Events

Demystification of Demystifying Machine Learning using nuML w/ Seth Juarez

Going for a little Benoit B. Mandelbrot recursion joke here with the title.

Seth Juarez (github) recently spoke to Pasadena .NET user group on the topic of Practical Machine Learning using nuML. Seth is a wonderful speaker, educator and nuML is an excellent library to get started with machine learning in .NET. His explanations are very intuitive; even for people who have been working in the field for a while. During the talk and follow up discussions, there were various technical references made which went beyond the scope of talk. To be fair with Seth, he covered lot of material in an hour and a half; probably couple of weeks worth in a traditional ML course.

Therefore I decided to provide links to these underlying topics for the benefit of attendees in case anyone is interested in knowing more about them.

Happy Machine Learning!

Share

Web/Services Security Talk @ San Diego.NET User Group

Andrew Karcher, SQL Server MVP invited me to speak to San Diego .NET user group this Tuesday. The topic of my talk was Secure Code Top 10 (OWASP) for Service Oriented Architectures and the presentation slides can be downloaded from here. Links from the talk follow.

Web Service Security Cheat Sheet

https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet

OWASP web Goat.NET

https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET

WCF Security Fundamentals

http://msdn.microsoft.com/en-us/library/ff650862.aspx

WebGoat.NET Github (Web Forms)

https://github.com/jerryhoff/WebGoat.NET

WebGoat.NET Github (MVC)

https://github.com/kahanu/webgoat.mvc

Nonce

http://en.wikipedia.org/wiki/Cryptographic_nonce

OWASP

https://www.owasp.org/index.php/Main_Page

C is for cookie, H is for hacker – understanding HTTP only and Secure cookies

http://www.troyhunt.com/2013/03/c-is-for-cookie-h-is-for-hacker.html

Advance SQL Injection - Havij

http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/

OWASP Top 10 for .NET

http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html

Samy Worm

http://en.wikipedia.org/wiki/Samy_(computer_worm)

HTML encoding in ASP.NET / MVC

http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx

HTMLEncodig in Razor

http://stackoverflow.com/questions/4973504/turn-off-html-encoding-in-razor

How Hackers Stole 200,000+ Citi Accounts Just By Changing Numbers In The URL

http://consumerist.com/2011/06/14/how-hackers-stole-200000-citi-accounts-by-exploiting-basic-browser-vulnerability/

6.5 Million Encrypted LinkedIn Passwords Leaked Online

http://www.tomsguide.com/us/LinkedIN-Calendar-iOS-Hack-passwords,news-15464.html

StuxNet

http://en.wikipedia.org/wiki/Stuxnet

Flame

http://en.wikipedia.org/wiki/Flame_(malware)

Rainbow Tables

http://en.wikipedia.org/wiki/Rainbow_table

Preventing Cross-Site Request Forgery (CSRF) Attacks

http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-(csrf)-attacks

Happy Coding!

 

Share

Tonight @ Pasadena .NET UG - Programming in the Age of Context w/ Jon Flanders

Abstract: Robert Scoble (Tech Savvy Social Butterfly) is calling the next age of computing the “Age of Context”. Mobile devices, wearables, and other sensors are starting to become commonplace everywhere we look.

In this talk I will show you how – for under $50 – you can get involved and start experimenting with hardware that can help you to prototype interesting solutions and ideas in this new era. Included will be both Arduino, as well as the Raspberry Pi.

About the Presenter: Jon is a member of the technical staff at MCW, where he focuses on connected systems technologies. He is also a regular speaker and trainer for Pluralsight. Jon is most at home spelunking, trying to figure out how things work from the inside out. He is the author of RESTful.NET from O’Reilly, as well as Essential ASP for Addison-Wesley, and was a co-author of Mastering Visual Studio.NET for O’Reilly. Jon’s current major interest is helping people to understand the advantages of REST, but he sees a bright future for modeling as a way to build complex systems.

Meeting Agenda
* 6:00p Mixer/Networking/Pizza
* 6:30p Presentation Starts
* 8:00p Raffle

Location

Green Dot Corporation - 3465 E. Foothill Blvd, Pasadena, CA (edit map)

RSVP

Share

Quantum Computing & Entanglement with Dr. John Preskill @ Caltech

Last night I had the privilege to listen to Dr. John Preskill in Beckman Auditorium here at Caltech with fellow Quantum aficianado David Lazar. John Preskill is the Richard P. Feynman Professor of Theoretical Physics at Caltech. This was definitely one of the most accessible lecture on this topic of general audience which was very well received. Dr. Preskill is definitely a teacher and a communicator; as Feynman chair, he effectively summarized 50+ years of Quantum research and development into a one hour lecture. Quantum frontiers has some of the recorded lectures which readers may find interesting.

image_2

Dr. Preskill is also involved with IQIM, Institute for Quantum Information and Matter, at Caltech. Here is an IQIM Promotional video which was shown towards the end of the session.

