Making our web apps safely hackable
0 likes650 views
The document discusses making web applications "hackable" or extensible by third parties through safely sandboxing third party code. It proposes a capability-based security model where third parties are given controlled access to things like REST APIs, events, and UI through a contract. It then describes the Oasis.js and Conductor.js frameworks which implement these ideas and allow third party "cards" or extensions to safely interact with a host application through postMessage and defined request/event capabilities.
1 of 28
Download to read offline
![// Host (parent http://example.com)
// Sandbox (IFrame http://xyz.com/iframe.html)
!
// Service to expose to sandboxes
var PingService = Oasis.Service.extend({
initialize: function() {
this.send('ping');
},
!
events: {
pong: function() {
alert("Got a pong!");
}
}
});
!
// Creates the sandbox
oasis.createSandbox('http://xyz.com/iframe.html', {
capabilities: [ping],
// adapter: oasis.adapters.webworker, // no UI
services: {
ping: PingService
}
});
!
// Consumer that handles the ping capability
var PingConsumer = Oasis.Consumer.extend({
events: {
ping: function() {
this.send('pong');
}
}
});
!
// Connect to the host
Oasis.connect({
consumers: {
ping: PingConsumer // request ping capability
}
});](https://image.slidesharecdn.com/makingourwebappssafelyhackable-131120122419-phpapp01/85/Making-our-web-apps-safely-hackable-18-320.jpg)
Recommended
Herramientas Webquest
Herramientas WebquestMaria Garcia
油
This document provides links to tools and resources for creating webquests as well as examples of existing webquests. It lists URLs for websites that offer platforms for building webquests and includes example webquest topics like the respiratory system, the nature of language, and English. It also links to a library of webquests on aula21.net categorized by subject area.Owasp eee 2015 csrf
Owasp eee 2015 csrfAurelijus Stanislovaitis
油
This document discusses cross-site request forgery (CSRF) attacks and ways to both carry them out and prevent them. It explains that CSRF forces a victim's logged-in browser to generate requests to a vulnerable web application, allowing an attacker to perform unauthorized actions. It provides examples of CSRF using GET and POST requests with different data formats. Countermeasures discussed include synchronizer tokens, checking the Origin header, CORS headers, and short-lived sessions. Clickjacking is also summarized as a related attack that can bypass CSRF protections.The Wisdom Of Clouds
The Wisdom Of CloudsMike Bell
油
The document discusses complex problems that are difficult to solve using logic alone, like the weather or human organizations. It argues that complex problems require creativity, innovation, and looking at issues from many perspectives. Drawing on research, it claims that groups with diverse perspectives can outperform groups of very intelligent people who think alike. The document advocates using a Wisdom Council, an old democratic form, to solve complex challenges by considering multiple perspectives and tapping collective intelligence.Roysville
Roysvilleretamplifier
油
The document discusses a meeting between a group discussing a new movie project. They debate the plot details, with some arguing for a more serious thriller and others wanting a lighthearted comedy. In the end, they agree to take elements of both and create an action-comedy thriller.Multiple Reality Mashup: Teleconferencing in Second Life
Multiple Reality Mashup: Teleconferencing in Second Lifeccosmato
油
The document discusses the integration of avatars in virtual reality environments, specifically Second Life, into traditional teleconferencing using h.323 clients and video streaming. It describes the benefits and setup requirements for participants and hosts to facilitate hybrid meetings while allowing for interactive data sharing. Additionally, it suggests alternative methods for achieving similar results at lower costs and encourages feedback and collaboration on improving the process.Mobile internet and local government
Mobile internet and local governmentsimonwakeman
油
The document discusses the growth of mobile internet usage and considerations for local governments developing mobile websites. It notes that while mobile internet was initially dismissed due to small screens, 3G networks and familiar browsing experiences have enabled rapid growth in mobile usage. The document examines user demographics and content preferences for mobile, and debates the merits of a single website versus separate mobile site to provide the best user experience across different devices and contexts.PEK Spring Picnic 2007
PEK Spring Picnic 2007Chris Johnson
油
This photo album documents P. Christopher Johnson's life through pictures from his childhood, family vacations, weddings, and time spent with friends. The album provides a visual retrospective of Johnson's memories over the decades, preserving moments in time for future generations to enjoy.Assignment Fireworks
Assignment FireworksRobert DeRobertis
油
The document provides tips for photographing fireworks using two different techniques. It recommends using a tripod, cable release, and locking focus on the first firework burst for the "Right Way." It also describes a handheld "Rob's Way" technique of using a high ISO and rapid burst of photos to capture the fireworks. Creative tips include noting landmarks, smoke, and capturing landscape and portrait orientations.Amy&Per Erik
Amy&Per Erikvinion
油
A Prague Wedding: Amy & Per-Erik
I had the wonderful opportunity to photography a lovely couple from Stockholm: Amy & Per-Erik who chose Pragues most beautiful church St. Nicholas to get married in.
