This document provides an overview and examples of the NK API for developing mobile applications, websites, and OpenSocial applications. It describes REST and JS APIs for authentication, making requests, uploading photos, payments, inviting friends, adding shouts, and communicating with users. Code samples are given for common tasks like uploading photos, checking group membership, and sending messages between users. Developers can find full documentation and support for building applications on the NK platform.
Cookies store small pieces of data in the user's browser and are used to implement sessions. Sessions associate user data stored on the server with a unique ID (stored in a cookie). Users are authenticated by verifying their username and password which starts a session if valid. Authentication verifies a user's identity, while authorization determines what resources they are allowed to access based on permissions.
1. The document discusses using Ajax to return JavaScript code and objects from a server. Code examples are provided to return a JavaScript function from a PHP file using XMLHttpRequest, and to convert text into a JavaScript object.
2. Methods for using the XMLHttpRequest HEAD method are demonstrated to retrieve header information from the server, such as the server name, date/time, and file modification date.
3. The code is modified to extract only the last modified date from the header, and then further modified to display individual parts of the date like date, month, year, hours, minutes, and seconds.
4. An example is given to check if a URL exists using HEAD requests and XMLHttpRequest.
This document contains the code for a Blockly program that draws a circle on a canvas. It includes the JavaScript code to initialize various Blockly blocks like html, body, title, and circle. It also includes the SVG code for the Blockly representation of the program and the final HTML, JavaScript, and SVG output generated by the Blockly program.
1. The document explains Ajax frameworks and functions from the Ajax Gold library. Ajax frameworks contain JavaScript functions that simplify making Ajax requests, reducing code. The getDataReturnText function uses GET to fetch text from a URL, calling a callback function on completion. getDataReturnXml similarly fetches XML. postDataReturnText uses POST to send data to a URL and receive a text response.
In just under two-years the FIDO Alliance has produced a pair of specifications for strong authentication that have already been deployed at scale by some of the biggest brands in the world; Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Now the Alliance is working on adding additional methods for standards-based strong authentication. Come learn about these protocols and walk away with knowledge on what is available now, what is coming (hint: BLE, NFC, platform optimization), and what it takes to roll out strong authentication across your enterprise and to your customer base.
This document discusses web and browser security. It summarizes vulnerabilities like SQL injection and cross-site scripting (XSS), and defenses against them. SQL injection allows attackers to manipulate dynamically-generated SQL queries to obtain unauthorized data or issue unauthorized commands. XSS allows attackers to inject and execute malicious scripts in web pages by exploiting insufficient input validation. Defenses include input validation, prepared statements, and output encoding. These vulnerabilities remain prevalent issues for web applications.
Synapse india dotnet development web approch part 2
This document contains code for an ASP.NET web form that allows users to select a programming language from a radio button list. When submitted, the selected language and its corresponding ISBN number are stored in the HTTP session. On postback, labels are populated to display the selected language and session details like the ID and timeout. The code defines event handlers for loading and submitting the form to handle setting up and storing the session data.
NoSQL oder: Freiheit ist nicht schmerzfrei - IT Tage
Der Vortrag zeigt, dass bei NoSQL auch nicht alles ganz einfach ist und genauso harte Entscheidungen getroffen werden müssen wie bei RDBMS. Anhand eines echten Use Cases werden wir die Unterschiede, Vor- und Nachteile von NoSQL am Beispiel von MongoDB beleuchten.
The document discusses cache JSON hijacking and cross-site request forgery (CSRF). It provides examples of how an attacker could steal JSON data from a cache by overriding native JavaScript methods and injecting scripts to access APIs without authorization.
Drupal 8 incorporates a modular authentication system where different authentication providers can authenticate a user from a given request. The core built-in authentication providers are the cookie provider, which returns an authenticated or anonymous user depending on the presence of a cookie, and the basic authentication provider, which checks if the user name and password are in the request headers and finds a user. Authentication providers have a priority and are called in order by the authentication manager to authenticate the user for a request. Modules can also define custom authentication providers for routes, REST resources, and views.
JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn’t modified during transit. JWTs are designed to be extremely compact—small enough to be transmitted in an HTTP header, for example—and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They’re based on a very simple and elegant algorithm that’s easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that’s commonly used. “Claims,” “signatures,” “body,” “payload”—a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
the structure of a JSON Web Token
the algorithm for generating one
available libraries and tooling
some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
InheritedWidget is your friend - GDG London (2018-08-08)
On this talk we explore three different ways of getting access to dependencies in Flutter, and their tradeoffs.
