuery, global scope issues, regular expressions, XSS, hoisting, and other JavaScript quirks. It also provides resources for further learning JavaScript.
JavaScript, like it or not, has become the most important language on the web. Nearly every developer who builds Internet apps has to use it. But JavaScript can be tough to write and even tougher to read. So here are ten tips to help you get groovy with JavaScript.
This document discusses testing infrastructure as code (IaaC) using test-driven development (TDD) principles. It recommends applying different types of automated tests for IaaC: unit tests to check for errors, integration tests to validate functionality, and acceptance/security tests on deployed infrastructure. Various tools are mentioned for testing IaaC written in languages like Terraform, Ansible, Chef, and Puppet at the unit, integration, and security levels. Adopting a testing mindset and tools can help catch errors and non-compliance early in development pipelines.
JavaScript used to be confined to the browser. But these days, it becoming increasingly popular in server-side applications in the form of NodeJS. NodeJS provides event-driven, non-blocking I/O model that supposedly makes it easy to build scalable network application. In this talk you will learn about the consequences of combining the event-driven programming model with a prototype-based, weakly typed, dynamic language. We will share our perspective as a server-side Java developer who wasn’t entirely happy about JavaScript in the browser, let alone on the server. You will learn how to use NodeJS effectively in modern, polyglot applications.
My talk at the @media Ajax conference in London in November 2007 about the non-technical steps you can take to make JavaScript and Ajax work for larger teams.
The document discusses JavaScript, describing it as a language of contrasts with both good and bad parts. It outlines some of the criticisms of JavaScript but argues there is an elegant language hidden underneath. It examines JavaScript's influences and features, identifying good parts like lambda functions, dynamic objects, and loose typing, as well as bad parts like global variables and confusing equality operators. The document also discusses prototypal inheritance, modules, closures, and style in JavaScript. It advocates following standards like JSLint to write more reliable code and avoiding future bad designs by using a safer JavaScript subset.
The document provides guidance for developers on best practices for writing code. It emphasizes following rules like clean code, code reviews, and refactoring. Key points include writing simple and readable code, avoiding duplication, learning from others, and ensuring code meets definitions of done that specify requirements like testing and code quality. Refactoring is advised to reduce technical debt by improving structure without changing functionality. Code reviews are recommended to catch defects through constructive peer review.
Javascript is the language used the most for developing a web app or a hybrid mobile app, mainly because it can be executed directly by browsers. Java instead, can’t be run directly in a browser. On the other hand we have the language TypeScript, which is an open-source language that adds compile time type checking to Javascript, similar to Java, with the goal to prevent bugs mainly in the large code base. It is not uncommon for developers to write code using more than one programming language over time. In this talk you will find out, how I survived adding Typescript/Javascript to the programming languages I work with, after a long experience of development with Java. Let’s go!
This afternoon I gave a very short introduction to computer programming at Trade School (tradeschool.ourgoods.org). I used JavaScript to illustrate the process of learning how to program, mainly because there's nothing to install and it has many practical uses.
These are the slides from a talk that I did at CocoaConf about rewriting a legacy Objective-C project in Swift.
This All Things Open 2022 talk shows how to use current-gen WebAssembly to build complex applications out of components.
This talk was given at AppSec California, January 2020. Credential stuffing and other automated attacks are evolving passed every defense thrown in their way. CAPTCHAs don't work, Fingerprints don't work, Magical AI-whatevers don't work. The value is just too great.
Slides for talk given at PasswordsCon Sweden 2019. Credentials Stuffing is an automated attack that exploits users who reuse passwords by taking breached credentials and replaying them across sites.
This document summarizes an analysis of an exploited NPM package called event-stream. It describes how an attacker gained control of the package and added malicious code that was downloaded by thousands of projects whenever their dependencies were updated. The malicious code stole cryptocurrency from wallets containing large amounts. It highlights the risks of supply chain attacks and emphasizes the importance of auditing dependencies, locking versions, and thinking carefully before adding new dependencies to avoid compromising entire projects and their users.
Jarrod Overson presented on a supply chain attack that occurred in 2018 through the compromise of the event-stream Node.js package. An unauthorized developer gained commit access and introduced malicious code through new dependencies that was then installed by millions of users. The malware harvested cryptocurrency private keys from the Copay wallet app. While the community responded quickly, such attacks demonstrate vulnerabilities in open source software supply chains and dependency management that will continue to be exploited if not properly addressed through changes to practices and tooling.
Deepfakes originally started as cheap costing but believable video effects and have expanded into AI-generated content of every format. This session dove into the state of deepfakes and how the technology highlights an exciting but dangerous future.
