I like to take plain text notes when I attend lectures, so I thought I'd start sharing them. Please excuse if the earlier ones are bit sketchy.

Computing Lectures

Grace Hopper Conference for Women in Computing

Sheryl Sandberg
- bootstrap your way up
- asking manager guys why you can't hire women
	- people told her "most women are not like sheryl. you're competent".
	- can't hire young women: wife worried about him sleeping with them
- women get asked, "should you be working?"
- events like GHC important because it _helps_
- 4800 attendees

Be More Strategic
Karen Catlin + panel
- catlin started femgineer
- Mary Fernandez - CEO MentorNet
- Ann Mei Chang (State dept)
	- take risks
	- one-sentence pitch (not even elevator)
	- clear targets/goals make it much easier to contextualize suggestions
- Meena Kaul-Basu
	- solid plan that you communicate both up and down. All of team must be very committed to what/why to everyone on the team.
	- look far ahead at what the market in your area/world would look like
Mary Fernandez (MentorNet)
	- mission, leadership, strategy are the three things required for success
	- strategy is in service to mission, set down by leadership
	- should always be prepared for cut funding, change in leadership, etc
	- you must understand the mission and strategy of your corporation
	- culture of mentoring is the foundation of diversity
	- make sure metrics are measuring the corporate goals
Christine Rimer
	- to maximize impact of what you are doing, bring people along with effective communication
	- people must understand what and why you are doing			- most people you think are working against you, just don't understand what you are trying to do
	- "I'll replace myself in 6 months if it's not working out"
- for new techs, must have correct stakeholders at the right level (story about ad-hoc networking in mobile at AT&T)
	- if you have conviction around your work and are being ignored, you have to be loud and find the right stakeholder
- no such thing as overcomumnication
- attempt to fail every day and get feedback
- be concise
- the right message at the wrong time is the wrong message
- people won't give you feedback if they don't think you can take it
- failure at work is like public speaking
- fail more => "how can I learn something every day?"
- How to balance risk vs not getting fired?
	"So, I live on the east coast. We do have technology on the east coast"
	- look at this room. there's an equiv room full of women who worked at jpmorgan chase who also got burned out, except they have a lot of cash in the bank and are looking to invest
	- don't worry about losing your job

Using volunteer opportunities to drive forward your career
Lisa Schlosser (moderator + speaker), Erica Christensen (CA technologies), Josie Gillan (Salesforce), Audrey van Belleghem (NetApp)
- volunteering can help you gain leadership experience you may be missing
- helps networking outside of work, can also give perspective to your work
- each company gives VTO (volunteer paid time off), 3-6 days a year
- still rewarding to do opportunities tha you were asked to do -- equally rewarding, regardless what you presupposed you would get out of it
- games for children
	- two lines, people with numbers, make them sort themselves
	- "bring a friend" also helps
- two employees put together a python coding class
- coderdojo, codesavvy
- volunteermatch portal for CA tech, which lists volunteer opportunities
- during women in tech at [company], during lunch, show recorded webinars

Joining your first public company board
Naro M. Denzel (Intuit, 2 other boards)
NL has 17% women in public boards 5th place 
	- noway (41%, have a law), sweden, finland, france, then UK, denmark, south africa, NL
	1: research what boards do, and understand why you want to be on a board, like a 4-5 word tagline
		can look at board bios online
	2: preparation (6-7 yrs): Understand your BVP ("Board Value Proposition"), join an advisory, non-profit or public board
		be very strategic, find boards that have board members that are also on other public boards
	3. quiet search phase: don't appear too eager
- should not go onto a board and then leave when they don't want you to
- people stay 10-15 years on a board
- 50% have day jobs, 99% are on only one board
- for full-time board members (example ex execs), 3 is really the max
- there are board events hosted by E&Y, delloite, and others
- usually 3 committees: compensation (for senior execs), audit (financials), nominating and governance (adding new members)
- maybe 100 hours a year
- non-profits can be quite large: 1.7B salvation army, 1.6B for catholic charities
- describes type of boards
- pay range, typically 25k-400k, plus stock
- should never join a board for the money
- public board is the representatives for the shareholders, since public companies are owned by the shareholders
- it's not who you know, or what you know, it's "who know's what you know"
- 91% board hirings are referrals
- when 1 woman on board, it's "gentlemen and nora", when 2, they think you're teaming together and confuse you, when 3 it changes.
- when considering a woman, people on board might say "she's qualified, but she lacks gravitas"

Keynote 3/10
Megan Smith
- someone doing project to study media bias  for careers and gender, needs more CS majors

Looking for bugs in all the right places
Elaine Weyuker (Rutgers, parttime at Swedish university)
Tom Ostrand (husband)
- determine whih files are likely to contain the largest numbers of bugs in the next release
- if you know the bugs, what would it tell you?
	- who you want to work on the project, use more expensive resources on these small parts of the code
- system, .5 million LOC, quarterly releases
- first looked at distribution of bugs, to verify the 80/20 assumption
	- found that beyond first release, 100% of bugs were in 20% of the files
- 2 years to get to the point where you could start making predictions
	- empirical software engineering is very slow
- correlations:
		- KLOC best predicter as fault density OR total # bugs
	- # changes to file in prev 2 releases
	- # bugs in file in last release
	- age of file
	- language file is written in
**Q: thoughts on companies that do continuous deployment?
*Q: how exactly do you determine which files actually caused bugs
- used negative binomial regression for prediction
Q: thoughts on why negative binomial regression performed better, and did you try decision trees?
- two parts: back end extracts data needed to make predictions, front end makes predictions
- assessing success: percentage of actual bugs that occurred in the N% of the files predicted to have the largest number of bugs (N=20)
	- prioritize files
	- compare, estimated 87% of the bugs would be in these files, actually was 83%
	- looked at other ways to measure, but practitioners couldn't understand them
- while comparing to the accuracy among different systems, found very consistent accuracy (% faults, top 20%, 75%-93%)
	- 90% => accurately predicted where 90% of the bugs were => top 20% of the the files contained 90% of the bugs
- what are we missing? 
	- incredibly skewed, one file has tons of bugs, then decreases quickly
	- graphs: files ranked by percentage vs number of bugs in that file
- initially built severity into the model, but severity is very inaccurately reported, mostly for political reasons
- if fixing bug changed 3 fieles, then 3 bugs
- for continuous integration, make fake releases
	- Q: but new files, or deleted files?
- tool configuration
	- name of system, which release to predict for, which file types.
	- then shows ranked files by number of predicted bugs (%faults)
	- written in python
- other factors studied
	- counts (#ppl that worked on code), individuals
		- individuals really did not work at all
	- dependencies, are dependencies nwe/changed/faulty
	- lines added and deleted changed
	- none were very significant
		- only one that hepled at all was total # ppl that touched file over time
- would like to do it later with clearcase

