Name_of_posting_person: Francois Fluckiger on behalf of Christopher Dixon
Type_of_posting: I have a specific topic to propose
Date: November 10, 2006
Time: 03:29:41 PM
MessagePlease find below an outline of my track proposal.
The track would be split into three sections.
- The basic section is intended for those who have no knowledge or perhaps just a tiny bit and is from a user point of view trying to better secure their application use.
- The advanced section is intended for those who already have the basic knowledge or have followed the track so far.
- The developer section is intended for those who are required to provide the security outlined in the user viewpoint sections and need to know what is necessary to go forward with their applications, providing the level of security that the users will begin to demand after following the user component of the track.
Chris Title: Security in a networked world
Author: Chris Dixon
- Audience Basic component: End users with some basic knowledge of applications such as the web and email but with little or no knowledge of how to interact
securely using those applications in a networked environment (LAN / WAN) and who would like to learn more
- Audience Advanced component: Those with basic knowledge (from the course or already known) who would like to go further
- Audience Developer component: Someone responsible for providing one of the services outlined in the user sections who wants to provide the suggested security
Basic section (user)
Introduction to the track
- Outline of what will be covered
-
Outline of how it will be covered - from who's viewpoint, how to use it, what port each protocol runs on, what problem it solves, etc What will not be covered (assumed knowledge) with links to learn about it if you don't already know Explanation of a few key terms / concepts (certificates, man in the middle attack, etc)
The Web
- Outline of the HTTP protocol (simple form submit) and why it is not secure (SYN flooding, smurfing, address spoofing, etc)
- Introduction to the HTTPS / SSL protocol and how it helps
Outline of DNS and possible security problems (cache poisoning, etc)
- Introduction to DNSSEC and how it helps
Email
- Outline of the POP and IMAP protocols and their problems
- Introduction to TLS
Remote Computing
- Introduction to VPN and why Microsofts implementation (PPTP) is not secure
- Outline of Telnet and why it is not secure Introduction to SSH
Outline of FTP and why it is not secure
- Introduction to SFTP and SCP
LAN
- Outline of the problem (every machine connected directly together sees each others data)
- Introduction to IPSEC
Summary and wrap up basic section
Advanced section (user)
Introduction to the advanced section
Wireless LAN
- Introduction to Wireless LAN and its lack of security Introduction to WEP and why it is not secure
- Outline of WPA (TKIP and AES)
- How to use SSH Tunnelling to secure any other protocol
Summary of the advanced section
Developer section
Introduction to the developer section
Securing HTTP
Securing Email (including securing SMTP)
Securing Remote Computing
Summary and wrap up of the track
Name_of_posting_person: Francois Fluckiger on behalf on Jan Janke
Type_of_posting: I have a specific topic to propose
Date: November 10, 2006
Time: 03:25:29 PM
MessageDetailed proposal from Jan Janke:
Short Description
I would like to prepare two
lectures which cover the recent software development techniques in the field of
web application development using the Java programming language and related
framework and technologies. The lectures complement the software engineering and
tools track which was held at the last CSC in Helsinki.
Main focus of the proposed
lectures are the well known and widely used open source libraries Spring
and Hibernate
as well as accompanying technologies and specifications like Java Enterprise
Edition (J2EE 1.4 and JEE 5).
Lecture 1: Introduction to the web
application development with Java EE, Hibernate and Spring
This lecture gives an
overview about the current state of web application development on the Java
platform. It focuses on the parts of the JEE specifications that are relevant
for web application development, reminds some of the new Java language features
introduced in the Java Standard Edition 5 (especially generics and annotations)
and depicts what is new in the latest edition of the JEE specification (JEE 5).
Once the basics have been
explained, the frameworks Spring and Hibernate are introduced. Spring provides a
layered Java/J2EE application framework including a lightweight container,
common abstraction layers for transaction and persistency management and a fully
useable MVC web application library. It also fully integrated aspect oriented
programming functionality (AOP) and integrates nicely with third party
frameworks like iBATIS, JDO and Hibernate.
Hibernate is an object
relational mapping framework that allows to transparently map business objects
to relational data structures. It makes full use of the latest features of the
Java language (including generics and annotations) and supports all major
commercial and open source DBMS.
Target audience: Especially Java
developers, but also users of other programming languages that want to get an
insight into current web application development techniques related to the Java
platform. Developers and deciders that are already familiar with Java web
development techniques but want to get a more concise idea and a first insight
into the presented open source development frameworks.
Lecture 2: Detailed insight into Spring
and Hibernate
The first lecture
introduced the technologies and this second lecture gives a more detailed
insight into Spring and Hibernate by making use of concrete examples, code
insight and demonstrations. The main features and the integration of both
frameworks as well as best practice examples and design patterns will be
explained and demonstrated.
The aim of this lecture is
to give the audience a starting point for their own development projects using
the above mentioned technologies. It also helps to understand and judge what is
involved when developing with both application frameworks. Furthermore, it may
give a clearer picture concerning the overhead required for the organization and
management of projects involving the presented technologies.
Target audience: The same as for lecture
1, although this second lecture is much more detailed and may not be of such an
interest for "high level" deciders. This is more a hands on session for people
that are doing real programming / software development and will be organized as
a kind of cookbook how to start up an entire project in the field of
Hibernate/Spring/JEE.