Though it rained nearly all day we were finally able to go out and shoot some fun shots of them around town during a small break.
Here is a small sample of images from their wedding day in Prague that they have asked to be posted for family and friends to view.
Thanks again Amy & Per-Erik for allowing me to be a small part of your wedding day.
-KurtDeforestation
Deforestationkimoneill
油
Forests contain over 60% of the world's biodiversity and provide plants for food and medicine while helping control the planet's climate. About half of the original tropical forests have been destroyed, and without changes, only 20% will remain by 2030. Deforestation has many causes like slash-and-burn farming, development, and logging, and it reduces oxygen levels and food sources while threatening hundreds of thousands of species. We can help save forests by reducing wood and paper consumption and increasing recycling.Importance Of Being Driven
Importance Of Being DrivenAntonio Terreno
油
The document discusses the importance of being driven in software design, emphasizing that it is an art that cannot be rigorously taught. It covers key concepts like Agile methodologies, Behavior Driven Development (BDD), Domain Driven Development, and the significance of refactoring and maintaining a clear domain language. The text also highlights the role of factories and repositories in managing object creation and data retrieval, advocating for a collaborative approach involving domain experts to enhance code readability and alignment with business needs.Something About The Web
Something About The WebChiara Antonacci
油
Un wiki 竪 un sito web collaborativo che permette agli utenti di modificare i contenuti in modo libero e registrare le modifiche per garantire la tracciabilit. Moodle 竪 una piattaforma open source per l'e-learning, progettata per facilitare la gestione dei corsi online e favorire l'interazione tra studenti e docenti. Un learning object 竪 una risorsa digitale riutilizzabile per supportare l'apprendimento, caratterizzata da modularit e interoperabilit.Secure web messaging in HTML5
Secure web messaging in HTML5Krishna T
油
The document provides an overview of secure web messaging in HTML5. It discusses how traditional methods of communication like JavaScript, AJAX, and frames had limitations due to the same-origin policy. The HTML5 postMessage API allows for secure cross-origin communication between frames by abstracting multiple principals. While more secure than previous techniques, the postMessage API still requires careful configuration of target origins, validation of received data, and mitigation of framing attacks to prevent security issues like cross-site scripting.Breaking The Cross Domain Barrier
Breaking The Cross Domain BarrierAlex Sexton
油
The document discusses various techniques for enabling cross-domain communication, particularly in web development, and highlights the importance of the Same-Origin Policy that protects data from unauthorized access. It explores methods like PostMessage, JSONP, CORS, and various hacky solutions, noting their advantages and limitations across different browsers. The document emphasizes that while cross-domain communication can be simplified, it also introduces significant security risks.Building a js widget
Building a js widgetTudor Barbu
油
This document discusses building a JavaScript widget that provides messaging functionality across different platforms and browsers. It outlines requirements such as being cross-browser compatible, supporting customization, and allowing for updates without relying on third parties. It then describes the proposed architecture, which includes abstracting the API, developing the widget component, handling customizations, and enabling updates and A/B testing through a service called FAAST. The document emphasizes testing, continuous delivery, and automation to streamline the release process.Html web messaging
Html web messagingAbhishekMondal42
油
Web messaging allows sending real-time messages between a server and client browser by overriding cross-domain communication restrictions. It uses message events to pass data across domains via postMessage(). Message channels create two message ports to allow two-way communication between browsing contexts like iframes. Data can be sent and received across documents by listening for message events and transferring message ports between frames.Message in a Bottle
Message in a BottleZohar Arad
油
This document discusses different methods for client-client and client-server communication using HTML5, including desktop notifications, postMessage for cross-window messaging, CORS for cross-origin resource sharing, and server-sent events for streaming data from the server to client. It provides an overview and examples of how each technique works and when they should be used, such as desktop notifications for browser-based apps, postMessage for communication between iframes or popups, CORS for making cross-domain AJAX requests, and server-sent events for push notifications from server without websockets.HTML5 Web Messaging
HTML5 Web MessagingMike Taylor
油
This document discusses HTML5 web messaging and the same origin policy. It introduces the MessageEvent object used to handle cross-document messaging and describes how to use the postMessage() method and MessageChannel interface to communicate across browsing contexts from different origins securely. Examples are given of using web messaging to extend the browser's capabilities by communicating between injected scripts, pages, and background processes.Javascript cross domain communication