First, we’ll take a look at global state as an easy way of getting the things we need. Then, we’ll talk about constructor dependency injection, what problems it solves, but also which new ones it introduces.
Finally, we will learn how to make use of InheritedWidget and how it can help as you scale up your apps. I’ll show a simple app as a example of how these techniques work in practice.
The document discusses configuring Tomcat connection pools. It describes preparing Tomcat by adding jar files, configuring the server.xml file and context.xml files, and testing connection pools using JSP. It also covers how Tomcat 6 supports connection pools using dbcp and how JdbcRowSet can use connection pools.
The document discusses page object modeling for web testing. It includes examples of page object classes with WebElement fields located using annotations. It also discusses some limitations of duplicating code and proposes using element blocks, type definitions, and a matcher library to address these limitations. Standard and extended element types are defined to help structure page objects and represent page elements in a more object-oriented way.
Building Your First Data Science Applicatino in MongoDB
Speaker: Robyn Allen, Software Engineer, Central Inventions
Level: 100 (Beginner)
Track: Tutorials
To provide a hands-on opportunity to work with real data, this session will center around a web-hosted quiz application which helps students practice math and memorize vocabulary. After experimenting with a small demonstration dataset (generated by each individual during the workshop), attendees will be guided through working with an anonymized dataset in MongoDB. No prior MongoDB experience is required but attendees are expected to download and install MongoDB Community Edition (available for free from mongodb.com) and have a working Python 3 environment of their choice (e.g., IDLE, free from python.org) installed on a laptop they bring to the workshop.
Prerequisites:
Attendees are expected to bring a laptop with the following software installed:
MongoDB 3.4.x Community Edition
The text editor or IDE of their choice
A working Python 3 environment of their choice
No prior MongoDB experience is required.
What You Will Learn:
- How to load a CSV file into MongoDB using mongoimport and then write queries (using the Mongo shell) to ensure the data appears as expected. Attendees will use a demo version of an online quiz app to generate a small data file of raw session data (which can be accessed via http://strawnoodle.com/api/testdata after logging in to the demo app and answering one or more quiz questions about MongoDB). After studying how the demo app stores session data, attendees will practice using mongoimport to import anonymized session data (provided during the workshop) into MongoDB.
- How to use the aggregation pipeline (in PyMongo) to implement more complicated queries and gain insights from data. Because the sample dataset contains data from a variety of users of different skill levels, queries can be designed which reveal summary statistics for the anonymous user cohort or specific performance of individual users. Participants will receive instruction in using MongoDB aggregation pipelines in order to write powerful, efficient queries with very few lines of code.
- How to write queries to analyze sample data from an online quiz app. Once the sample data has been loaded into MongoDB, participants will be guided in writing basic queries to examine the sample data. Participants will have an opportunity to write queries in the Mongo shell and in Python in order to familiarize themselves with syntax variations and key ideas. Participants will learn how to implement CRUD operations in PyMongo.
The document discusses modeling and querying user data in MongoDB. It provides examples of storing user account information, activity streams like check-ins, and extending the data model to track additional information like social connections and user clicks. The key points are that user data maps well to MongoDB's flexible document model, the data design should optimize for common queries, and the schema can easily be extended over time to support new use cases.
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
KNOTX.io is an event-driven, non-blocking integration framework that uses Vert.x and RxJava. It allows for highly scalable and modular integration of modern platforms. KNOTX provides features like data ingestion from CMSs and services, forms handling, prototyping with mocks, and extensibility through pluggable modules. It handles integration challenges through a transparent, reusable, and easily replaceable modern microservices-based architecture. Performance is optimized through asynchronous non-blocking code, event-driven architecture, and reactive programming with RxJava.
This document discusses HTML collections and event handling in JavaScript. It provides examples of how to access elements in HTML collections using methods like getElementsByTagName. It also covers different types of events like click, mouseover, form submit and how to attach event handlers using inline, traditional and modern approaches. It discusses timing events like setTimeout and setInterval. Finally it covers event propagation models of bubbling and capturing.