Computing on Wheels (Ford Research and Advanced Engineering)
reates curry, jayanthi rao, pramita mitra
- open XC platform for apps (Ford)
- three types of infotainment apps
	- built in (expensive)
	- brought in: apps run on brought-in devices and run on video (emergency, internet radio)
	- beamed in: apps run in the cloud, rendered in vehicle

ABI Lean-In Circles

- research based
- ~60k participants
- facebook page, and leanin.org
- Berlin geekettes
- recommend about 10x per year meetings
- two types of meetings
	- education meetings: watch expert lecture, discuss, commit to one action
	- exploration meeting: members share experience/challenge, rest of circle shares own stories
- college track ("careers in" series, role models) and career track teams (power and influence, presenting, climbing the technical ladder)
- power and influence, body language
- demo of a circle with people sitting next to us. met girl who also doesn't have role models and just picks features of others to adopt, seems interesting
- mightybell (social networking for small groups)
- leanin.org/anitaborg
	- UI for events, virtual meetings, collections of material
- circles@anitaborg.org

Keynote 4/10
Tella Whitney - President and CEO Anita Borg
Valerie Taylor 
- 2:30 plenary panel awards
- Systers, see communities page
- mediation: guide two parties to come up with a solution. (each party must take ownership of the solution)
- Tapia conference in diversity (cultural and disabilities)
- takethe time to learn about others' background and experiences and embracing it by using it to enhance what you are doing
- asking others about themselves/their background helps start the dialogue and get rid of stereotypes
- on feeling powerless in a meeting: you should think, if you _are_ in a meeting, you should already feel powerful
- if someone considers you an anomaly, can go back and give them more resources just like you
- most companies offer "microinequities" or implicit bias trainings
- to deal with people who see diversity as a buzzword, talk to them, get to know their priorities, and talk about how diversity can contribute to their goals
- realize that many solutions for combating bias are not one size fits all. Talk to people.

Lightning talks on scalable software
- project on finding bottleneck methods by generating data which takes the longest to process
- "Scaling = replacing all the components of a car while driving it at 100mph" Mike Kreiger cofounder Instagram
- highscalability.com, Irina's slides have some more blogs

Why are we still geeks? Correcting media images of Computer Science
Shloka R. Kini, Maria Klawe (Harvey Mudd), Brenda Laurel, Kim Surkan
- Klawe has been working on this for twenty years, and made 0 progress
- not many law jobs, pay is lousy, high debts from school, yet many women. Also in forensic science, which is boring (more supports the media argument)
- Institute for gender in media, Gene Davis
	- big bang theory
	- not just about women. Think about nerds in TV (NCIS) where they dress guys really nerdy.
	- "and then there's the girl with the dragon tattoo. I mean, she's great with computers and really quick...  But she's really _weird_."
- klawe got an estimate for a show, raised enough money to write the pilot, but about halfway through realized it was not going anywhere (unrealistic, people jumping out of helicopters)
- magic wand: tv series with computer scientists that did exciting things with hot women and men
	- bob quinn, wrote a script, Rush about a silicon valley startup (DARPA competition)
	- sent it out to people in media, but despite good connections, didn't get a channel willing to produce it
- Klawe doesn't know what else to do...
- Brenda: Purple Moon, Telepresence research, books
- alters previous grace hopper photo, to amke them look more normal / less business
	- need to put out our own self-representations, refuse models/spectacles which perform need-creation
		- inverse relationship between income and desire fora LV bag
	=> don't have to look great to be a role model, need to look normal
		- get noticed for _actions_
- hates how star trek (esp 2) butchered Ahura
- Think about Numbers -- that was about a _mathematician_
- FemTechNet femtechnet.tumbler.com , DOCCS, distributed alternative to MOOCS
- Kim
- 2010, children watch on avg 7 hours of TV/internet
- paper: decreased self-esteem in women (Martins and Harrison, 2012)
	- even affects performance
- while women in engineering and any other STEM field is increasing, CS is decreasing (see nsf website)
- nerd stereotype is probably the largest reason for low female participation
- decline is largely attributed to sexism and culture
- study on yale university researchers, given same application for lab position grad student, just diff name. rated lower, less money (26k vs 30k)
- startups are especially bad to cater to brogramming (booth babes, etc)
- example at hackathon, where air-masturbating and an app for looking at tits were presented, and a 9 yr old girl presented her own app
- example about Anita Sarkeesian who was cybermobbed after asking for fundraising for a video about depiction of women in games
- Marrissa Mayer "I don't think I'd consider myself a feminist" with video, says she wants to focus on positive energy instead of negative
- gawker "This is why there are not awomen in tech"
- Klawe would just appreciate if we all commit to calling out when women are underrepresented

Award winner plenary session
- be the change you want to see in the world
- 65% women in congress in... Rwanda? started as 30% quotum.
- to deal with apathy, try to educate others on your position

