DataFlow

Поиск потенциальных уязвимостей в коде, часть 2: практика

В прошлый раз мы ознакомились с общими подходами в поиске уязвимостей безопасности в приложениях. В этот раз спустимся ближе к земле и посмотрим на то, как мы реализовали эти механизмы в нашем статическом анализаторе для Java.

https://habr.com/ru/companies/pvs-studio/articles/885576/

Anyone knows about Cuneiform workflow language?

I am digging into “Flow-based programming” and “Dataflow languages”, and I have seen Cuneiform mentioned here and there, which to me has a simple and appealing syntax.
However... the documentation is close to nonexistent. How do I get started, and should I?

http://cuneiform-lang.org/

Curso de Síntesis de Sonido y Pure Data
Clases particulares
(inscripciones abiertas)

Link en bio

Por medio del software libre Pure Data descubriremos
las distintas maneras en que un computador puede
generar sonido.
Conoceremos los aspectos básicos para construir
herramientas de proceso sonoro, análisis e
instrumentos virtuales.

No es necesario tener conocimientos previos, el
desarrollo del curso se adapta a cada estudiante.

El curso se compone de unidades progresivas
organizadas en un Ciclo Inicial y un Ciclo de
Contenidos Avanzados .

Cada unidad se compone de 4 sesiones de 55 minutos.
Valor de la unidad CLP 80.000 o USD 120,00 (PayPal)

Modalidad: en línea

Información e inscripciones:
dm de Instagram @oscarsantis
oscarsantisg@gmail.com
+56 9 75802965
(whatsapp, telegram, signal)

I'm not feeling the warm fuzzies about trying to do GCP Dataflow (aka Apache Beam) with Typescript. Doesn't feel fully baked.

Also doesn't feel like a lot of doc/examples nor many people using it. I don't think our org should be on the bleeding edge of something like this for a core piece of our infrastructure.

Dunno. Will keep working on it for a bit.

Поиск потенциальных уязвимостей в коде, часть 1: теория

Риски наличия уязвимостей безопасности всем известны: нарушение работы приложения, потеря данных или их конфиденциальности. В этой статье мы посмотрим на наглядных примерах фундаментальную сторону подхода, при котором уязвимости можно находить ещё на этапе разработки.

https://habr.com/ru/companies/pvs-studio/articles/866896/

Какие ваши доказательства? Объясняем разработчику отчёты SCA на пальцах. Часть 2

Привет, Habr! С вами вновь Анастасия Березовская, инженер по безопасности процессов разработки приложений в Swordfish Security. Сегодня мы продолжим наш нелегкий путь в получении Evidence для SBOM. В первой части статьи мы разобрались, что же такое Evidence с точки зрения SBOM. Описали, что представляет собой граф свойств кода, на базе которого происходят все операции нарезки, и рассмотрели срезы использования. Сегодня мы поговорим про срезы достижимости и срезы потоков данных. И, самое главное, разберем, как всё это превращается в расширенный SBOM с вхождениями. Приятного чтения!

https://habr.com/ru/companies/swordfish_security/articles/845526/

#ITByte: #Dataflow #Programming is a programming paradigm where the flow of data through a program is the primary focus, rather than the control flow.

This means that instructions are executed based on the availability of data, rather than a predetermined sequence.

https://knowledgezone.co.in/posts/Dataflow-Programming-66dfd1cb2390377b359fd017

Curso de Síntesis de Sonido y Pure Data
Clases particulares
(inscripciones abiertas)

https://oscarsantis.art/curso-de-sintesis-de-sonido-y-pure-data/

Por medio del software libre Pure Data descubriremos
las distintas maneras en que un computador puede
generar sonido.
Conoceremos los aspectos básicos para construir
herramientas de proceso sonoro, análisis e
instrumentos virtuales.

No es necesario tener conocimientos previos, el
desarrollo del curso se adapta a cada estudiante.

El curso se compone de unidades progresivas
organizadas en un Ciclo Inicial y un Ciclo de
Contenidos Avanzados .