This document summarizes an API specification for a YUHN API version 0.4. It includes 7 methods for getting events, posts, albums, album content, surveys, survey questions, and event galleries. Each method section provides details on the request parameters and possible response statuses and formats. It also includes conventions for the API documentation and descriptions of common HTTP status codes.
Cookies store small pieces of data in the user's browser and are used to implement sessions. Sessions associate user data stored on the server with a unique ID (stored in a cookie). Users are authenticated by verifying their username and password which starts a session if valid. Authentication verifies a user's identity, while authorization determines what resources they are allowed to access based on permissions.
1. The document discusses using Ajax to return JavaScript code and objects from a server. Code examples are provided to return a JavaScript function from a PHP file using XMLHttpRequest, and to convert text into a JavaScript object.
2. Methods for using the XMLHttpRequest HEAD method are demonstrated to retrieve header information from the server, such as the server name, date/time, and file modification date.
3. The code is modified to extract only the last modified date from the header, and then further modified to display individual parts of the date like date, month, year, hours, minutes, and seconds.
4. An example is given to check if a URL exists using HEAD requests and XMLHttpRequest.
This document contains the code for a Blockly program that draws a circle on a canvas. It includes the JavaScript code to initialize various Blockly blocks like html, body, title, and circle. It also includes the SVG code for the Blockly representation of the program and the final HTML, JavaScript, and SVG output generated by the Blockly program.
1. The document explains Ajax frameworks and functions from the Ajax Gold library. Ajax frameworks contain JavaScript functions that simplify making Ajax requests, reducing code. The getDataReturnText function uses GET to fetch text from a URL, calling a callback function on completion. getDataReturnXml similarly fetches XML. postDataReturnText uses POST to send data to a URL and receive a text response.
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCloudIDSummit
In just under two-years the FIDO Alliance has produced a pair of specifications for strong authentication that have already been deployed at scale by some of the biggest brands in the world; Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Now the Alliance is working on adding additional methods for standards-based strong authentication. Come learn about these protocols and walk away with knowledge on what is available now, what is coming (hint: BLE, NFC, platform optimization), and what it takes to roll out strong authentication across your enterprise and to your customer base.
This document discusses web and browser security. It summarizes vulnerabilities like SQL injection and cross-site scripting (XSS), and defenses against them. SQL injection allows attackers to manipulate dynamically-generated SQL queries to obtain unauthorized data or issue unauthorized commands. XSS allows attackers to inject and execute malicious scripts in web pages by exploiting insufficient input validation. Defenses include input validation, prepared statements, and output encoding. These vulnerabilities remain prevalent issues for web applications.
This document contains code for an ASP.NET web form that allows users to select a programming language from a radio button list. When submitted, the selected language and its corresponding ISBN number are stored in the HTTP session. On postback, labels are populated to display the selected language and session details like the ID and timeout. The code defines event handlers for loading and submitting the form to handle setting up and storing the session data.
NoSQL oder: Freiheit ist nicht schmerzfrei - IT TageAlexander Hendorf
Der Vortrag zeigt, dass bei NoSQL auch nicht alles ganz einfach ist und genauso harte Entscheidungen getroffen werden müssen wie bei RDBMS. Anhand eines echten Use Cases werden wir die Unterschiede, Vor- und Nachteile von NoSQL am Beispiel von MongoDB beleuchten.
The document discusses cache JSON hijacking and cross-site request forgery (CSRF). It provides examples of how an attacker could steal JSON data from a cache by overriding native JavaScript methods and injecting scripts to access APIs without authorization.
Drupal 8 incorporates a modular authentication system where different authentication providers can authenticate a user from a given request. The core built-in authentication providers are the cookie provider, which returns an authenticated or anonymous user depending on the presence of a cookie, and the basic authentication provider, which checks if the user name and password are in the request headers and finds a user. Authentication providers have a priority and are called in order by the authentication manager to authenticate the user for a request. Modules can also define custom authentication providers for routes, REST resources, and views.
JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn’t modified during transit. JWTs are designed to be extremely compact—small enough to be transmitted in an HTTP header, for example—and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They’re based on a very simple and elegant algorithm that’s easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that’s commonly used. “Claims,” “signatures,” “body,” “payload”—a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
the structure of a JSON Web Token
the algorithm for generating one
available libraries and tooling
some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
InheritedWidget is your friend - GDG London (2018-08-08)Andrea Bizzotto
On this talk we explore three different ways of getting access to dependencies in Flutter, and their tradeoffs.