Name_of_posting_person: Francois Fluckiger on behalf of Francisco Yuste Garcia
Type_of_posting: I have a specific topic to propose
Date: November 10, 2006
Time: 03:18:33 PM
MessageIn the last day for proposals, I propose to talk about my development at
CERN: CVSRAC.
I attach a presentation I gave. It is a bit compressed, I can do it more comprehensive.
It is not the presentation that I would do about CVSRAC, but very similar.
You can know more about CVSRAC in
https://twiki.cern.ch/twiki/bin/view/DESgroup/CvsHardening
Name_of_posting_person: Maria Alandes Pradillo
Type_of_posting: I have a specific topic to propose
Date: October 30, 2006
Time: 10:52:35 AM
MessageHi!
Within the framework of the Software technologies and the Grid technologies track that we studied in the course, I can give a real example of how middleware is tested and certified in the EGEE project.
As I am working in testing and certification of the grid middleware, more specifically gLite and LCG components, I can present how we carry out this activity.
As gLite middleware is currently build using ETICS, maybe Guillermo, who is working in the ETICS project, can participate as well to describe the build system.
Cheers,
Maria
Name_of_posting_person: Alfio Lazzaro & Antonio Petrella
Type_of_posting: I have a specific topic to propose
Date: October 30, 2006
Time: 09:07:59 AM
MessageHi All,
we think that the normal school doesn't cover adequately the software for data analysis. This is a critical issue because, when the CERN experiments will start to take data (in the next 1 or 2 years), the software to analyze the data should be ready. There are already a lot of packages for data analysis developed by CERN teams and by other experiments. In particular we think about ROOT and RooFit, which are extensively used in active experiments like BaBar, CDF, D0,.... Our idea is to present the use of these softwares, with practical examples of data analysis, in particular for the maximum likelihood fit technique using RooFit classes. But there will be room also to show examples of Neural Network packages and sPlots technique. Is there anybody interested in these arguments?
Alfio & Antonio
Name_of_posting_person: Snezana Krstic
Type_of_posting: I have a specific topic to propose
Date: October 23, 2006
Time: 06:38:37 PM
MessageHello all,
I am happy to hear from you and that we are given opportunity to continue with our "work". It may be interesting to have a session where applications of grid computing (in different scientific fields) can be presented. At the CSC we had a chance to learn about applications in high energy physics and bio science as well. I propose to prepare a lecture on application of grids in chemical and environmental engineering. You are welcome to join me, regardless whether you are interested in applications in these or some other fields!
Snezana
Name_of_posting_person: Leandro Franco
Type_of_posting: I have a specific topic to propose
Date: October 18, 2006
Time: 05:02:15 PM
MessageHi...
I could talk about high performance data transferences and in particular how we can take advantage of the peculiarities of particle physics information to transfer it in an efficient way i.e. using informed prefetching to avoid latency, bigger chunks to go to the TCP limits or even parallel sockets to try to go beyond that (cheating a bit...). If someone is interested in parallelism I could plan something too since I'm starting to play wth it (for example to transfer future data while analyzing the actual one or stuff like that) although I'm far from being an expert ;) .
Anyone willing to join forces here?... :D
Have fun,
Leo
Name_of_posting_person:
Francisco Yuste Garcia
Type_of_posting: I am commenting on a previous posting
Date: October 02, 2006
Time: 02:22:45 PM
MessageHi Luis,
What are you exactly thinking on? Are you talking about enumerate several tools for agile programming? Are you talking about doing some proofs on-the-fly in order to show how these tools work?
If that is the topic, I have got some experience on free development environments ;) like http://forja.guadalinex.org/repositorio
Cheers; Fran.
Name_of_posting_person: Jan Janke
Type_of_posting: I have a specific topic to propose
Date: September 24, 2006
Time: 03:43:06 PM
MessagePutting the focus on software development technologies, I would like to give a presentation on current web application development concepts like dependency injection (Spring framework), object-relational mapping with Hibernate 3 (with its support for annotations and JEE 5 persistency) and the Google Web Toolkit for easy development of interactive rich web clients.
Name_of_posting_person: Luis Ramos
Type_of_posting: I have a specific topic to propose
Date: September 15, 2006
Time: 04:38:15 PM
MessageFollowing the software engineering talks at CSC2006, I would be interested in doing a presentation about Agile Software Development Methodologies.
Anyone enough interested on this subject to go for it as a team?
The presentation can be:
- an overview of some of the methodologies like Cristal Methods, Feature Driven Development, eXtreme Programming, Scrum or DSDM.
- a summary of a given methodology.
- or a study on how a group of methodologies solves a given specific problem like configuration management, testing, documentation or team structure, i.e., agile sw testing or agile sw documentation, etc.
Any ideas are welcome! Cheers, Luis
Name_of_posting_person: Chris Dixon
Type_of_posting: I have a specific topic to propose
Date: September 15, 2006
Time: 01:59:43 PM
MessageI'm interested in doing a security related presentation (how to evaluate security protocols, choosing the right protocol for the job and so on). Would anyone else be interested to form a team?
Chris
Name_of_posting_person: François Fluckiger
Type_of_posting: Welcome message
Date: September 14, 2006
Time: 06:15:28 PM
MessageWelcome to all CSC2006
participants. I hope you enjoyed our school in
Helsinki and you will be willing to suggest topics through this forum.
François, School Director
|