A Googly MySQL Cluster Talk
Google engEDU
55 min – 28-Apr-06

Google TechTalks
April 28, 2006

Stewart Smith
Stewart Smith works for MySQL AB as a software engineer working on MySQL Cluster. He is an active member of the free and open source software community, especially in Australia.

ABSTRACT
Part 1 – Introduction to MySQL Cluster The NDB storage engine (MySQL Cluster) is a high-availability storage engine for MySQL. It provides synchronous replication between storage nodes and many mysql servers having a consistent view of the database. In 4.1 and 5.0 it’s a main memory database, but in 5.1 non-indexed attributes can be stored on disk. NDB also provides a lot of determinism in system resource usage. I’ll talk a bit about that.

Part 2 – New features in 5.1 including cluster to cluster replication, disk based data and a bunch of other things. anybody that is attending the mysql users conference may find this eerily familiar. Read the rest of this entry »

GeoServer and Architectures of Participation for Geospatial Information
Google engEDU
54 min – 23-Aug-06

Google TechTalks
August 23, 2006

Chris Holmes

ABSTRACT
This talk will introduce GeoServer, an open source server to publish and edit geospatial data using open standards with Google Earth, Google Maps, and more. The talk will highlight the recent the work done to interoperate with Earth and Maps, and how GeoServer fits in to the stack of software to share and collaborate around geospatial information. Also discussed will be the relevant open standards used by GeoServer, including WMS, WFS, SLD and GML, and how they were leveraged to create KML network links with the existing GeoServer core. The close of the talk will look towards the future, with more speculative questions such as what a true geospatial web might look at, and how we might apply the principles of open source to collaboratively build and maintain geospatial data (including what tools and social architectures would support a movement for collaborative geodata). Hopefully this will lead to an open discussion on turning the possibilities in to reality. Read the rest of this entry »

Elkhound, Elsa and Cqual++: Open-Source Static Analysis for C++
Google engEDU
42 min – 14-Apr-06

Google TechTalks
April 11, 2006

Scott McPeak

ABSTRACT
This talk will cover three pieces of infrastructure for writing static analyses for C++. All are available as open source. Elkhound is a Generalized LR (GLR) parser generator. Its input is a grammar augmented with reduction actions written in C++. The GLR algorithm works with any context-free grammar, even ambiguous grammars. The user provides additional actions to resolve ambiguities that may arise during parsing. Elsa is a C++ parser written using Elkhound. It solves many of the classic parsing challenges of C and C++ by using an ambiguous grammar, delaying much of the disambiguation until the type checking phase.

Not only does this lead to a cleaner design, the use of a parsing grammar lends itself naturally to language extensions, grammar fragments that pertain to specific language dialects (for example, GCC extensions). The use of extensions is ideal in a research setting. Finally, Cqual++ is a static analysis tool built on top of Elsa. It is a port of the older Cqual tool. It takes advantage of the Elsa extension mechanisms to process Cqual++ annotations, traverse the parsed AST, and then generate qualifier constraints that are solved by a general-purpose back end. It has been used to find a number of security bugs in the Linux kernel. Read the rest of this entry »

Developing JavaScript with Chickenfoot
Google engEDU
56 min – 25-Jul-06

Google TechTalks
July 25, 2006

Rob Miller
Michael Bolin

ABSTRACT
Chickenfoot is a Firefox extension that embeds a JavaScript programming environment in the browser’s sidebar. Unlike a JavaScript shell that simply supplies access to the DOM of a webpage, Chickenfoot provides users with a high-level API, making web scripting accessible to end-user programmers as well as hackers. In this talk we will present the design and implementation of Chickenfoot; in particular, our novel technique of using keyword patterns to identify page components. We will also demonstrate how to use Chickenfoot for debugging webapps and creating rapid prototypes. In fact, we’ll write a Firefox extension in under a minute, or your money back. Read the rest of this entry »

How To Break Web Software – A look at security vulnerabilities in web software
Google engEDU
1 hr 27 min – 13-Apr-06

Google TechTalks
April 13, 2006

Mike Andrews

Mike Andrews is a senior consultant who specializes in software security and leads the web application security assessments and Ultimate Web Hacking classes for Foundstone.

ABSTRACT
It all started out as a place to share physics documents, but has grown into potentially mankind’s largest and most complex creation. The World Wide Web is a lot of things – a soapbox for everyone, a giant shopping mall, an application platform, and unfortunately a hacker’s playground.

As more applications get "web-ified" moving from the desktop or legacy systems onto the web, attackers follow the vulnerabilities. Without sophisticated tools or "1337 5x1llz", web applications are now the most attacked technology, with the majority of attacks categorized as "easily exploitable".

So, before your application is placed out into one of the most hostile environments, how do you stop your software from being "0wn3d" by the 14 year old in their blacked-out bedroom, or being used by a Russian crime cartel?

In this TechTalk, Mike Andrews will look at how web applications are attacked, walk through a testing framework for evaluating the security of an application and take some deep-dives into a few interesting and common vulnerabilities and how they can be exploited. Read the rest of this entry »