40th Monthly Technical Session (MTS) was held on November 17th, 2017. MTS is a knowledge sharing event, in which HDE members present some topics and have QA sessions, both in English.
The moderator of the 40th MTS was Matsuura-san.
The first topic was an explanation of a fixed bug in one of our projects by Fukutomi-san. He noticed that his project sometimes labeled HTML emails as illegally modified. The cause of the bug was excessive newlines generated by the use of a certain email client. After removing those excessive newlines, HTML emails were no longer incorrectly labeled as illegally modified.
The second topic was "OWASP Top 10 2017" by Kodama-san. OWASP Top 10 is an awareness document written by The Open Web Application Security Project (OWASP), which represents a broad consensus about the most critical security risks to web applications. A variety of security experts from around the world shared their expertise to produce the list. Furthermore, the list is free to access for everybody. So it is very recommended to adopt the OWASP Top 10 as the first step to producing secure code.
Kodama-san also described how OWASP Top 10 2017 differs from the last one that came before it, OWASP Top 10 2013. Some risks from 2013 didn't made the list this time around, and the community decided to put some new risks in their place. Most risks stayed in the list, understandably with a change in their importance. He also explained the risk rating methodology that was used to make the list. To finish the topic, he mentioned what developers, security testers, application managers, and organization each needs to do as their next step in producing secure code.
The third topic was an introduction to one of our projects by Xudong-san. He began by explaining what the project is and why it is needed. The approach that is used to achieve the goals of the project is data-driven decision making. He mentioned the kinds of data that this project needs, how it retrieves those data, and how the software system works in general. He wrapped the topic up by reporting the project's current status.
The fourth topic was "Slack Frontiers" by Kawatake-san and Hosaka-san. Frontiers is a conference by Slack about exploring how the nature of teamwork is changing. Participants get to hear about Slack's newest products, learn how Slack improves work and workflow, and hear from customers about the ways their organizations are evolving. This year is actually the very first time Frontiers was held. The event was held September 12-13 in San Francisco.
Akane-san began the topic by explaining what San Francisco and the atmosphere of the event was like. In this event, Slack announced two new products, Shared Channels and Dialogs. A Shared Channel is a bridge connecting a company's Slack Workspace with another company's. According to Hosaka-san, Shared Channels are simple, transparent, and controllable. Dialogs, on the other hand, are forms which provide a focused workflow to quickly collect information from users. For example, during Frontiers, Slack itself used Dialogs to file in customer inquiries. They ended this topic by describing how other companies use Slack.
The fifth topic was "O'Reilly Velocity" by Bagus and Tanabe-san. Velocity is a conference by O'Reilly about building and maintaining complex distributed systems. Sessions covered themes such as capacity planning, distributed data, distributed systems, monitoring, networking, orchestration, resilience engineering, serverless, systems engineering, and technical leadership. The conference was held October 17-20 in London.
Some of the keynotes that either of them found interesting includes "Why an (Interactive) Picture Is Worth a Thousand Numbers" by Miriah Meyer and "The Evolution of Chaos" by Kolton Andrus. Some of the sessions that either of them found interesting includes "Serverless Security: What's Left to Protect?" by Guy Podjarny and "A Postmortem of Postmortems: Trends and Behaviors across Organizations" by Eric Sigler. They also shared their experience traveling to London, such as the food, transportation, and sights.
The sixth topic was "Understanding the Bitcoin Forking Drama" by Kirby-san. He is one of our Global Internship Program (GIP) participants. Bitcoin is a cryptocurrency and worldwide payment system. There are currently several Bitcoin forks out there. Hard forks bring radical change to the protocol, so new version rejects all transactions made from the older client software. On the other hand, in soft forks, new client is backwards-compatible.
The seventh topic was "The Dat Project Ecosystem: Distributed and Decentralized Tools for the Open Web" by Hugo-san. He is also one of our GIP participants. Dat Project is a distributed data community, with which people can share, backup, and publish their file systems. It was created for scientists (e.g. to share data sets), but is useful for everybody.
He then explained in more detail what the protocol is like. According to him, Dat Protocol shares some similarities with others, such as Git (e.g. versioning of data), BitTorrent (e.g., peer-to-peer), and DropBox (e.g. synchronization of data sets). He also explained how to share data with the CLI tool
dat. He also presented some practical applications of Dat Project, such as Beaker Browser and Rotonde (a social network).
As usual, we had a party afterwards :)