Javascript cross domain communicationChenKuo Chen
油
This document discusses methods for enabling cross-domain communication in JavaScript. It begins by explaining the need for cross-domain communication to access third-party APIs and the browser's same-origin policy security restriction. It then describes several approaches for implementing cross-domain communication including using iframes, the postMessage API for cross-window messaging, server-side proxies, JSONP, and the CORS HTTP header for enabling cross-origin requests directly in JavaScript.20120802 timisoara
20120802 timisoaraRichard Rodger
油
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine that allows for writing server-side code in JavaScript. It has a single-threaded, event-driven architecture that makes it efficient for data-intensive real-time applications. Some key advantages of Node.js include using JavaScript for both client-side and server-side code, high performance due to event-driven and non-blocking model, and rich ecosystem of third-party modules. Mobile web apps can be built with Node.js by using HTML5 features and JavaScript on the server and client sides.JSFoo Chennai 2012
JSFoo Chennai 2012Krishna T
油
This document discusses security challenges with web applications that combine content from multiple sources (mashups). It covers how the same-origin policy isolates origins but exempts scripts, allowing cross-site scripting attacks. Frame-based communication and the postMessage API provide secure cross-origin messaging capabilities. The document recommends sandboxing iframes and using features like CORS to mitigate risks in mashups.Stay Out Please
Stay Out Pleaseefim13
油
Itai Koren discusses the challenges of modern web applications, particularly concerning the Same Origin Policy and cross-domain communication. He highlights JSONP and CORS as solutions, while also introducing 'lpajax,' a self-contained transport layer developed at LivePerson, which supports various methods to enhance communication. The presentation concludes with insights on implementing lpajax in conjunction with Backbone.js, offering custom configurations for AJAX requests.Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Ivo Andreev
油
The document discusses the Same Origin Policy (SOP) and its implications for web security, including cross-domain techniques like CORS. It covers various security issues related to cross-site request forgery (CSRF), cross-domain messaging, and cross-site scripting (XSS), along with prevention strategies. Additionally, it introduces several cross-domain workarounds and solutions such as JSON-P and provides an overview of how CORS works for safe cross-origin requests.20120306 dublin js
20120306 dublin jsRichard Rodger
油
The document discusses how JavaScript can be used from the user interface on mobile and web apps through to the server and database using techniques like Node.js. It provides examples of how Node.js allows for high performance server-side JavaScript and how MongoDB can be used as a database. The document outlines lessons learned around challenges of multi-platform development and benefits of outsourcing databases and other services.Building businesspost.ie using Node.js
Building businesspost.ie using Node.jsRichard Rodger
油
This document discusses lessons learned from building JavaScript applications. It finds that client-side JavaScript is very challenging due to the need to support multiple browsers. It recommends using a framework like Backbone.js and keeping business logic in common code. Multi-platform HTML and CSS are also difficult due to varying browser support for CSS3 and media queries. The document notes that app stores present challenges different than websites, like inability to deploy hotfixes. It finds Node.js very capable but callbacks can be tricky. Overall it emphasizes planning for variations in browsers and platforms.More Related Content
Viewers also liked (9)
PEK Spring Picnic 2007
PEK Spring Picnic 2007Chris Johnson
油
This photo album documents P. Christopher Johnson's life through pictures from his childhood, family vacations, weddings, and time spent with friends. The album provides a visual retrospective of Johnson's memories over the decades, preserving moments in time for future generations to enjoy.Assignment Fireworks
Assignment FireworksRobert DeRobertis
油
The document provides tips for photographing fireworks using two different techniques. It recommends using a tripod, cable release, and locking focus on the first firework burst for the "Right Way." It also describes a handheld "Rob's Way" technique of using a high ISO and rapid burst of photos to capture the fireworks. Creative tips include noting landmarks, smoke, and capturing landscape and portrait orientations.Amy&Per Erik
Amy&Per Erikvinion
油
A Prague Wedding: Amy & Per-Erik
I had the wonderful opportunity to photography a lovely couple from Stockholm: Amy & Per-Erik who chose Pragues most beautiful church St. Nicholas to get married in.
Though it rained nearly all day we were finally able to go out and shoot some fun shots of them around town during a small break.
Here is a small sample of images from their wedding day in Prague that they have asked to be posted for family and friends to view.
Thanks again Amy & Per-Erik for allowing me to be a small part of your wedding day.