First, we’ll take a look at global state as an easy way of getting the things we need. Then, we’ll talk about constructor dependency injection, what problems it solves, but also which new ones it introduces.
Finally, we will learn how to make use of InheritedWidget and how it can help as you scale up your apps. I’ll show a simple app as a example of how these techniques work in practice.
The document discusses configuring Tomcat connection pools. It describes preparing Tomcat by adding jar files, configuring the server.xml file and context.xml files, and testing connection pools using JSP. It also covers how Tomcat 6 supports connection pools using dbcp and how JdbcRowSet can use connection pools.
HtmlElements – естественное расширение PageObjectSQALab
The document discusses page object modeling for web testing. It includes examples of page object classes with WebElement fields located using annotations. It also discusses some limitations of duplicating code and proposes using element blocks, type definitions, and a matcher library to address these limitations. Standard and extended element types are defined to help structure page objects and represent page elements in a more object-oriented way.
Building Your First Data Science Applicatino in MongoDBMongoDB
Speaker: Robyn Allen, Software Engineer, Central Inventions
Level: 100 (Beginner)
Track: Tutorials
To provide a hands-on opportunity to work with real data, this session will center around a web-hosted quiz application which helps students practice math and memorize vocabulary. After experimenting with a small demonstration dataset (generated by each individual during the workshop), attendees will be guided through working with an anonymized dataset in MongoDB. No prior MongoDB experience is required but attendees are expected to download and install MongoDB Community Edition (available for free from mongodb.com) and have a working Python 3 environment of their choice (e.g., IDLE, free from python.org) installed on a laptop they bring to the workshop.
Prerequisites:
Attendees are expected to bring a laptop with the following software installed:
MongoDB 3.4.x Community Edition
The text editor or IDE of their choice
A working Python 3 environment of their choice
No prior MongoDB experience is required.
What You Will Learn:
- How to load a CSV file into MongoDB using mongoimport and then write queries (using the Mongo shell) to ensure the data appears as expected. Attendees will use a demo version of an online quiz app to generate a small data file of raw session data (which can be accessed via http://strawnoodle.com/api/testdata after logging in to the demo app and answering one or more quiz questions about MongoDB). After studying how the demo app stores session data, attendees will practice using mongoimport to import anonymized session data (provided during the workshop) into MongoDB.
- How to use the aggregation pipeline (in PyMongo) to implement more complicated queries and gain insights from data. Because the sample dataset contains data from a variety of users of different skill levels, queries can be designed which reveal summary statistics for the anonymous user cohort or specific performance of individual users. Participants will receive instruction in using MongoDB aggregation pipelines in order to write powerful, efficient queries with very few lines of code.
- How to write queries to analyze sample data from an online quiz app. Once the sample data has been loaded into MongoDB, participants will be guided in writing basic queries to examine the sample data. Participants will have an opportunity to write queries in the Mongo shell and in Python in order to familiarize themselves with syntax variations and key ideas. Participants will learn how to implement CRUD operations in PyMongo.
The document discusses modeling and querying user data in MongoDB. It provides examples of storing user account information, activity streams like check-ins, and extending the data model to track additional information like social connections and user clicks. The key points are that user data maps well to MongoDB's flexible document model, the data design should optimize for common queries, and the schema can easily be extended over time to support new use cases.
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
This document discusses JSON Web Tokens (JWT) for authentication. It begins by explaining the need for authorization in web applications and how token-based authentication addresses issues with server-based authentication. The structure of a JWT is described as a JSON object with a header, payload, and signature. Python libraries for working with JWT like PyJWT, Django REST Framework JWT, and Flask-JWT are presented. The document demonstrates generating and verifying JWT in Python code. Examples of using JWT for authentication in the Kalay IoT platform and Diuit messaging API are provided.
Jeff Scudder, Eric Bidelman
The number of APIs made available for Google products has exploded from a handful to a slew! Get
the big picture on what is possible with the APIs for everything from YouTube, to Spreadsheets, to
Search, to Translate. We'll go over a few tools to help you get started and the things these APIs share
in common. After this session picking up new Google APIs will be a snap.
This document discusses different authentication methods for a Box application including:
1. Long-lived access tokens that are restricted to certain API functionality and contain a permission screen.
2. OAuth 2 authentication that requires managing user identities and content.
3. Application access tokens that need to be refreshed every hour and bypass OAuth authentication.
It also provides code samples for OAuth 2 authentication flows and initializing a Box SDK client using JWT authentication with an app's client ID, secret, and signing keys.
