Hackathon

Domain Connect is an open standard that makes it easy for a user to configure DNS for a domain running at a DNS provider to work with a Service running at an independent Service Provider. The user can do so without understanding any of the complexities of DNS.

In the Cloud Fest Hackathon we want to build a reference implementation of Domain Connect DNS-Provider on top of standard open source DNS project (PowerDNS or BIND). By doing so, we should help to accelerate adoption from DNS Providers that utilize these services.

Accept new users to your service or platform with ID4me, a new open digital identity service providing seamless user onboarding and authentication.

ID4me returns control over digital identities back into the hands of users. It is the ultimate independent SSO solution the hosting and cloud industry needs to turn separated ecosystems into a seamless experience across the board.

Join the ID4me Plugin Fiesta at Cloud Fest Hackathon to take advantage of this open and independent single sign-on infrastructure and create a seamless user experience to accept ID4me credentials!

The Hackathon goal is to give hosting, cloud or SaaS providers a headstart to implement and adopt this new standard by developing libraries or plugins for as many languages, frameworks and projects as possible. At the end of this session, you should have created code for one (or several) of the following:

• a code library covering the technical aspects of ID4me client protocol in the programming language of your choice
• an ID4me login button for your service or platform in form of extension, plugin or direct integration

Visit id4me.org to find resources and documentation about the standard.

Looking forward to seeing you and helping to create the “open internet” alternative for single sign-on!

There’s currently no standardized protocol for server applications to request information about or changes to the underlying infrastructure. While we have APIs to provision such servers through code, we have no protocol or API to allow the applications that run on them to make changes after the provisioning.

I hereby suggest creating a communication protocol (tentatively named ASMP) between servers and applications that run on these servers that allows for bidirectional communication so that these two actors can coordinate.

This would allow such scenarios as a WordPress end user having the possibility to update the PHP or MySQL version from the admin backend, a provisioning script automatically adapting the server environment to meet the requirements described in the Composer configuration, or a server control panel showing latest updates to the server components in a user’s admin area. The protocol should be limited to querying capabilities and state and sending asynchronous requests, and all possible request types should be opt-in.

This allows for a gradual or partial introduction by the hosting providers. We should provide a reference implementation based on a common server distribution. Also, building implementations into popular server control panels would accelerate adoption.

How secure is your hosting provider? Who leads as a role model and who falls behind? Let’s hack and find it out! The target of our project is to protect customers of most used hosting companies against hackers by unleashing security vulnerabilities and pushing those providers to fix them before being exploited. A result of the hackathon will be the hacker’s cookbook (list of test cases), a security comparison of all tested hosters as well as a document with security best practices.

Deep Learning (DL) is the field of artificial intelligence which is applying artificial neural networks to learn from a set of samples. A typical application of DL is video analytics, e.g. analyze content of a video stream to detect objects or recognize faces in a video. Normally, the analytics is done at the Edge, i.e. where the data is created. However, there must be a cloud infrastructure as well to collect the relevant analytics results, consolidate different inputs and do advanced analytics in case the edge analytics did not create acceptable results.

Purpose of this project is to implement an open source video analytics system from Edge to Cloud which

1. Is doing local DL based video analytics with an open source framework (e.g.  OpenVINO )
2. Is sending analytics results and selected video data to an IoT Cloud Service (e.g. to the Open IOT Service Platform)
3. Is able to do advanced cloud based video analytics and to improve the neural network model (e.g. with TensorFlow)

An example scenario would be a system that detect cars on a street, finds their license plate and sends the recognized license to the cloud service. In case the license could not be detected immediately the interesting video part is sent to the cloud for additional analysis.

Another case would be counting of people at festivals or similar events, e.g. to provide security guidance to event organizers and to be able to create real-time evacuation plans in case of emergencies.

A third scenario is to analyze the shelves in a retail store to analyze supply needs or customer reaction.

The OWASP ModSecurity Core Rule Set (CRS) provides a set of generic attack detection rules (WAF policies) for use with ModSecurity or compatible web application firewalls (WAFs).

The CRS is used by many CDNs, enterprise sites and hosters to protect their web applications. Since ModSecurity and CRS are free software, they are ideal for a decentralized internet where every admin can secure their web services. However, adoption by hosters is still relatively low. We can think of many reasons for that, and during this event, we would like to improve our project for the hosters’ use cases.

During the hackathon, we would like first to introduce the ModSecurity and CRS projects, help you get setup running them, and explain some challenges and strategies for running the CRS in production as a hoster. Then we can work on improvements that would enable this use case in an easier way.

Some activities that we can think of:

• improve our documentation and installation guide
• run the CRS on an application of your choice (for instance Typo3, MediaWiki, your favorite CMS, hosting panel), collect log events, and add official support for the application
• work on tooling to generate WAF rules
• create a ‘best practices for hosters’ base configuration file
• work on other gaps that you identify during the hackathon

Hosting can be very different, especially in the shared hosting environment almost every hosting company has different configuration backend and other configuration and infrastructure stacks. This can be quite challenging for the end-user after ordering shared hosting.
Although every hosting company offers shared hosting with PHP, MySQL, FTP and SSL certificates the way this is configured to be used with a standard CMS is often very different and complex, even for expierenced users.

This project wants to define a list of quality criteria to be able to test different hosting packages and their configuration against that list to find problematic and/or difficult settings.

The goal should be to have the possibility to compare different shared hosting packages against each other and to know the pitfalls of them.

At the moment, the website hoster.wtf offers anecdotes about configuring different shared hostings of (mainly german) hosting  companies. The website should be extended to

• offer the test and quality criteria list
• offer the test results of often used shared hosting packages
• offer help for typical configuration pitfalls of these hosting packages

To be honest, no developer loves reading 20+ pages of specifications to solve a somewhat minor task of the day’s scope. Let’s take e-mail address validation. Specifications of the Internet Engineering Task Force (IETF) are available but it takes time to read them. The task is much faster solved if you re-use an existing solution. After all it will go through quality assurance, right? Another truth is that hardly any quality analyst thinks of testing an e-mail address with farsi characters or some fancy new TLD. But it’s just a matter of time until a user who in fact owns such a “fancy” address runs into a blocker.

The goal of this hackathon project is to approach this issue on a universal level, using above specific example: We want to establish a workflow to translate (aggregate) the relevant information from the specifications into an “easy to grasp abstract” that developers will be happy to read and use. We are happy that the Universal Acceptance Steering Group (UASG, www.uasg.tech) reached out to better interact with the open source communities.

Use Cases for UA Readiness Evaluation:
https://uasg.tech/wp-content/uploads/2017/05/UASG004-Use-Cases-for-UA-Readiness-Evaluation-2017-04-17.pdf

Reviewing programming languages and frameworks for compliance with Universal Acceptance good practice:
https://uasg.tech/wp-content/uploads/2017/09/UASG018-Programming-Languages-Evaluation-Criteria.pdf
Attention: 22 pages