Web Security and Wasm at The Tech Sessions

/

We had a couple of great talks at the Tech Session yesterday. If you are in the Hull area you should keep an eye on what they are doing. You can find them here. The first talk was from John Smith (yes, that is is real name). It had the title “Your cloud got hacked, and they like it”. John is a senior security architect and did great job of explaining just how vulnerable cloud applications are to bad actors. He put the bad actors into categories, from the “Chancer” (there for the money, only knows how to use freely available tools) all the way up to “Ghost” (has the tools, skills and persistence to live in your systems indefinitely without being detected). Things I took away from the talk:

  • There are freely available tools that make it easy to do things like search GitHub repositories for keys to online resources. Use them yourself to see if you are vulnerable. Start with GitLeaks and remember that the bad guys use these all the time.

  • Avoid using long term credentials. And change them regularly - like your underwear.

  • Monitor your resource usage to detect changes. And set limits.

  • Don’t have “one ring to bind them all”. Put different resources under different accounts.

  • Code is a depreciating asset. You must budget for the effort needed to keep it up to date and secure (and to test for security).

  • Open source can be dangerous. Bad actors will target tools used by millions of applications to inject malware into your systems.

  • Developer systems in a company are the holy grail for hackers. They usually have lots of extra permissions and interesting source files on them.

  • At the end of the day it is all about Risk (how surprising). Actively attack the security risks you are running, and keep looking for new ones.

Next up was a talk from Joe Axon This content was a little more relaxing (at least for me) but no less interesting. Joe was talking about using Web Assembly (Wasm) to write games that can run on your machine in your browser. Running programs in your browser usually means JavaScript, which is a great language but not really good for games. JavaScript is a scripting language. It contains lots of high level abstractions and behaviours that are kind of hard to convert into simple machine code. Web Assembly (or Wasm) is a simple stack based language which, from the examples Joe showed us, is very close to what hardware does. This makes it very easy to convert into native machine code that would run at much higher speed. Things I took away from the talk:

  • Wasm is stack based and looks like assembler to me. The text format (i32.add, etc.) is deliberately low-level and easy for humans to read if you’ve seen assembly before.

  • Wasm looks very easy to convert into machine code.

  • It supports integers, floats and blocks of data (although the are now SIMD - single instruction, multiple data vectors too). Anything else you have to structure yourself.

  • You have to do all your input and output (including the display) by passing blocks of data between Wasm programs and JavaScript. The code to do this looks easy to use, but comes at a price in terms of performance.

  • You can get compilers that take most high level languages you’ve heard of and convert them into Wasm - making this an interesting way getting things like C++ or Rust to run in a browser at a sensible speed

  • There is a tool (KNI) that can take XNA games (written for MonoGame) and, after a bit of fettling, create Wasm code that runs at speed in the browser.

So, after a really interesting evening I drove home thinking about scanning my repositories and porting some of my old games to the web. Great stuff.

Hull Tech Session on May 6th at Hull University

/

The heading is doing most of the heavy lifting on this post. But I’d just like to add that the session starts at 6:30 pm and ends at 8:30 and is in the Brynmor Jones Library at Hull University. There are two talks, one from Ben Foster about integrating large AI models with smart home systems and another from Alistair Kennedy about Cybersecurity.

You can sign up here. The last session I went to was excellent.

Splendid Tech Session Tonight

/

Hot on the heels of DDD North last weekend we now have more high quality technical content which has free food (thanks to Hull University for the spread). Tonight at the Tech Sessions we had two excellent talks.

First up was Martyn Coupland who has the kind of life that I want when I grow up. By day he pilots planes around the world. And at night he develops software using .NET (actually this might not be precisely how he divides his time, but he definitely does both). His talk was titled “Cleared for Takeoff: Navigating the Intersection of Aviation and Technology” and gave some great insights into the hugely complicated business of getting people from A to B safely through the air.

It was nice to see the views from his “office” at 30,000 feet but it was even more interesting to see the server room underneath the cockpit containing all the computers that keep the plane in the air. There are four copies of one crucial component, along with a box that contains the height above sea level of just about every point on the surface of the earth. Aviation tech has to be done right and this point was made time and again as systems were described. Everything was pilot-centric since they are the people who have to make decisions that are literally life and death. Very impressive.

Next up was Elliot Fearn talking about “Building a RAG-Based LLM with Vector Databases”. Elliot explained that RAG stands for “Retrieval Augmented Generation”. This is a technique for boosting the usefulness of a Large Language Model (LLM). An LLM takes in questions and gives you answers to them. Elliot gave a great explanation of how this process works, with individual tokens in a question being converted into vectors which are then mapped into the knowledge space of the LLM to produce a useful answer, one token at a time.

The RAG bit serves as a kind of “booster” pack of local knowledge which is combined with the content of the prompt string which is given to the LLM to get the answer. For example, you might ask an LLM about “sales”. This could mean that you want to know where things are being sold cheaply, or how well a marketing plan is working. If you have a system that puts the word “sales” in a marketing context by adding sales information to the prompt string you have better chance of getting a useful answer.

Elliot described systems that could help to automate this process, so corporate information could be packaged and formatted to be used in this way. Very interesting stuff with some nice demonstrations of the tech.

I really looking forward to the next session. If you want to join in go here on Eventbrite and follow The Tech Sessions.