-KurtDeforestation
Deforestationkimoneill
油
Forests contain over 60% of the world's biodiversity and provide plants for food and medicine while helping control the planet's climate. About half of the original tropical forests have been destroyed, and without changes, only 20% will remain by 2030. Deforestation has many causes like slash-and-burn farming, development, and logging, and it reduces oxygen levels and food sources while threatening hundreds of thousands of species. We can help save forests by reducing wood and paper consumption and increasing recycling.Importance Of Being Driven
Importance Of Being DrivenAntonio Terreno
油
The document discusses the importance of being driven in software design, emphasizing that it is an art that cannot be rigorously taught. It covers key concepts like Agile methodologies, Behavior Driven Development (BDD), Domain Driven Development, and the significance of refactoring and maintaining a clear domain language. The text also highlights the role of factories and repositories in managing object creation and data retrieval, advocating for a collaborative approach involving domain experts to enhance code readability and alignment with business needs.Something About The Web
Something About The WebChiara Antonacci
油
Un wiki 竪 un sito web collaborativo che permette agli utenti di modificare i contenuti in modo libero e registrare le modifiche per garantire la tracciabilit. Moodle 竪 una piattaforma open source per l'e-learning, progettata per facilitare la gestione dei corsi online e favorire l'interazione tra studenti e docenti. Un learning object 竪 una risorsa digitale riutilizzabile per supportare l'apprendimento, caratterizzata da modularit e interoperabilit.Similar to Making our web apps safely hackable (20)
Secure web messaging in HTML5
Secure web messaging in HTML5Krishna T
油
The document provides an overview of secure web messaging in HTML5. It discusses how traditional methods of communication like JavaScript, AJAX, and frames had limitations due to the same-origin policy. The HTML5 postMessage API allows for secure cross-origin communication between frames by abstracting multiple principals. While more secure than previous techniques, the postMessage API still requires careful configuration of target origins, validation of received data, and mitigation of framing attacks to prevent security issues like cross-site scripting.Breaking The Cross Domain Barrier
Breaking The Cross Domain BarrierAlex Sexton
油
The document discusses various techniques for enabling cross-domain communication, particularly in web development, and highlights the importance of the Same-Origin Policy that protects data from unauthorized access. It explores methods like PostMessage, JSONP, CORS, and various hacky solutions, noting their advantages and limitations across different browsers. The document emphasizes that while cross-domain communication can be simplified, it also introduces significant security risks.Building a js widget
Building a js widgetTudor Barbu
油
This document discusses building a JavaScript widget that provides messaging functionality across different platforms and browsers. It outlines requirements such as being cross-browser compatible, supporting customization, and allowing for updates without relying on third parties. It then describes the proposed architecture, which includes abstracting the API, developing the widget component, handling customizations, and enabling updates and A/B testing through a service called FAAST. The document emphasizes testing, continuous delivery, and automation to streamline the release process.Html web messaging
Html web messagingAbhishekMondal42
油
Web messaging allows sending real-time messages between a server and client browser by overriding cross-domain communication restrictions. It uses message events to pass data across domains via postMessage(). Message channels create two message ports to allow two-way communication between browsing contexts like iframes. Data can be sent and received across documents by listening for message events and transferring message ports between frames.Message in a Bottle
Message in a BottleZohar Arad
油
This document discusses different methods for client-client and client-server communication using HTML5, including desktop notifications, postMessage for cross-window messaging, CORS for cross-origin resource sharing, and server-sent events for streaming data from the server to client. It provides an overview and examples of how each technique works and when they should be used, such as desktop notifications for browser-based apps, postMessage for communication between iframes or popups, CORS for making cross-domain AJAX requests, and server-sent events for push notifications from server without websockets.HTML5 Web Messaging
HTML5 Web MessagingMike Taylor
油
This document discusses HTML5 web messaging and the same origin policy. It introduces the MessageEvent object used to handle cross-document messaging and describes how to use the postMessage() method and MessageChannel interface to communicate across browsing contexts from different origins securely. Examples are given of using web messaging to extend the browser's capabilities by communicating between injected scripts, pages, and background processes.Javascript cross domain communication
Javascript cross domain communicationChenKuo Chen
油
This document discusses methods for enabling cross-domain communication in JavaScript. It begins by explaining the need for cross-domain communication to access third-party APIs and the browser's same-origin policy security restriction. It then describes several approaches for implementing cross-domain communication including using iframes, the postMessage API for cross-window messaging, server-side proxies, JSONP, and the CORS HTTP header for enabling cross-origin requests directly in JavaScript.20120802 timisoara
20120802 timisoaraRichard Rodger
油
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine that allows for writing server-side code in JavaScript. It has a single-threaded, event-driven architecture that makes it efficient for data-intensive real-time applications. Some key advantages of Node.js include using JavaScript for both client-side and server-side code, high performance due to event-driven and non-blocking model, and rich ecosystem of third-party modules. Mobile web apps can be built with Node.js by using HTML5 features and JavaScript on the server and client sides.JSFoo Chennai 2012
JSFoo Chennai 2012Krishna T
油