The lecture addressed the opportunities and challenges in quantum computing, entanglements, speculation  about future trends, quantum error correction and quantum information science.

 

image

image_6


image_5

image_4

Caltech - John Preskill: Quantum Entanglement and Quantum Computing

John Preskill: Quantum Entanglement and Quantum Computing

Couple of his detailed lectures can be seen below.

Share

LA Machine Learning event on Mining Time Series Data w/ Sylvia Halasz

Last night's LA Machine Learning event on Mining Time Series Data w/ Sylvia Halasz of YP at OpenX Pasadena was quite interesting and well attended. Dr. Halasz spoke about Adaptive Ensemble Kalman Filter and her work on building n-gram correlation with the flu outbreaks. Some of the associated papers follow.

 

IMG00312-20130306-1935

Share

Caltech Entrepreneurs Forum Event – Big Data, Big Opportunities: Slides & Pictures

Recently attended Big Data Event @ Caltech. The topic was Big Data, Big Opportunities: Predicting the Future One Byte at a Time and the panel and speakers didn't disappoint. Following is the slidedeck and pictures from the event.

Share

Caltech Event - Big Data, Big Opportunities: Predicting the Future One Byte at a Time

Big Data Event @ Caltech

Event Abstract:

It’s raining data. Actually, it’s more like a hurricane.

Every website, email, SMS text, mouse click, download and online purchase generates data, a lot of data.

This data is being assembled into massive data sets and used by scientists, researchers, companies and the government to develop new products, predict epidemics, understand consumer behavior and formulate public policies.

Entrepreneurs are pursuing these “Big Data” opportunities in what is becoming the 21st century equivalent of the gold rush.

Our speakers will share their views on the opportunities and challenges entrepreneurs face in building a Big Data venture.

Saturday, November 17, 2012
California Institute of Technology
Pasadena, California

Program: 9:00 a.m. to 11:15 a.m. Baxter Lecture Hall
Networking: 11:15 a.m. to 12:00 p.m. Baxter Lecture Hall

Details and registration here.

Share

Notes from WCF & SOA Talk @ SoCal.NET Architecture Group

Last week I spoke to Southern California .NET Architecture Group regarding implementation of Service Oriented Design Patterns with Windows Communication Foundation. The talk was an architectural overview of so called SOA tenants and how to implement these best practices using WCF. Being technologists, we tend to focus more on underlying technologies and have tendency to avoid topics like BPM, enterprise decision management, business rules engine, ESB, event stream processing, registry and discovery, component and composites, orchestration and mediation to name a few. Trying to avoid abstractions and TLA's (three letter acronyms), the focus of the talk was towards explaining the key-components of a generic, platform agnostic service oriented architecture and how WCF fulfills one part of this larger puzzle. In real-world SOA implementations, aside from usual Service ABC's (Address, Binding, Contracts) which are essential parts of service components and composites, there is lot of attention paid to tracking and monitoring the artifacts in a SOA, enforcing and ensuring compliance with the policies associated with the artifacts and measuring the outcomes related to their use. Following are some of the salient features of a comprehensive service oriented design.

  • BPM - Business process management solution
  • EDM - Enterprise decision management
  • ESB - Enterprise Service Bus
  • ESP - Event Stream Processing
  • Service Orchestration
  • Service components and composites
  • web service mediation (Protocol mediation, Traffic management,Version rationalization, Runtime governance)

After introducing these fundamental entities as part of a comprehensive SOA platform, I spoke further about how component oriented architecture has evolved into SOA, the definition and  importance of boundaries (machine, network, datacenter) and the connection between SOA and cloud. While answering a question about why WCF != SOA, I found the following geek & poke comic very useful.

 

As handbook of cloud computing notes,

Web Services and Service Oriented Architecture (SOA) are not new concepts; however they represent the base technologies for cloud computing. Cloud services are typically designed as Web services, which follow industry standards including WSDL, SOAP, and UDDI. A Service Oriented Architecture organizes and manages Web services inside clouds (Vouk, 2008). A SOA also includes a set of cloud services, which are available on various distributed platforms.

Therefore, it is fair to describe an SOA environment as enabler for cloud computing. This lead us to the SOA concepts and how it maps to WCF.