Scalable architectures, from rapidly-growing startups
Tracy Chou (Pinterest), Barba Raitz (airbnb), Ketaki Deo (pulse/linkedin), Vida Ha (square), Bethany Macri (etsy)
- SOA, caching, pooling (multiple slaves that can do the same things and use a load balancer), sharding
- etsy - 200 engineers (of 450), LAMP
- square: rails and java, java bc of sophisticated threading
- pulse: objective C, google app engine (due to good monitoring tools), AWS for logging/user data patterns
- airbnb: AWS, was ruby originally, backend in java, moving towards mobile (javascript/backbone) 
	- 8.5 million stays this year
- pinterest: AWS, python, django (website) and flask (API), mysql, java (services that need to be more performant), memcache and radis (caching, where memcache only retrieves blobs, and radis retrieves data structures)
- choosing a language: 
	- start with use case (stability, performance, etc) then look up metrics
	- dev community is important
	- also consider how good the coding practices
	- testing tools are very important
	- also consider your team's expert areas
- ruby vs python vs java
	- ruby and python easy to prototype
	- java more mature, more libraries, support
	- python has a lot of machine learning (square uses it for learning a model)
	- C++ older and private companies have developed a lot of tools, so startups don't use it too often
- service discoverability is cool
- zookeeper: distributed systems library
	- consensus, leader election
- split databases into a service
	- safer, more reliable
	- service finds the correct shard
- avoid adding columns
- at etsy, each shard as side A and B, so things written to side A are eventually written to side B (replication in case side A goes down)
	- a db tickets server generates globally unique IDs for shards, use two ticket servers one for even IDs one for odd
- square uses fusion IO (expensive crazy hardware)
	- hspace in addition to mysql
- really need to convert monolithic app to layered/tiered architecture
	- service layer, about data, common in Java (HHTP + credentials + locale => json)
	- API layer, focused on data format, fetch and format (nodejs)
	- application layer, business logic, (nodejs, backbone)
- etsy uses scalding for some parts (DSL on top of java)
- etsy also does "bug rotation", where an engineer does pair programming for one day a month
- pulse used code reviews, and feature owners which are responsible for all coders on that code

Athens Digital Week 2010

The cacua project (John "maddog" Hall)
- Number one reason for pursuing FOSS is creating jobs (though the other
  benefits ar enice also)
- Everyone cares about children
- 80% of the people in south america live in a n urban environment
	=> internet is not so far away -- maybe only 50 feet away
- "digital inclusion" in Blazilian, "digital divide" in US
- And he's a business man:
	- Gviing a 7yr old a laptop has a ten year payback
	- Retraining an adult  by giving him a laptop is only a 2 year laptop
- Goals
	- Create milliaons of new, private sector high-tech jobs in Latin
	  America, many millions more worldwide
		- High-tech, well-paid, LOCAL jobs
	- Make computers easier to use
	- Make computers more environmentally friendly
	- Decrease cellular wireless contention (interesting...)
	- Create gratis WiFi bubble over urban areas
	- Create low-cost or gratis SuperComputing capability
	- Using sustainable, privaet sector funding ("that's the Republican
	  inside of me coming out . . . because money coming form the
	  government is not sustainable")
- Creating millions of new jobs for system administrators and entrepreneurs
	- enable systems adiminstrators to start own business
		- Business plans
		- Marketing materials
		- Training/ Certification/Guild
	- Vertical Markets: 
		- Show people how to borrow money to finace a new business
		- Not having a boss
	- Provide courses, training, apprenticeships, and get licensed
- Making computers easier to use
	- People waste a lot of time with current technology (losing files,
	  computers being slow because of viruses, and because most people
	  hate computers)
	- 1,250,000,000 desktop comptuers x 15 minutes lost per day @ $5 =
	  $6,250,000,000 a day _because software dosen't work the way it's
	  supposed to_
	- ^ also equivalent of 9 out of 300 people not showing up to work
	  without notice
	  	=> let's make one of those people a systems administrator!
		- and magically the other 8 people would show up
- Thin Client/Server Computing: Timesharing
	- Always had experts around you, either to help or to install programs
	  etc... but then Bill Gates put mainframes on the desktop, yet no one
	  was _trained_ to use those.  Support is now very far away.
	- So:
		- High-avalibility servers in basement of tall buildings in
		  community centers of clusters of bulidings
		- Thin clients connected to server with high-speed networking (1gbit/sec or
		  higher), with no programs/files stored there
		- FAT client/Mac OSX support, but will be charged for it
	- 30% of software in the US is pirated, in Vietnam, 96%
		=> charge people money to have MS Windows/Mac OSX (to be
- Sysadmin duties
	- Maintain server software (monitor usage/integrity, updates, virus
	  elimination, SPAM, backups)
	- Teach classes and give support to end users
	- Negatiate and sell software to end users
- Vertical Markets
	- Small/Medium Business in large office bulidings, typically no
	  sysadimn (this group produces 90% of the wealth in the US))
	  	- produce 90% of the wealth in the US
		- 86% of the people in the US work for these small companies
		- Usually cannot afford a sysadmin... but they could SHARE one
	- Also, apartments, hospitality services (hotels), and Point Of Sale
	  terminals (cash registers)
	- These are all the vertical markets that could be treated
- Specifically: Apartments
	- TV over the internet (more accessible)
	- telephone calls through VoIP
	- security with webcams
	- could all be done in one router, instead of separate units that are
	  expensive, and use a lot of energy
- Hospitality
	- Different units for reservations, room allocation, accounting, ERB,
	  website, POS
	- Could have one unit, to do these and more
- Could do all of this with envirnomentally- friendly computing
	- Power consumption is huge
	- Bad chemicals 
	- "If you threw away every computer in the world today you'd create a
	  mountain higher than the Swiss Alps"
- Long life, "always on" thin client
	- multi-funciotn (with virtualization)
	- USB3.0/eSATA
	- 60GHz Wireless Ethernet, bc up to 7gbit/sec within 30 feet away (and
	  powered through internet)
		- backhaul/heatbeat/power
	- "Femtocel" GSM modem (OpenBTS) because not enough bandwidth, which
	  changes signal from your phone and changes it to TCP/IP
	- OTA Digital TV (cheap, and can use spare channels for downloading
	- All boxes have no moving parts (quiet, no fans, up to 70*C with
	  proper chips) -> long lifetime 9-10 years
	- What happens when I need more CPU power? That's what the server
- example of Invenio, who sells phones in Africa
	- Sells low power chargeable internet/phone systems
	- can be powere by solar panel or by bicycle, and people always choose
	  	- easily replaced
		- cheaper
		- *provide job for person to pedal bicycle*
- Computers are useless when they are off, so we should always keep them on
- "Good for security" to have no data stored on thin client
- Servers
	- Industry standard - low power
	- HA with redundant disks, multiple (10) gbit cabling to thin clients
	- Three sizes, small one is just two thin lients (12 V... because
	  everything in the world actually runs on 12V)
		- "12V is where God intended electricity to be" :)
		- "baby bear" (small version) could be run off of anything,
		stored in a cabin
- Networking
	- Aggregation of telephone feeds, not "1.5Mbits/sec/apartment",
	  instead 300Mbits/sec/apartment house
	- Actually doesn't hurt business, because you only have to sell to one
	  person, lowers support cost
	- Reduced latency over traditional "wireless mesh"
- Free wifie througout urban areas
	- People can use your internet, you can use their internet
	- This model already works (British telecom, Beijing)
- Privacy and stability: everything vrtualized and ecrypted
	- Start punishing people who are actually trying to do bad things, not
	  the ISPs
	- Flexible resources, data can optionall ybe stored on server, cloud,
		- already possible through virtualization
- Large servers in basements are used for extra CPU power.  Depending on
  location, servers can be idle (university servers on a weekend, for
  example), but because these are hooked together with high speed internet,
  servers can borrow CPU power from other servers
- Thin clients will have open circuit design (currently univ in Brazil is
  creating the box)
	- Box will have to be certified
	- Manufacturing is "grunt work", so design is carried out by
	  university, and manufacturing is outsourced to other small companies
	  in Brazil
	  	- If you want to do this in Greece, sure yo ucan do it, and
		  you can alter the circuit board as you wish
- Example for numbers of servers/clients
	- Brasil: 192 million Brasilians, 80% in urban environment, 2 thin
	  clients per person (home and work/school), plus POS terminals
	=> 400 million
	- avg 300 thin clients per server (1.3 million HA servers, 2.6 million
- How much will this cost?
	- thin client, ~200 USD, but made back within about 3 years
	- Pay for high quality, long-life equipment over time (start small and
	  expand as needed)
	- cost will decline over time
- Digital inclusion
	- cheap wifi wireless devices allow aaccess to internet
		- "gratis" and "cloud" computing
	- Train unemployed to be SA/Es
		- single parents
		- physically challenged
		- Takes people off welfare and makes them taxpayers
- How does SA/E affford to buy business
	- Create  an underwriting program to guarantee no risk (for each loan
	  contributes a little to the underwriting fund, so load is equally
- SA/E salary will be 1800 base, for support for 300 thin clientsx$6 per thin
  client per month
  	- Could make more money by side jobs (web programming etc)
- Job should not be too hard, and a lot of tools could be automated (web admin
  tools, etc)
  	- Also will be given training
	- Through a guild program (apprenticeship)
- How do you become a Caua entrepreneur
	- Learn FOSS systems administration, get certified, licensed (by
	  government, ge letters of intent from potential customers to gie to
	  bank, get underwritten loan
- "The harder you work, the more money you make" ("sorry socialist people out
- Timeline
	- Immediate start
	- Next year, starting courses etc
- Project board consists primarily of Brasilians
- www.projectcaua.org
- "Do not undertake a project unless it is manifested in importance and almost