Cada unidad se compone de 4 sesiones de 55 minutos.
Valor de la unidad CLP 80.000 o USD 120,00 (PayPal)

Modalidad: en línea

Información e inscripciones:
dm de Instagram @oscarsantis
oscarsantisg@gmail.com
+56 9 75802965
(whatsapp, telegram, signal)

Hey #PowerBI people, I just posted Part 4 of my #DataDojo #CommunityOfPractice blog series. Check it out here:
https://datavolume.xyz/2024/01/15/DataDojo-PowerBI-CommunityOfPractice-04.html

And just in case you missed any of the previous parts (or it's been a while and you need a refresher), here are the links for those:
- Part 1: https://datavolume.xyz/2023/04/02/DataDojo-PowerBI-CommunityOfPractice-01.html
- Part 2: https://datavolume.xyz/2023/05/28/DataDojo-PowerBI-CommunityOfPractice-02.html
- Part 3: https://datavolume.xyz/2023/10/13/DataDojo-PowerBI-CommunityOfPractice-03.html

Throwback to an enlightening blog by Dishani Sen on building data mesh architectures with #Dataflow on #GoogleCloud! Great for data buffs and ML engineers . Keep in mind, some info may be a blast from the past! Delve in https://dataroots.io/blog/real-time-streaming-analytics-with-google-cloud-pub-sub-and-dataflow-a-comprehensive-guide-for-data-and-ml-engineers #DataMesh #DataEngineering

TONIGHT, #DCG201 attends the last
#empirehacking meetup of 2023. Talks start at 6:00 PM EST and include Ellen Cooper (
@hackmanhattan ) reverse engineering obscure #Japanese #phones, and Evan Sultanik's ( @trailofbits ) guide to advanced #dataflow #analysis techniques:

https://meetu.ps/e/MF6Bl/lQlT6/i

@defcon @dcparrot @NYC2600

Es gibt Möglichkeiten, iOS MDM-Beschränkungen zu umgehen. Apple hat diese Lücken bisher nicht geschlossen. Die Frage ist, wie vertrauenswürdig diese Beschränkungen sind, wenn selbst einfache Tricks nicht behoben werden.
Hier kommen Sie zum Video: https://www.youtube.com/watch?v=5uge12UogyI
#MDM #MDMRestrictions #DataFlow

Today we're hosting the final conference of #OPERAS GER project at #maxweberfoundation : https://operas-ger.hypotheses.org/veranstaltungen/abschlussveranstaltung-operas-ger
and I'm looking forward to chairing a panel on empowering #infrastructures with guests from @operaseu (Pierre Mounier), @coarassessment (@etothczifra), @subugoe (Margo Bargheer), @Textplus (Philippe Genêt) and OPERAS-GER (Michael Kaiser) - we will bring together the topics of #openscience , #nfdi , #dataflow on a European and national level.

If you have the day off and were wondering how data actually flows over the Internet, then I invite you to read this insightful paper, written by the very great Karl Auerbach: https://www.iwl.com/idocs/the-surprisingly-arcane-art-of-sending-data-on-the-internet. #Internet #dataflow

#Stroke is the second leading cause of death in Europe but poor coordination & #dataflow between groups involved in treatment impairs care.Have you got a solution to improve data flow across the care pathway? Apply now to IHI's call 5 on stroke! https://europa.eu/!BxrRWT

DCP: Learning Accelerator Dataflow for Neural Network via Propagation

https://openreview.net/forum?id=BNIrElhRl4

For many years I've observed the following in parallel:

1. General confusion (and in some cases disdain) about the notion of a #SemanticWeb

2. Steadfast effort by a community to keep the vision going, stealthily, as exemplified by the #LODCloud (#DBpedia,, #Wikidata, #Uniprot etc..) and Schema.org (#SchemaOrg)

3. #DataSilos and all the impedance they inflict on the agility of individuals and enterprises alike on the rise i.e., #DataAccess and #DataFlow are still challenging, unnecessarily.

One of the things I'll be talking about in the stream tomorrow: Understanding that https://thi.ng/rstream constructs are essentially defining a #dataflow #graph much like you'd know from a node-graph based editor (a la Blender/Houdini etc.), only obviously with the difference of actually creating such a graph programmatically rather than manually via visual editing. Personally I find this programmatic approach much more powerful, but a visual representation makes it of course much easier to debug & analyze such graph topologies, also to explain & illustrate to others how data and state changes are flowing through the app/system and/or where to attach new features/nodes or optimize/restructure the topology...

Another massive benefit: This approach makes it much easier to build features such that only the most minimal amount of work needs to be done, helping to achieve better performance...

The attached diagram was generated with #Graphviz via https://thi.ng/rstream-dot and shows the dataflow graph for the image vectorization tool mentioned in previous toots.

Full size version:
https://demo.thi.ng/umbrella/trace-bitmap/topology.html

The tool itself:
https://demo.thi.ng/umbrella/trace-bitmap/

The second image shows the minimal code required to generate the #visualization source file...