This document discusses security challenges with web applications that combine content from multiple sources (mashups). It covers how the same-origin policy isolates origins but exempts scripts, allowing cross-site scripting attacks. Frame-based communication and the postMessage API provide secure cross-origin messaging capabilities. The document recommends sandboxing iframes and using features like CORS to mitigate risks in mashups.Stay Out Please
Stay Out Pleaseefim13
油
Itai Koren discusses the challenges of modern web applications, particularly concerning the Same Origin Policy and cross-domain communication. He highlights JSONP and CORS as solutions, while also introducing 'lpajax,' a self-contained transport layer developed at LivePerson, which supports various methods to enhance communication. The presentation concludes with insights on implementing lpajax in conjunction with Backbone.js, offering custom configurations for AJAX requests.Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Ivo Andreev
油
The document discusses the Same Origin Policy (SOP) and its implications for web security, including cross-domain techniques like CORS. It covers various security issues related to cross-site request forgery (CSRF), cross-domain messaging, and cross-site scripting (XSS), along with prevention strategies. Additionally, it introduces several cross-domain workarounds and solutions such as JSON-P and provides an overview of how CORS works for safe cross-origin requests.20120306 dublin js
20120306 dublin jsRichard Rodger
油
The document discusses how JavaScript can be used from the user interface on mobile and web apps through to the server and database using techniques like Node.js. It provides examples of how Node.js allows for high performance server-side JavaScript and how MongoDB can be used as a database. The document outlines lessons learned around challenges of multi-platform development and benefits of outsourcing databases and other services.Building businesspost.ie using Node.js
Building businesspost.ie using Node.jsRichard Rodger
油
This document discusses lessons learned from building JavaScript applications. It finds that client-side JavaScript is very challenging due to the need to support multiple browsers. It recommends using a framework like Backbone.js and keeping business logic in common code. Multi-platform HTML and CSS are also difficult due to varying browser support for CSS3 and media queries. The document notes that app stores present challenges different than websites, like inability to deploy hotfixes. It finds Node.js very capable but callbacks can be tricky. Overall it emphasizes planning for variations in browsers and platforms.Pushing the Web: Interesting things to Know
Pushing the Web: Interesting things to Known|u - The Open Security Community
油
The document discusses upcoming web standards like HTML5 and WebSockets. It provides examples of using local storage, handling errors with window.onerror, and the Same Origin Policy. It also demonstrates how to access device sensors and use the webcam with getUserMedia. The document promotes Opera's developer tools like Dragonfly and extensions to aid web development.Stuck in the Middle with You: Exploring the Connections Between Your App and ...
Stuck in the Middle with You: Exploring the Connections Between Your App and ...Justin Weiss
油
The document discusses essential strategies for effectively debugging and improving application connectivity through APIs. It emphasizes the need for visibility into requests and responses, as well as isolation to monitor parts independently. Tools for sending, monitoring, and receiving requests are highlighted, including curl, Postman, and ngrok, alongside challenges like SSL handling and OAuth2 authentication.Socket.io
Socket.ioTimothy Fitz
油
The cross-browser, cross-device WebSocket API Socket.IO solves differences between browsers to provide a consistent API for real-time applications. It supports bi-directional communication over WebSocket, Flash, AJAX long-polling and other transports. Socket.IO is simple to use, supports older browsers, and adds features like disconnection handling that standard WebSocket does not provide. It has been used successfully in several production applications to handle thousands of simultaneous connections.Web_Development_with_Node_Express.pdf
Web_Development_with_Node_Express.pdfMarco Antonio Martinez Andrade
油
This book is an introduction to web development using Node.js and Express. It covers getting started with Node.js, using Express to build web servers and applications, templating with Handlebars, routing, databases and persistence with MongoDB, security, testing, deployment and more. The book is intended for web developers looking to learn backend development with Node.js and Express.Taming client-server communication
Taming client-server communicationscothis
油
The document discusses client-server communication and introduces several JavaScript libraries for facilitating this communication. It begins by outlining common methods for browsers to communicate (HTTP, WebSockets, WebRTC) and issues with existing approaches. It then introduces the rest.js, msgs.js, and SockJS libraries. Rest.js provides a thin wrapper for making requests that embraces HTTP. Msgs.js implements enterprise integration patterns for messaging. Examples show how these can be used to build scalable broadcast servers and integrate client-server communication.Modern iframe programming
Modern iframe programmingbenvinegar
油
This document discusses using iframes for various purposes such as sandboxing code from different domains or versions, asynchronous script loading, and cross-domain communication. It describes how iframes can execute code in a clean JavaScript environment isolated from the parent window. It also explains techniques like postMessage for communication between frames and using iframes with JSONP or document.domain to enable cross-domain requests and property access. The document provides examples of libraries that sandbox code in iframes like Twitter's @anywhere widget and the hiro.js testing framework.XCS110_All_際際滷s.pdf
XCS110_All_際際滷s.pdfssuser01066a
油
This document provides an introduction to web security and the browser security model. It discusses goals of web security including safely browsing the web and supporting secure web applications. It outlines common web threat models and covers topics like HTTP, rendering content, isolation using frames and same-origin policy, communication between frames, frame navigation policies, client state using cookies, and clickjacking. The document aims to provide background knowledge on how the web and browsers work from a security perspective.Recently uploaded (20)