T3CON10 Dallas

Conference welcome (Robert Lemke and Benjamin Mack)
- Rob describing the login process for TYPO3 Phoenix (the early release of v5.0).  
  Currently "the password is just 'password'.  You can't change it yet, but he thinks at 
  some point before the release, they will have that feature.
-TYPO3 association
	- daily scrum
	- good for companies to become memebrs
- Rob mentions that some people are impressed by a CMS supporting two sites in one 
  installation.  Try 500 languages with different dialects and being able to choose the 
  logo for one version.  (Or having 500 sites in one installation)
- TYPO3 Conference Connector: advanced HTML5 form to help gather information about people 
  experencied or interested in TYPO3 (actually just notecards with our names/expertise/needs :)

The radically new interface for TYPO3 5.0! (Jens Hoffman)
- Creative director at a Bjorn user experience agency in Frakfurt
- For this project, the goal was to reinvent the wheel, because the feature
  set is currently unwiedly
- 5.0's interface developed in Copenhagen over the course of a year
- Using Scrum sprints, so kickoff meeting was a scrum meeting at the end of
  the UI brainstorming
  	- Defined goals for each month
	- Aim to be more agile/transparent
	- Split and assigned tasks
- Looked through about 300 other CMSs for inspiration
	- Mobile me (pretty clean, easy to use)
	- Action method (collaboration)
	- Wapjam (FE editing, handling plugins)
	- Concrete 5 (FE editing)
	- SoupIO (aggregation web app [tweets, blog posts, etc] with a reduced interface)
	- MicroSoft something (nice, but expensive)
	- Mac OS X (iScript :)
	- Yahoo Pipes (organizing classes very nice)
	- Quicksilver/Launchy (keyboard actions and autocompletion)
	- photoshop.com (no visual noise, very nice UI style)
- Guiding Principles: "Move the spliit of the old", so retain flexbility,
  scalability, etc
  	- "user-centered design"
	- Reduce abstraction: if you had really good FE editing, you wouldn't
	  need a BE and a page module
	- "visual taxonomy"?
	- Workspaces
		- No live workspace
		- Check out to personal workspace (no editing in live
		- If there is a group or staging workspace, push into there
		  before merging back into "live" workspace
	- View Styles: custom views for data visualization
		- pages, lists, thumbnails, vcards, google maps, olap, Gant,
		- Moves list module to a new level
	- Rootlines to make navigation more natural
		- Guided by Apple's file browser
	- Dashboard with communications, tasks and workflows, widgets and
	  scripts, history of edited elements
	- Browser tab integration for some actions
	- Autosaving for elements
	- Personas to help categorize needs
		- 3-6 personas
		- System sections: content, management, report, layout, system
- Aside: automatic security updates
- New BE with all modules on top (sort of like current
- Create snapshot functionality
- Chat UI (though not a high priority for early releases)
	- Online users can chat with eachother
	- Replaying chats
	- Showing specific locations by dropping markers on a page ("I
	  need help with this content _here_")
- Ability to switch views, mentioning the ability to edit flash
  content, etc)
- Edit icons now appearing only elements you _can't_ edit, to reduce
- Better integration with DAM (drap-drop, etc)
- Ubiquity input action UI for advanced users (like command line
- http://tr.im/t35ui (abstract and channels, structure, wireframes)
	- Wireframes handed out on a nice notecard handout with images
- extJS to be used
- Need for UX designers (currently only 4 people)