DevFest Kuala Lumpur - Implementing Google Analytics - 2011-09-29.pptVinoaj Vijeyakumaar
This presentation was given at Google DevFest Kuala Lumpur on 29 Sep 2011. This presentation covers how to implement Google Analytics' advanced tracking features, including: event tracking, social plugin tracking, custom variables, page load time tracking, mobile site tracking, iOS and Android application tracking, and campaign variables.
GTUG Philippines - Implementing Google Analytics - 2011-10-11Vinoaj Vijeyakumaar
This presentation was given to the Google Technology Users Group (GTUG) Philippines chapter on 11 Oct 2011 in Manila. It covers how GA works, and how to implement GA's advanced tracking features.
This document outlines two scenarios for authenticating a web portal using an identity management system (IdM). Scenario 1 describes authenticating when the portal knows the user's credentials, directly sending them to the IdM. Scenario 2 describes authenticating when the portal does not know the credentials, requiring the user to log in via the IdM portal. Both scenarios involve redirecting to the IdM, receiving an access code, using it to request an access token from the IdM, and validating the token to get user information. Reference information is provided at the end.
The Open & Social Web - Kings of Code 2009Chris Chabot
The document discusses the Open & Social Web and OpenSocial. It provides an overview of OpenSocial, how it differentiates views like home, profile, and canvas. It explains how to write OpenSocial gadgets using XML, JavaScript, and fetching data. It also covers OpenSocial client libraries, Google Friend Connect, proxied content, templating, and future directions like OSML tags. Resources mentioned include documentation, videos from Google I/O, and the OpenSocial website.
The document discusses Node.js and Google Cloud Storage. It covers topics like using OAuth2 to authenticate with JSON Web Tokens and service accounts, uploading files via simple, multipart, and resumable upload methods, and managing file metadata, access control lists, versions, and directories without a true folder structure in Cloud Storage. The author reflects on lessons learned like ensuring proper permissions when accessing buckets and the value of sharing knowledge gained from experimenting with Google services.
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Puppeteer allows controlling headless or headed Chrome over the DevTools Protocol. It provides a high-level API for common tasks like taking screenshots, navigating pages, and interacting with page elements. The Chrome DevTools Protocol exposes APIs that allow tools to instrument, inspect, debug and profile the browser. Puppeteer uses this to provide convenient methods for automating browser actions and interacting with pages. Existing Selenium tests can leverage the DevTools Protocol by connecting to the browser instance controlled by ChromeDriver.
This document summarizes the FIWARE security components Identity Manager (IdM) and Access Control (AC). It provides an overview of OAuth 2.0 authentication flows and describes three levels of authorization - authentication, basic authorization checking HTTP verbs and resources, and advanced authorization using XACML policies. Examples are given of validating access tokens, retrieving user info, and creating permissions and policies in IdM.
OAuth is an open standard for token-based authorization that allows third-party applications to obtain limited access to a user's data without requiring them to share their passwords. It allows sites to exchange user-authorized tokens that can be revoked and have varying scopes and time limits. OAuth has gone through several versions to address vulnerabilities and inconsistencies, with OAuth 2.0 simplifying the protocol through the use of bearer tokens and authorization/resource server separation. While implementations are emerging, OAuth 2.0 continues to be refined as an IETF draft standard.
The document discusses Yahoo's Application Platform and Open Mail services. It provides examples of using the Yahoo Application Platform (YAP), OpenID, OAuth, SDKs and REST APIs to develop applications. It also provides examples of using OpenSocial to fetch and insert user data and activities. Finally, it discusses Open Mail and enhancing the email experience through contextual plugins.
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
Adding Identity Management and Access Control to your Application, Authorization using the FIWARE components: Identity Management, PEP Proxy, Access Control (PDP/PAP).
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
4. REST API
Authentication is based on OAuth standard. There are many libraries supporting this
standard. Have a look here:: http://oauth.net/code/
First you need to get nk_token via /token/get request.