Jarrod Overson discusses the evolution of credential stuffing attacks and where they may go in the future. He summarizes that credential stuffing started as basic automated login attempts but has evolved through generations as defenses were put in place, such as CAPTCHAs and behavior analysis. The next generation involves more sophisticated imitation attacks that flawlessly emulate human behavior using real device fingerprints to blend in. Beyond credential stuffing, malware may start scraping user accounts and environments directly from infected machines. As defenses raise the cost of attacks, fraudsters will diversify methods to preserve the value of valid accounts and user data.
Workshop slides originally given at the WOPR Summit in Atlantic City. Use JavaScript parsers and generators like Shift combined with Puppeteer and Chrome to reverse engineer web applications
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
QCon SF 2016 security talk about who uses data from massive breaches (like Yahoo, Target), what tools they use, and what damage they inflict.
Shape Security analyzes 1.5 billion logins per week and protects 350 million user accounts. In 2016 alone, 1.6 billion credentials were leaked and sold or traded by criminals on dark web markets. Shape uses headless browsers like PhantomJS to automatically test leaked credentials on other sites, stopping over $1 billion in fraud losses in 2016. However, captchas intended to prevent automated attacks do not work and ruin the user experience.
Talk given at Mozilla's first View Source Conference in Portland, 2015. Details out the parallels between graphics and game developments compared to traditional web development.
This document discusses the dark side of web security, including automated threats from bots and attackers. It notes that traditional security like flossing is difficult to measure effectiveness. It outlines the OWASP top 10 vulnerabilities and automated threats attackers use. While captchas are meant to stop bots, services have made bypassing captchas easier. If a site has value like money, data, or content, there is value in exploiting it. Detection of attacks is difficult as attackers use many proxies and fingerprints to avoid detection. Patching is not enough, and spikes in traffic from many IPs could indicate an attack.
This was a talk given at HTML5DevConf SF in 2015. Ever wanted to write your own Browserify or Babel? Maybe have an idea for something new? This talk will get you started understanding how to use a JavaScript AST to transform and generate new code.
This document discusses ECMAScript 2015 (ES2015), also known as ES6. It provides examples of new ES2015 features like arrow functions, template literals, classes, and modules. It also discusses how to set up a development environment to use ES2015, including transpiling code to ES5 using Babel, linting with Eslint, testing with Mocha, and generating coverage reports with Istanbul. The document emphasizes that while ES2015 is fun to explore, proper tooling like linting and testing is needed for serious development. It concludes by noting ES2015 marks a transition and thanks the audience.
The document discusses achieving maintainability in code through examining code quality with linters, generating visual reports on metrics like complexity and coverage, and automating processes like builds, linting, and testing through tools like Grunt and Gulp. It emphasizes setting limits on metrics like complexity, enforcing code style through automation, and treating documentation as important as code.
1) The document discusses achieving maintainability in code through analysis, automation, and enforcement of standards. 2) It recommends setting up linting, code coverage, and other analysis tools to examine code quality and automatically enforcing code style through build processes. 3) The key is to automate as many processes as possible like testing, linting, and documentation to make the code easy to work with and prevent issues from being introduced.
Slides for the keynote given at QCon Sao Paulo 2014. Talk goes into the problems scaling Riot and how we've tried to solve them as well as what we've learned from the web and what lies in store next.
The document discusses web components, which include HTML templates, custom elements, shadow DOM, and HTML imports. Web components allow the creation of reusable custom elements with their own styles and DOM structure. They provide encapsulation and help avoid issues with global namespaces. While browser support is still emerging for some features, polyfills exist and frameworks like Polymer make web components accessible today. Web components represent an important evolution of the web that will improve how code is structured and shared.
This talk was given on Oct 23 at HTML5DevConf in San Francisco. The topic was Continuous Delivery as it relates to JavaScript applications, using tools like grunt and jenkins.
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk. What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year? Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year. This webinar will review: - Key changes to privacy regulations in 2024 - Key themes in privacy and data governance in 2024 - How to maximize your privacy program in the second half of 2024
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models. This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through: - Standard ways of running dbt (and when to utilize other methods) - How Cosmos can be used to run and visualize your dbt projects in Airflow - Common challenges and how to address them, including performance, dependency conflicts, and more - How running dbt projects in Airflow helps with cost optimization Webinar given on 9 July 2024
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality. Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality. Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality. Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank? ** Episode Overview ** In this first episode of our quality series, Kristen Hansen and the panel discuss: ⦿ What do we mean when we say patent quality? ⦿ Why is patent quality important? ⦿ How to balance quality and budget ⦿ The importance of searching, continuations, and draftsperson domain expertise ⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications https://www.aurorapatents.com/patently-strategic-podcast.html