The Agile Future of a Ponderous Project (Karsten Dambekalns)
- Second member of FLOW3 development team (after Robert)
- Last decade's TYPO3 history
	- Prototype developed in 1999, and is what is still used today, but was not 
	  necessarily intended to be used for ten years
	- Aside: all of the people using TYPO3 back in 2001 were technical
	- 2002 First non-beta version of typo3 (3.5, extension manager introduced, 
	  almost the same as what we are still using)
	- 2003 first extensions are written and CVS access granted to others
	- TYPO3 4.0 released in 2006 (already behind schedule, exclusive community)
	- 2008 FLOW3 announced as a separate product (important because there was a strange 
	  lack of overlap between the PHP and TYPO3 communities)
	- 2009 extbase ports FLOW3 to TYPO3 4.3
	- 2010 first sprint results from TYPO3 v5.0
- Making the project grow
	- +1 system used to help with community commits: when someone submits a patch, 
	  two other ppl must come and test it and give it a +1 before it is committed.
- Clean code is very important for quality assurance (for this they have produced Coding 
  Guidelines in one page)
- Unit testing is one of the reasons v5 has been delayed, because they wanted to rewriete 
  all of v4, but there were no tests for v4
- Test Driven Development is _highly_ encouraged, as well as *Continuous Integration*  
  (ex with *Hudson*)
	- Previously the review system was all manual, but it is impossible to keep up to 
	  date with all 4000 extensions
- Will be switching from svn to git, using garret (works as a gatekeeper system)
- Hard to provide a roadmap for FLOW3/v5 because we don't know where the roads are
	- To plan, then, there are lists of features, but it can't be said when they'll be there
	- Small steps are key
- *Scrum*
	- Problem here is that not eveyrone is in the same place
	- Has not been a lot of research with Scrum with distributed teams
	- Also problems with planning (holidays, etc) (he seems a little upset that for the 
	  first sprint, which is just finishing, that the other guys didn't finish very much, heh)
- Phing used for automated releases
- Links
	- FLOW3 Coding Guidlines http://flow3.typo3.org/documentation/coding/guidelines/
	- QA in PHP PRojects http://qualityassuranceinphpprojects.com/
	- Hudson http://macosx.ci.typo3.org
- Literature
	- Real-World Solutions for Developing High-Quality PHP Frameworks and Applicatios 
	  (S. Bergmann and . Priebsch, Jon Wily and Sons)
	- Test-Driven Development By Example (Kent Beck, Addison-Wesley)
	- Not really any books on "how to run a huge, distributed, open-source project"
- Questions
	- Do you still have daily scrums, and if so, how?
		- afternoon
		- Have tried skype with voice, phone conferencing, teamspeak
		- skype and teamspeak seem best, and it's ok if some people miss meetings occasionally
		- important: have proper headsets for everyone
		- Best to have a moderator, people must be very disciplined (because you 
		  can't talk at the same time)
	- Can you provide any help for TDD, especially with extbase?
		- For the domain models, phpunit suffices
		- Sebastian for Fluid has written some integration tests
		- Also, never write the tests afterwards
		- They have probably spent 3-4 months just maintaining unit tests
		- Jochen Crau (extbase), though, encourages unit testing but not necessarily TDD

Cleaner Coding with Dependency Injection (Robert Lemke)
- Dependency is a design pattern (not unique to PHP), related to OOP
- Helps to encapsulate functionality and modularize programs
- TYPO3 still isn't properly object oriented
- Related patterns
	- Singleton pattern
		- Only one instance of the object on a system at a time
		- ex: Phone directory, want to programmaticalyl enusre that only one instance exists
		class PhoneDirectory {
			static $instance;
			static public function geInstance(){
				if(self::$instance === NULL){
					self::$instance = new self;
				return self::$instance;
		$phoneDirectory = PHoneDirectory::getInstance();
		- This is bad because what if you want to use an advanced phone directory 
		  (ex: PhoneDirectoryPlus), but the classname is hardcoded here
		- So, it would be best to use a ServiceLocator
	- ServiceLocator pattern
		class PhoneDirectory )
		class ServiceLocator {
			protected $instances = array();
			public function getInstance($className) {
				if (isset($this->instances[$className])){
		$phoneDirectory = ServiceLocator::getInstance('Phone...');
		- still bad because it depends on the ServiceLocator
	- So: dependency injection
		class MyClass {
			protected $phoneDirectory;
			public function __contsruct(PhoneDirectoryInterface $yd) {
				$this->phoneDirectory = $pd;
		- this is called dependency injection, because the control is now from outside the 
		  class (well-decoupled)
		- Instead, to MyClass, we add setters, so that you don't have to pass lots of 
		  arguments to constructor.  But, then you have to remember to set the phoneDirectory
		- These are all examples of dependency injection
		- Hard to use dependency injection without a framework,
		  because it's hard to figure out the correct order to inject
		  each dependency
			- ONe solution would be to not use DI for every class,
			  but that's hard, and DI is nice
- ex of DI in FLOW3
	- Injecting a PHP logger in a controller
	* @var \F3\FLOW3\Log\SystemLoggerInterface
	protected $logger;
	* @param \F3\FLOW3\Log\SystemLoggerInterface $logger
	public function injectLogger(\F3\FLOW3\Log\SystemLoggerInterface $logger) {
		$this->logger = $logger;	
	public function indexAction(){
	- This uses the reflection API
	- OR, use parameter injection
        * @inject
	* @var \F3\FLOW3\Log\SystemLoggerInterface
        protected $logger;
	- Note that we are injecting an interface.  If there is exactly one  class implementing the 
	  interface, then it uses that.  Otherwise, you must configure it in the Configuration 
	  directory, objects.yaml
- To help with speed, we have the temporary/StaticObjectContainer, which is like a compressed 
  file that has a list of every object with it's attrs (constructor and reconstitutor)
	- works well with accelerators
- Even without FLOW3, you can use the above techniques to achieve dependency injection