WebdriverIO & JavaScript: The Perfect Duo for Web Automation
WebdriverIO & JavaScript: The Perfect Duo for Web Automationdigitaljignect
油
In todays dynamic digital landscape, ensuring the quality and dependability of web applications is essential. While Selenium has been a longstanding solution for automating browser tasks, the integration of WebdriverIO (WDIO) with Selenium and JavaScript marks a significant advancement in automation testing. WDIO enhances the testing process by offering a robust interface that improves test creation, execution, and management. This amalgamation capitalizes on the strengths of both tools, leveraging Seleniums broad browser support and WDIOs modern, efficient approach to test automation. As automation testing becomes increasingly vital for faster development cycles and superior software releases, WDIO emerges as a versatile framework, particularly potent when paired with JavaScript, making it a preferred choice for contemporary testing teams.Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Coordinated Disclosure for ML - What's Different and What's the Same.pdfPriyanka Aash
油
Coordinated Disclosure for ML - What's Different and What's the SameThe Future of Product Management in AI ERA.pdf
The Future of Product Management in AI ERA.pdfAlyona Owens
油
Hi, Im Aly Owens, I have a special pleasure to stand here as over a decade ago I graduated from CityU as an international student with an MBA program. I enjoyed the diversity of the school, ability to work and study, the network that came with being here, and of course the price tag for students here has always been more affordable than most around.
Since then I have worked for major corporations like T-Mobile and Microsoft and many more, and I have founded a startup. I've also been teaching product management to ensure my students save time and money to get to the same level as me faster avoiding popular mistakes. Today as Ive transitioned to teaching and focusing on the startup, I hear everybody being concerned about Ai stealing their jobs Well talk about it shortly.
But before that, I want to take you back to 1997. One of my favorite movies is Fifth Element. It wowed me with futuristic predictions when I was a kid and Im impressed by the number of these predictions that have already come true. Self-driving cars, video calls and smart TV, personalized ads and identity scanning. Sci-fi movies and books gave us many ideas and some are being implemented as we speak. But we often get ahead of ourselves:
Flying cars,Colonized planets, Human-like AI: not yet, Time travel, Mind-machine neural interfaces for everyone: Only in experimental stages (e.g. Neuralink).
Cyberpunk dystopias: Some vibes (neon signs + inequality + surveillance), but not total dystopia (thankfully).
On the bright side, we predict that the working hours should drop as Ai becomes our helper and there shouldnt be a need to work 8 hours/day. Nobody knows for sure but we can require that from legislation. Instead of waiting to see what the government and billionaires come up with, I say we should design our own future.
So, we as humans, when we dont know something - fear takes over. The same thing happened during the industrial revolution. In the Industrial Era, machines didnt steal jobsthey transformed them but people were scared about their jobs. The AI era is making similar changes except it feels like robots will take the center stage instead of a human. First off, even when it comes to the hottest space in the military - drones, Ai does a fraction of work. AI algorithms enable real-time decision-making, obstacle avoidance, and mission optimization making drones far more autonomous and capable than traditional remote-controlled aircraft. Key technologies include computer vision for object detection, GPS-enhanced navigation, and neural networks for learning and adaptation. But guess what? There are only 2 companies right now that utilize Ai in drones to make autonomous decisions - Skydio and DJI.
The Future of Technology: 2025-2125 by Saikat Basu.pdf
The Future of Technology: 2025-2125 by Saikat Basu.pdfSaikat Basu
油
A peek into the next 100 years of technology. From Generative AI to Global AI networks to Martian Colonisation to Interstellar exploration to Industrial Nanotechnology to Artificial Consciousness, this is a journey you don't want to miss. Which ones excite you the most? Which ones are you apprehensive about? Feel free to comment! Let the conversation begin!AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?Shashi Sathyanarayana, Ph.D
油
This slide illustrates a side-by-side comparison between human-written, AI-written, and ambiguous content. It highlights subtle cues that help readers assess authenticity, raising essential questions about the future of communication, trust, and thought leadership in the age of generative AI.AI VIDEO MAGAZINE - June 2025 - r/aivideo
AI VIDEO MAGAZINE - June 2025 - r/aivideo1pcity Studios, Inc
油
AI VIDEO MAGAZINE - r/aivideo community newsletter Exclusive Tutorials: How to make an AI VIDEO from scratch, PLUS: How to make AI MUSIC, Hottest ai videos of 2025, Exclusive Interviews, New Tools, Previews, and MORE - JUNE 2025 ISSUE -UserCon Belgium: Honey, VMware increased my bill
UserCon Belgium: Honey, VMware increased my billstijn40
油
VMwares pricing changes have forced organizations to rethink their datacenter cost management strategies. While FinOps is commonly associated with cloud environments, the FinOps Foundation has recently expanded its framework to include Scopesand Datacenter is now officially part of the equation. In this session, well map the FinOps Framework to a VMware-based datacenter, focusing on cost visibility, optimization, and automation. Youll learn how to track costs more effectively, rightsize workloads, optimize licensing, and drive efficiencyall without migrating to the cloud. Well also explore how to align IT teams, finance, and leadership around cost-aware decision-making for on-prem environments. If your VMware bill keeps increasing and you need a new approach to cost management, this session is for you!OpenPOWER Foundation & Open-Source Core Innovations
OpenPOWER Foundation & Open-Source Core InnovationsIBM
油
penPOWER offers a fully open, royalty-free CPU architecture for custom chip design.