POST https://opensocial.nk-net.pl/v09/token/get
POST data:
login=loginUseraNaNk&password=hasłoUseraNaNk
[no cookies]
Request Headers:
<next slide>
5. REST API - /token/get - headers
Request Headers:
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Authorization: OAuth oauth_signature_method="HMAC-SHA1", oauth_consumer_key="customerKeyZPanelu",
oauth_timestamp="1352376881", oauth_nonce="272317321310634", oauth_version="1.0", oauth_signature="
jVaVvVZcLZ1mMHzU3dzAmw3vxPE%3D"
oauth_version="1.0",
oauth_timestamp="1352376881"
oauth_nonce="272317321310634" - must be unique, at least 15 characters
oauth_signature_method="HMAC-SHA1" - you must enter this value
oauth_signature="jVaVvVZcLZ1mMHzU3dzAmw3vxPE%3D" - it needs to be calculated:)
oauth_signature obliczamy poprzez base64_encode(HMAC-SHA1(oauth_base_string, <secret from developer panel>&));
If everything goes correctly, we will get the answer:
nk_token=jakiśDziwnyNapisWBase64
6. REST API - base string
Example of value POST&http%3A%2F%2Fjava1.omega.nknet%3A2080%2Fv09%2Ftoken%2Fget&login%
3Dabcef%26oauth_consumer_key%3DjakisCustomerKey%26oauth_nonce%3D273217097465315%
26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1352377781%26oauth_version%3D1.
0%26password%3DjakiśPassword
First part POST - as we were sending POST request
Second part is URL without query parameters, encoded via urldecode function
Third part are all sorted and concatenated parameters .
Remember to sign the request content (when it makes sens - check: question reported to NKsupport).
All requests need to be signed with this mechanism.
7. REST API - @me, @self, @all
Many endpoint specifications show strange elements like: @me, @self, @all.
@me - user currently logged in
@self, @friends, @all - indicates who can check the object on which the action is done
10. When something is not working...
We suggest the following steps:
● Check the error code. You can find many useful information there.
● Check logs - http://developers.nk.pl/applications-logs/
● Catch the request with tcpdump or extract it with netcat. Then check if data is
sent according to the specification
● Describe the problem in details in NK support
11. API JS
In this part we will show you how to create Opensocial applications.
Shindig is used as application container which implements OpenSocial standard
Shindig is responsible for:
● application rendering
● proxy request creation
● data cache
● RPC/REST requests
We are supporting OpenSociala ver 0.9.
List of all functionalities we are supporting
is accessible in our documentation.
12. API JS
Aplikacje definiujemy przez pojedynczy plik gadget.xml
Adres do tego pliku podajemy w panelu zarządzania aplikacjami i stronami.
13. Preparation of development environment
1. You create application in https://developers.nk.pl/developers
2. Set debug mode (data cache is disabled)
3. You add tester ID on application tester list
4. Enter your application: http://nk.pl/#applications_test/xyz (the exact link is in
application settings)
For the beginning we can put the following, classic example code as gadget.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<Module>
<ModulePrefs/>
<Content type="html" view="canvas">
<![CDATA[
Hello World
]]>
</Content>
</Module>
14. Examples:
Following examples are available under this URL:
https://github.com/jaaro/various/tree/master/nk
1. ROT13
2. Information about the user
3. Informacje about friends
4. Embedding flash
5. Swfobject
6. Hamster fall
7. Adding shout on NK
We suggest to test other JS API functionalities in this application: nkda.
15. Payments- JS code
function handlePaymentResponse(dataItem) {
if (dataItem.hadError()) {
alert('got an error');
} else {
var orderId = dataItem.getData().getField(opensocial.Payment.Field.ORDER_ID);
alert('payment request accepted, orderId: ' + orderId);
}
}
function makePayment() {
var params = {};
params[opensocial.Payment.Field.AMOUNT] = 5;
params[opensocial.Payment.Field.MESSAGE] = "large sword";
params[opensocial.Payment.Field.PARAMETERS] = "some_app_specific_params";
var payment = opensocial.newPayment(params);
opensocial.requestPayment(payment, handlePaymentResponse);
}
16. Payments
Enter the right value in "Payment Callback URL" field (Administration panel):
When transaction is completed, nk is sending under this URL the following request:
POST /some/url HTTP/1.1
Host: gamehost.com
Content-Type: application/x-www-form-urlencoded
amount=5&appId=app.1&containerDomain=nk.pl&message=large%20sword&oauth_consumer_key=key&
oauth_nonce=252b9d59381dd803dcf156663d1375d9&oauth_signature=%2F7%2BGAbB0DDYNZwC%2BsSACe1O5Kpw%3D&
oauth_signature_method=HMAC-SHA1&oauth_timestamp=1273755263&oauth_version=1.0&
orderId=32787067d4de27d7fb97d816723d5c75bb9fd337¶meters=some_app_specific_params&
paymentType=payment&viewerId=person.abc
17. Payments
Application must confirm the payment has been received by generating the following
response:
HTTP/1.1 200 OK
Content-Type: application/json
{"orderId":"32787067d4de27d7fb97d816723d5c75bb9fd337","responseCode":"ok","responseMessage":"all
ok","signature":"7e7455aac4a1be3186185e5bd056791adf01818c"}
If the confirmation (response) is not ok, NK server will send request every minute for next 24hours or till we get
the correct response.