Effective SEO with TYPO3 (Benjamin Mack)
- Benjamin Mack, runs his own business called b13 in Germany, working for ad
  agencies and Christian organizations
- Google has 65% of the US marketshare, with 400million search requests per
- 10 things to do about SEO
1. HTML Code
	- Don't use tables
	- Avoid Flash
	- Make your site work without JS (crawlers can't access pages only
	  accessible by JS)
	- Validation, because it's easier to scan by search engines (though
	  not THAT important)
	- Use h1 carefully, only once per page
	- Use strong/em instead of b/i tags
	- Remove inline CSS/JS
2-3. Keywords
	- Must think about the things that someone will search for when
	  looking for the site 
	- Should match words that are actually used on the page (search
	  engines can tell)
	- The title tag is more important than keywords
	- Keywords don't matter for Google, but it's actually starting to come
	  back into play with semantic web
4. URLs
	- URLs are even more important than the title tag
5. Domains
	- Probably the strongest part is the domain (domain is often more important than content)
6. Images
	- Image and document filenames and alt/title tags
7. Duplicate Content
	- Avoid it, because search engines notice that sites are copying
	- Must have proper 301 redirects (page moved permanently)
	- Use the canonical tag  to tell
	  google that this is the main website, and Google will only list one
8. Block content
	- robots.txt to tell search engines where NOT to look (disallow
	  templates, t3lib, typo3, typo3_src, typo3conf)
	- meta tag robots , or "index",
	  "nofollow", "all"
9. XML Sitemap
	- like a regular sitemap, but just for search engines
	- submit a list of all your sites, with dates.  With this you can also
	  tell google to update your pages more or less often
	- Can be done automatically with TYPO3's sitemap
	- You submit this file to the search engines (search for google
	  webmaster tools)
10. Content
	- Should contain keywords
	- Use proper language and word diversity
	- Link to other pages
- Summary of most important: domain and URL naming, title tag and metatags,
  content structure, XML sitemap
- Canonical tags are preferred over 301s ,becaause they were come up
- Using TYPO3
1. Ext: CSS Styled Content, proper HTML template
2-3. Out of the box, EXT: seo_basics
4. EXT: RealURL
5. Domains
6. EXT: fl_realurl_image
7. EXT: realurl, EXT: canonical
8. Do it yourself
9. EXT: fl_seo_sitemap, EXT: seo_basics
10. Do it yourself "unfortunetaly no plugin in TYPO3 to create the content for
you".  Maybe see pmk_autokeywords, which can generate keywords by content.
- * spyfoo.com to tell you what keywords your competitors are
  buying, with reports.  You can go through there, take those keywords, and
use it to build content. 
- What's next?
	- Search engine marketing: Google adWords
	- Linking / Viral marketing (tell ten ppl to write about your product
	  and link to your site)
	- Write good content
	- Keep your websites up-to-date
- Questions
- Only the first 11 keywords are most important (though again, the title tag
  is still more important)
- Speed can matter, but less important than content
	- If you have access to a Content Distribution Network (CDN) network, Google
	  knows that, and it's good for you (but expensive)
	- Check google webmaster tools, and it will show you the speed of your website

Sharepoint connector for TYPO3 (Hans Olthoff, Frank Fischer)
- Both presenters members of TYPOTYCOON, a TYPO3 partner network
	- Focus on business
	- Share knowledge ad solutions
	- Good for you, if you want to offer your customers our products, can
	  help with marketing products for you
	- examples of partnerships: CCDS-Konzept (developed the SP connector),
	  alterNET, Mediatech (make special TYPO3 distros in US), Optimon
- Frank Fischer is a primary developer of SP Tools
- SP Tools in an extension to exchange data and files between MS SP and TYPO3
- Designed for companies that are running SP and TYPO3 simultaneously
- You can share docs and images, show custom lists like events, news, or
  product sheets in TYPO3 FE, or synchronize them for TYPO3 BE access
- You can also upload docs/images from TYPO3 to SP and fill out forms etc and
  send it to SP
- Cost effectvie because you can use the SP basic version (no license costs)
- USed to eliminate redundant data, and allows data exchange between systems.
  Ex: event registrations done on TYPO3 that must be put into SP
- Why not using SP as WCMS? Because it's 50keuros, no image processing, not as
  flexible or easier to develop in
- Why not use TYPO3 as the intranet? Not as good at document management.
- Can share user privileges between the two (set them only in SP)
- Demo
	- Editing content and seein the change on TYPO3 site (for instance
	  adding an event)
	- Uploading a file in TYPO3 and seeing it in SP (job offer
	- Sysfolders in TYPO3 BE to store Servers, Lists, Forms, and
	- Can view the news item created earlier in SP as a BE record
	- Synchronizing lists between SP and TYPO3 databases
- SP running on Windows, TYPO3 on linux, keep connection (can be secure) open

Creating Rich Internet Applications with TYPO3 driven Flex/AS3-application
(Reimar Kosack)
- EXT: t3flex: flex/AS library for TYPO3 extensions
- Small company in Germany: Wash with similar colours
- Motivation
	- modern, fast responsive UI
	- Display huge amounts of data
	- Low time to market
	- SEO
- Flash enabled on 99% of internet enabled PCs (77% Java)
- Sony is going to collaborate with Google's TV project, and will have
  opportunities to play flash on TV
- Goal: Provide fast access to TYPO3 datastructures and ValueObjects
	- SUpport important extensions out of the box
	- ActionscriptMessageFormat (AMF) for fast and effectvie messaging
- Use:
	- Install and set up user rights
	- SWC library communicates through XML/AMF
- AS3-Classes
	- public class T3Flex (t3configuration, t3flexforms, bulkloader,
	  dataservice >DB Helper), which is all extendable/modular
	- t3Standards (t3DbElement, and extensions of common classes, like
	  tt_content, fe_user, pages, etc)
	- extensions
- Basic syntax: 
	- also handles MM records
- Examples:
	- Large multitouch interactive map (interactive whiteboard)
		- Client came and said "we are bored of using ppt"
		- Want something to use as material to talk advertise our area
		- Now creates presentations with TYPO3
		- No need to train the editors, all content/media through TYPO3
		- Media iplemented through media links, so if you update the
		  media in one page, it updates on all
		- *Available offline* Hook available in t3flex to allow
		  exporting to offline
	- Apps and Widgets (TYPO3 without a browser)
		- Created a small application (without BE)
		- Phonebook app, can update user info from fe_users through
		  desktop app
		- These ppl were fed up with intranets (easy, because making
		  forms with flex is very fast)
	- Catalog extension with page flips
		- Content for each page from tt_content
		- You can double click on a page to edit it through Flex (very
		  nice little editor)
		- Tool to square/format pictures within the flex
- Google optimizitation
	- Also render an HTML page with the content from the pages
	- Not done through "cloaking" (to fool Google)
	- All done through TYPO3
- Integration with social networks
	- Flash based apps within Facebook (ex: Job advertisements)
- Code
	-ex: Time machine, you can click on buttons "load tt_news" or "load
	- Presents records in a fancy way, with movement between them
	private function initT3Flex(){
		var t3Site:T3Flex = T3Flex.getInstance();
		t3Site.config.baseUrl = 'http://typo3.t3fex.com";
		t3Site.config.baseSitePid = 36;
		//feature: enableOfflineCache, where it will cache images
- Very fast approach, development
- iScript syntax
	t3Site = Update FeUser-Images via Webcam
- This project will be published on forge
- Data is compressed (and can be secure), and air has this storage built in to
  store DB dataa