It enables both lightweight FPGA cores (like Microwatt) and high-performance processors (like POWER10).
Developers have full access to source code, specs, and tools for end-to-end chip creation.
It supports AI, HPC, cloud, and embedded workloads with proven performance.
Backed by a global community, it fosters innovation, education, and collaboration.A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdfPriyanka Aash
油
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and PrivacyCapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025
CapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025pcprocore
油
$腫:腫署 告駒諮 & 署 駒諮 腫腫基告 諮介 > https://pcprocore.com/
CapCut Pro Crack is a powerful tool that has taken the digital world by storm, offering users a fully unlocked experience that unleashes their creativity. With its user-friendly interface and advanced features, its no wonder why aspiring videographers are turning to this software for their projects.Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante
油
Delivering solutions to Azure may involve a variety of architecture patterns involving your applications, APIs data and associated Azure resources that comprise the solution. This session will use reference architectures to illustrate the security considerations to protect your Azure resources and data, how to achieve Zero Trust, and why it matters. Topics covered will include specific security recommendations for types Azure resources and related network security practices. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical UniversesSaikat Basu
油
Embark on a cosmic journey exploring the intersection of quantum
computing, consciousness, and ancient wisdom. Together we'll uncover the
recursive patterns that bind our reality." How to survive with 1 billion vectors and not sell a kidney: our low-cost c...
" How to survive with 1 billion vectors and not sell a kidney: our low-cost c...Fwdays
油
Let's talk about our history. How we started the project with a small vector database of less than 2 million records. Later, we received a request for +100 million records, then another +100... And so gradually we reached almost 1 billion. Standard tools were quickly running out of steam - we were running into performance, index size, and very limited resources. After a long series of trials and errors, we built our own low-cost cluster, which today stably processes thousands of queries to more than 1B vectors."Database isolation: how we deal with hundreds of direct connections to the d...
"Database isolation: how we deal with hundreds of direct connections to the d...Fwdays
油
What can go wrong if you allow each service to access the database directly? In a startup, this seems like a quick and easy solution, but as the system scales, problems appear that no one could have guessed.
In my talk, I'll share Solidgate's experience in transforming its architecture: from the chaos of direct connections to a service-based data access model. I will talk about the transition stages, bottlenecks, and how isolation affected infrastructure support. I will honestly show what worked and what didn't. In short, we will analyze the controversy of this talk.Lessons Learned from Developing Secure AI Workflows.pdf
Lessons Learned from Developing Secure AI Workflows.pdfPriyanka Aash
油
Lessons Learned from Developing Secure AI WorkflowsSalesforce Summer '25 Release Frenchgathering.pptx.pdf
Salesforce Summer '25 Release Frenchgathering.pptx.pdfyosra Saidani
油
Salesforce Summer '25 Release Frenchgathering.pptx.pdf9-1-1 Addressing: End-to-End Automation Using FME
9-1-1 Addressing: End-to-End Automation Using FMESafe Software
油
This session will cover a common use case for local and state/provincial governments who create and/or maintain their 9-1-1 addressing data, particularly address points and road centerlines. In this session, you'll learn how FME has helped Shelby County 9-1-1 (TN) automate the 9-1-1 addressing process; including automatically assigning attributes from disparate sources, on-the-fly QAQC of said data, and reporting. The FME logic that this presentation will cover includes: Table joins using attributes and geometry, Looping in custom transformers, Working with lists and Change detection.Quantum AI: Where Impossible Becomes Probable
Quantum AI: Where Impossible Becomes ProbableSaikat Basu
油
Imagine combining the "brains" of Artificial Intelligence (AI) with the "super muscles" of Quantum Computing. That's Quantum AI!