  • SOA Entity corresponds to WCF DataContract
  • SOA Message corresponds to  WCF MessageContract
  • SOA Interface corresponds to  WCF ServiceContract
  • SOA Transport corresponds to  WCF Binding
  • SOA Endpoint corresponds to WCF deployment model (service endpoint)

Next logical step was premier to a simple WCF service, wcf service library, client utility, metadata endpoint and what's new in WCF 4 to help leverage service oriented architecture. Don Box's infamous (and controversial) SOA tenants were discussed in context with the service oriented design.

  •  Boundaries are Explicit
  •  Services are Autonomous
  • Services share schema and contract, not class
  • Service compatibility is based upon policy

At this point, attendees were introduced to WCF 4 hands-on-lab and it's individual exercises on Simplified Configuration, Service Behavior, Protocol Mapping, Service Discovery, Metadata Extensions, Discovery Announcements, Discovery Proxy, Routing/Service Routing and Content Based Routing.

There’s a lot more to discuss including design of contracts, versioning, governance, Forward and backward compatibility, trade-offs associated with various deployment options, Integration and regression testing, Security (authentication, authorization, privacy), Reuse, High Availability, anti-Patterns, AppFabric's role in monitoring, caching and hosting etc but we had to conclude the talk in the interest of time.

Thank you Mike Vincent and David Wells for the invite.

References & Download Links:

Whats New In WCF4 (WCF 4 Lab document and Source) and a nice concluding comic from beloved Geek & Poke.

Enterprise Software Architecture and Design: Entities, Services, and Resources By Dominic Duggan

Web Service Contract Design and Versioning for SOA

SOA Design Patterns (The Prentice Hall Service-Oriented Computing Series from Thomas Erl)

Service Design Patterns: Fundamental Design Solutions for SOAP/WSDL and RESTful Web Services

RESTful Web Services

and a Future title really looking forward to

SOA with REST: Principles, Patterns & Constraints for Building RESTful Enterprise Solutions (Prentice Hall Service-Oriented Computing Series from Thomas Erl)

 

 

Share

CloudCamp LA 2012, CQRS and NoSQL

Cloud camp LA happened couple of weeks ago at the coresite campus in downtown LA. The highlights of the evening were Dave Nielsen's intro, Lynn Langit's NOSQL session, Bret Statham's CQRS (Command Query Responsibility Segregation) talk and coresite's datacenter tour.

Slides from Bret's lightning talk can be downloaded here.

NoSQL for the SQL Server DBA

View more PowerPoint from Lynn Langit

I have attended cloudcamps organized by Dave Nielsen in the past but this particular event wasn't as organized as the one at Microsoft campus couple of years ago (and through no fault of his own). Dave is a Co-Founder of CloudCamp and author of the book PayPal Hacks. The event started late and hence the unconference style sessions and panels were cut short and disrupted. Lots of echo so it was hard to hear and topics which came out of un-conference discussion weren't quite diverse and well organized even for an unconference. However, the data center tour was fun!

and a much nicer write-up by morphlaps on CloudCamp LA – Why Open Source (and OpenStack) Matters To the Enterprise

I get to meet Jason Woloz who is heading up the Cloud security alliance LA chapter. The first meetup is coming soon. http://www.meetup.com/LASC-CSA/

 

 

 

 

 

 

References:

Share

On Panel @ OWASP LA Security Summit: April 25, 2012, 3:00PM - 8PM

This Wednesday April 25th, I will be part of a panel at the OWASP LA Security Summit where Jerry Hoff VP, Static Code Analysis Division at WhiteHat Security, will be speaking about Webgoat. Shakeel Tufail, Federal Practice Director for HP Enterprise Security Solutions, will be speaking on "Software (In)Security - Challenges to securing software". Noa Bar Yosef, Senior Security Strategist at Imperva, will be speaking on "De-Anonymizing Anonymous". A concluding panel, moderated by Richard Greenberg, Information Security Officer for LA County Public Health, will have the speakers and myself discussing different aspects of De-Anonymizing Anonymous. 

The focus of the panel is upon Recruitment and communication i.e. how Anonymous leverages social networks to recruit its members and pick a target, application attack i.e sequence the steps Anonymous hackers deploy to take data and bring down websites, DDoS i.e. the DDoS techniques deployed to take down websites and finally the key mitigation steps that organizations need to take if they ever become a target.

Location:

Four Points by Sheraton Los Angeles
5990 Green Valley Cir
Culver City, CA 90230
(310) 641-7740
RSVP at http://www.meetup.com/OWASP-Los-Angeles/

Share
Go to Top