pt_list - The Definitive List Generator (Joachim Mathes)
- Generates lists (with filters) based on some data source
- Pager implemented as two plugins ("same plugin with two different modes")
- Easy to do sums/aggregators
- List, filters, paging
	- Could have calendar filter and form filter
	- Ex of something like a gantt chart
- And single view
- Installation
	- pt_mvc (like extbase) (really?)
	- pt_tools
	- smarty
- Supports exports (with some added extensions)
- Select a table and "table identifier"
	- Define sql queries (TCA-like information) for chosen table identifier
	- Define table fileds in TS also
	- Then define the column identifiers (labelling) (also includes a
	  renderObject configuration, which allows for stdWrap, images etc,
	  run user functions)
- Filter mode with properties: filterIdentifier, dataDescription, mode (ex: "select"), etc
- Future: pt_extlist will be based on extbase
- Filters also depend on eachother, eliminating impossible options (like ebay,
  not ajax though, must refresh)
- Also as a "structured" list feature, which displays grouped lists

Extbase in Real Life - a Case Study (Christian Jul Jensen)
- Working with TYPO3 for ten years, in steering committee
- Works for moc in Copenhagen, creating TYPO3 websites
- Large project to "digitalize" an art gallery museum, and extend
  functionality (Natinoal Art Gallery of Denmark)
- Contract was 1800 hrs
- 45,000 Artworks, 20,000 artists, with related records, etc.
- Complicated copyright (like access settings), and must ensure that images
  always shown in context
- Why extbase?
	- Future-proof
	- Complex domain warrants good model
- Project built with extbase version shipped with 4.3 (first)
- Kickstarting
	- efempty can be used instead of extbase_kickstarter, to copy extensions (and
	creates dummy content)
	- rename extension (used to rename/copy extensions)
	- We can contact the presenter to get a copy of "generator", used with
	  UML formatting (not yet public)
- Large problem with extbase is the level of error reporting
	- Character sets! Set inside of dispatcher
	- Loading the TCA not being loaded
	- Always use pageTypes
- Not possible to tell extbase to SAVE with a specific language (only retrieve
  is transparent)
- No performance problems, except during import with 65,000 records (would
  take 18 hours), loading too many objects (ended up writing an sql script)
- In his experience, development was not faster, but maintenance seems to be
- Advice: be pragmatic, even if it's not as beautiful

Extbase and beyond (Jochen Rau)
- Employed now working with TYPO3, used to be a mech. engineer
- Most important reason for extbase is the smooth transition for _developers_
  into v5
- Extensions are very maintainable
- Very nice diagram color-coding the 3,000 lines of code inside tt_news, based
  on what is used for domain logic, templating, business logic, etc.
- Planned for next version of extbase (1.2, with TYPO3v4.4)
	- performance in SQL queries, object tracking, and caching
	- Speaking exceptions
	- Documentation
	- Kickstarter (hopefully reworked within 6 months)
- Dispatcher will probably be reworked
	- Could create an Abstract dispatcher, and then plugin in your own (FE
	  disatcher, BE, Ajax, etc)
- Process for patches same now as Core development
- Beyond extabes:
- Generic Domain Models
	- WRUVI => William Street Rajan United States Virginia Indian,
	  following with a couple of examples of trying to input this name
	  (and how different records havedifferent ways of handling names)
	- So what to do? Create generic models to accommodate common entities
	  (organizations, date, event, locations, articles)
	- This is to prevent reinventing the wheel
	- Standrards
		- For persons, organizations, addresses, names, using OASIS CIQ 3.0,
		  originally for XML
		- BMEcat for product, suppliers, catalogs, prices
		- iCalendar for calendar, events, dates
	- EXT: generic
		- Using IRRE, you select lots of field types to define exactly
		  what that field is to be used for (ex: first name)
		- Currently, BE editing is confusing (though it's nice with
		  extbase on the FE, or could be done in a BE module)
		- Supports many formats
		- Syntax to further alter format:
			{party->g:format.party(format: 'nameONly')}
			- Implemented as 
s within a template to get correct segment format. - Example with addressses, using a firefox plugin that recognizes the microformats built into page to look up the hotel name - Challenges (XML2PHP, interoperability, consistent semantics) - Think about how to implement a generic Event model - In his opinion, the future of TYPO3, generic models and viewHelpers will be core features. On top of that, you add packages, which customize your installation of TYPO3 - Can be used to create Product Lines of TYPO3 (ex: Enterprise TYPO3, Blog TYPO3) - Developers could focus on these Product Lines, instead of standalone extensions or the core - Semantic Web - Currently Google can't differentiate between "golf" the sport and "golf" the car - Can give google more information: websciencetrust.org, specifies context for each piece of data - This allows google to relate words in the correct context - Semantic and TYPO3 - Drupal tries to implement semantic web for 2-3 years, but requires lots of configuration - In flow3, though, we have semantic models, so can just add annotations at the top of classes and properties (@semantic) to specify semantic meanings - Can even indicate semantic relations with annotations - Display complicated relations, semantic (not necessarily technical), which could be used by the kickstarter and TYPO3 - Semantic queries with SPARQL SELECT $person $article FROM WHERE { $erson rdfs:type generic:Person . $person core:authorOf $article . $article rdfs:type coreNewsArticle . $article core:isPlaceDOn $page . $page core:title "Welcome"@en . } - [TYPO-dev] The state of support for the Semantic Web / RDFA / Web 3.0 in TYPO3 - Hard part: integration of semantic web technology in the movement of the community --- TYPO3 Scalability for hgih traffic sites (Dan Osipov) --- - Worked with TYPO3 since 2007, some high traffic news sites - DAM team leader, author of *TYPO3 4.3 Multimedia Cookbook from Packt - Scalability from experience - 500k page views per day, 100k unique users per day (phillyburbs.com) - New content every 5-10 minutes - Above all in one TYPO3 instance (to allow for content sharing) - Vertical scaling: add faster disks, better processors, etc - Horizontal scaling: add more servers - How to build a scalable system - Develop benchmarks with measurable goals - Optimize the site - Find bottlenecks with benchmarks - Experiment, be creative (not one way to do it) - Benchmark tools - ab - Jmeter (hard to learn, but can be used to simulate users, very powerful) - Profiling: figuring out the bottlenecks - Monitoring - Caching - Cache everyhing that can be cached in memory - TYPO3 cache allows different backends in 4.3 - Optimize the MySQL Query Cache (give it just enough memory, not too much) - PHP Bytecode cache (eaccelerator, APC, X-Cache) - Turn off the file-modification checks, but then you must remember to flush the cache every time you update your PHP Files - Use reverse proxies if you can - Sepraate processing and DB (install MySQL on a different host) - Allows you to optimize servers for their function - Multiple processors for processingserver - fast disks and RAM for DB server - Compress data between processing an dDB serer (TYPO3_CONF_VAR dbClientCompress) - To add more processing servers, you will need a load balancer (this is where it gets complicated) - Load balancers - Round robin DNS - Hardware load balancer - Session must be on a common server - Filesystems must be on a shared drive, or even a SAN solution or ISCSI - NFS - For database bottlenecks, scale your DB - Cluster setup, with master slave replication (EXT: t3p_scalable) - SELECT requests go to slave servers - Write requests go to the master - Sharding (not as well supported in TYPO3), used by social sites, to store for instance users across different servers - For replication lag problems, cache onto a non DB cache (like memcache, can be done with TYPO3 4.3) - You can add more slaves - You want to put most static stuff onto a CDN - Amazon S3/Cloudfront - EXT: cdnfiles - Relpcaes fileadmin/, uploads/, typo3temp/, pics/ links to CDN equivalents - Isn't responsible for dynamic uploading of files to CDN (maybe could do it through DAM, contact him if interested) - If your web server goes down, the load balancer will pick that up, and go to one that's up - Similarly with t3cdn - If your master DB server fails, you can promote a slave to a mester and reconfigure TYPO3 to use the new master (limitation with Single Master DB) - Cloud computing - Scalablity on demand, use servers when you need them (certain times of year, etc) - EC2 - Joyent