It's a new field that uses the mind-bending rules of quantum physics to make AI even more powerful.MuleSoft for AgentForce : Topic Center and API Catalog
MuleSoft for AgentForce : Topic Center and API Catalogshyamraj55
油
This presentation dives into how MuleSoft empowers AgentForce with organized API discovery and streamlined integration using Topic Center and the API Catalog. Learn how these tools help structure APIs around business needs, improve reusability, and simplify collaboration across teams. Ideal for developers, architects, and business stakeholders looking to build a connected and scalable API ecosystem within AgentForce.Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdfcaoyixuan2019
油
A presentation at Internetware 2025.Making our web apps safely hackable
- 2. A shit load of 3rd party Javascript widgets
- 3. and a shit load of + security risks + page weight + maintenance
- 4. RICH MANALANG / @RMANALAN / ATLASSIAN Making our web apps <safely> hackable
- 8. 3 C A PA B I L I T I E S Access to REST APIs Event notifications UI extensibility
- 10. A SHIP IN PORT IS S A F E , B U T T H AT ' S N O T W H AT S H I P S A R E B U I LT F O R . GRACE HOPPER
- 11. C O N T R A C T B E T W E E N H O S T A N D 3 R D PA R T Y Ability for 3rd party to resize itself based on content size Ability for 3rd party to make requests with the host Ability for 3rd party to send and listen to events on the host
- 12. w i n d o w. p o s t M e s s a g e ( ) // Parent => IFrame ! // Parent var someIframe = document.getElementById('some-iframe'); someIframe.contentWindow.postMessage('yo', '*'); ! ! // IFrame window.addEventListener('message', function (e) { alert(e.data); // yo dude! }, false);
- 13. w i n d o w. p o s t M e s s a g e ( ) // IFrame => Parent ! // Parent window.addEventListener('message', function (e) { alert(e.data); // hey! }, false); ! ! // IFrame window.postMessage('hey', '*');
- 14. w i n d o w. p o s t M e s s a g e ( ) Prone to resource contention Solution: use channel messaging
- 15. postMessage + MessageChannel is raw
- 16. O T H E R A LT E R N AT I V E S postMessage is IE 8+ only (partial support) easyXDM porthole Oasis.js Conductor.js
- 17. Open web way to safely embed 3rd party code Sandboxing can be through an IFrame or a Web Worker Capability-based security Abstractions for services, consumers, events, and requests Async via Promises Wiretapping
- 18. // Host (parent http://example.com) // Sandbox (IFrame http://xyz.com/iframe.html) ! // Service to expose to sandboxes var PingService = Oasis.Service.extend({ initialize: function() { this.send('ping'); }, ! events: { pong: function() { alert("Got a pong!"); } } }); ! // Creates the sandbox oasis.createSandbox('http://xyz.com/iframe.html', { capabilities: [ping], // adapter: oasis.adapters.webworker, // no UI services: { ping: PingService } }); ! // Consumer that handles the ping capability var PingConsumer = Oasis.Consumer.extend({ events: { ping: function() { this.send('pong'); } } }); ! // Connect to the host Oasis.connect({ consumers: { ping: PingConsumer // request ping capability } });
- 19. C o n d u c t o r. j s A framework for building sandboxed apps Gives 3rd parties a well-defined framework for building extensions Built on top of Oasis.js
- 22. C o n d u c t o r. j s // Card (http://xyz.com/awesome-card.js) ! // Load dependencies Conductor.require('lib/jquery.js'); Conductor.require('lib/handlebars.js'); ! var template = '<div>{{message}}</div>'; ! // Define card Conductor.card({ ! // Host (parent http://example.com) ! // Bootstrap a new conductor instance var conductor = new Conductor( options ); ! // Load a card conductor.load('http://xyz.com/awesome-card.js'); ! // Add to the DOM conductor.appendTo($('#target')); ! ! ! // Oasis style capabilities. consumers: { pong: Conductor.Oasis.Consumer.extend({ requests: { // handle requests from the host // or other cards }, events: { // handle events from the host // or other cards } }) }, activate: function() { // initialize your card here... }, compileTemplates: function(){ template = Handlebars.compile(template); }, render: function() { $('body').html(template({ message: "Wassup?" })); } });
- 23. Wa t c h @ t o m d a l e t a l k a b o u t O a s i s / C o n d u c t o r http://j.mp/conductorjs
- 24. IMPERFECT CSS on host doesnt cascade to IFrames theres hack (detect and pass in parent styles to IFrame) Relative links open in the IFrame theres a fix (use the <base> tag) Dynamic resizing is an art over/underflow detection sort of works
- 28. GRACIASAND PLEASE Follow me at @rmanalan Dont forget to take those Atlassian drink glasses home with you Come talk to me about an awesome job at an awesome company