If you want to test payments, send e-mail to egbtest@nasza-klasa.pl with request for specified amount of NK
currency (EGB) , you NK profile ID and name of the application you are testing.
18. Inviting friends to the application:
function handleInviteFriendResponse(responseItem) {
if (responseItem.hadError()) {
// handle error
} else {
alert(responseItem.getData() + ' invited friend(s)');
}
}
function invite() {
var msg = 'Join me !';
var paramsObject = new Object();
nk.requestInviteFriends(msg, paramsObject, handleInviteFriendResponse);
}
invite();
19. Check if user is already member of the
application group.
function response(data) {
if (data.hadError()) {
// handle error
} else {
var result = data.get("isInGroup").getData();
if (result) {
output("User is in application's group");
} else {
output("User is NOT in application's group");
}
}
};
function request() {
var req = opensocial.newDataRequest();
req.add(nk.groups.newIsUserInAppGroupRequest(), "isInGroup");
req.send(response);
};
request();
20. Adding user to application group:
function callback(responseItem) {
if (responseItem.hadError()) {
// handle error
} else {
console.log(responseItem);
}
}
function invite() {
nk.groups.requestAddUserToAppGroup(callback);
}
invite();
21. Adding picture:
function uploadPhotoHandler(resp) {
if (resp.hadError()) {
// handle error
}
}
function uploadPhoto() {
nk.photos.requestUploadAppPhoto("Photo added from Dev App", null, uploadPhotoHandler);
}
uploadPhoto();
22. How many user have installed the
application?
function response(data) {
if (data.get("amount").hadError()) {
// handle error
} else {
alert(data.get("amount").getData());
}
};
function request() {
var req = opensocial.newDataRequest();
req.add(nk.newGetAmountOfUsersRequest(), "amount");
req.send(response);
};
request();
23. Adding shout:
function onActivityPosted(data) {
if (data.hadError()) {
alert("There was a problem: " + data.getErrorMessage());
} else {
output("The activity was posted successfully.");
}
};
function postActivity(title) {
var data = {};
data[opensocial.Activity.Field.TITLE] = title;
var activity = opensocial.newActivity(data);
opensocial.requestCreateActivity(
activity,
opensocial.CreateActivityPriority.HIGH,
onActivityPosted
);
};
postActivity("This is a sample activity");
24. Communication between users - message
function response(data) {
if (data.hadError()) {
alert("There was a problem: " + data.getErrorMessage());
} else {
output("The message was sent.");
}
};
function request() {
var iconUrl = new opensocial.Url({"type" : "icon", "address" : "http://www.example.org/icons/notifyIcon.jpg"});
var msgParams = {
"title" : "Title of notification",
"urls" : new Array(iconUrl), // image used in notification
"type" : "notification", // only notification is currently supported
};
var msg = opensocial.newMessage("Body of notification", msgParams); opensocial.requestSendMessage(["person.XXX"], msg,
response);
};
request();
25. JS API
You can find many other examples in our dokumentation
together with detailed features specification.
http://developers.nk.pl/documentation/nk-api/opensocial-js-api/
26. Some interesting features:
Please note, that even if we support some features, they may not be operated in the same way as in original
OpenSocial specification, for example: Activity.
List of supported paramenters is here: http://developers.nk.pl/documentation/nk-api/opensocial-js-api/
Interesting features:
gadgets.log / gadgets.warn / gadgets.error
gadgets.json.parse / gadgets.json.stringify
gadgets.window.adjustHeight
gadgets.io.makeRequest / osapi.http.get