26C3 Here Be Dragons!

Here be ELectric Dragons: Prepraing for the Emancipaition of Machines
Lorenz G Lechner - Helsiniki University

-BitBang Rays to the Future: what the tech future would look like in 2025, how affects economy
-started thinking machines were to augment our capabilites ("we have been cyborgs since we started using fire")
-new machines, combinations of mechanic and processing abalities
-"The future is here, just unevertly distributed"
-We differentiate between machines and animals because we look at the world using difgferent senses
-the machines that are market savvy are those that will prevail
	-ex: robot hamster that is silghtly more action than a real hamster
-"There is no physical task in which a human can outperform a robot"
Adanced microcontroller programming: Getting deeper into AVR programming
iwesen@ruinwesen.com, http://ruinwesen.com/, http://github.com/wesen, htpt://tiwtter.com/wesen
-Becaus all unit tests don't fit on the AVR, substititue mock objects
-Uses C++ on the 8 bit microcontroller, because you have enough control to
allocate the program flow that it is almost as efficient as if it were written
in Assembly
-does not use any dynamic allocation (no creation of "new" objects), just
-uses muliple inheritance, method overloading "virtual methods", no templates
-biggest advantage is Object Orientation
, so entire hardware element of controller can be wrapped in objects
	-can subclass for different defatures using multiple inheritance
	-can use linked lists, other high level data structures
-con: bloated, code size is huge (mostly because C++ and pointer arithmetic)i,
and gcc is not very good and using extra registers of AVR
-if you use 32bit interegers, int operations will be something like 12 times
as slow because it has to slpti into 8 bit operations
-Measuring with Profiler? timing tool
-important to undrestand compiler (assembly( output, even if you aren't
writing in assembly
-code refactoring
	-avoid big switch statements
	-available in a book called Small Memeory Software
-most effective tool for hardwar edubgging is an oscilloscope
-peizo allows you to observe states through auibal frequences
-sends out midi notes instead of logging text
-Can use JTAG with GDB or Kavascript (the latter is much faster/lightweight),
custom debugging environment

Fuzzing your phone from your phone

-why attack SMS?
	-received and processed by almsot all phones, no firewalls, can be
	targeted with just a phone, server side without firewall
-life of SMS: message sent to device to the short message service center SMSC,
forwarded to rciptient, in a qSMSC queue messages if not aaliable, delivers
-SMS arrives and the modem dumps 2 lines of text (PDU)
-Take existing input and mutate it, or create input from scratch
-sending test cases best done by adding a man in the middle channes between
the application and the modem, because it's free, no special equipment, etc.
Just results have to be verified over the carrier network
-layes: modem : virtual serial lines : injector, userspace telphony
-SMS acts bteween user and injector layer
-for iphone, crashdumps are generated so you can send your SMS and check for a
new crashdump file, and then finally send a text SMS to make sure app not
-harder on android because processing done in Java, so have to create a new
interface to replace the java
-logcat -d gives you the logdump, where stars indicate a crash
-motivation is that you can first lock/crash iphone by crashing springboard,
but also interrupt
-with android, you can kick phone off network, make it no longer register with
the network by forgetting the pin for unlocked phones
-windows mobile, makes phone unusable until mallicious SMS is deleted
-somenoe else got remote code execution working for the iphone
-send SMS to port 2948, get java.lang.ArrayOutOfBoundsException (doesn't work
on AT&T)
-on windows mobile, send "%n" seems to crash it (has update now)
-SMS is a great attack method against smart phones
-reported all bugs, and android/iphone has fixed most of them

Defending the poor: Defending against Flash exploints
-motivation: project initiated in 2008 by german federal offic efor
infromation securit
-germany is one of the only countries who has a govt dept that is partiall
yresponsible for computer security
-web sites that host flash banners are susceptible to these attacks, or
websites that allow others to upload files to their sites
-RIAs are implemenetd sa plugins for webbrowsers (functionality that
the browser intentianlly did not provide)
-flash security model relies on  code that runs inside a VVM, and tries to
make sure nothing escapes int othe native system
-two sandboxes, one for communicating with the network, and another that can
access to filesystem
-flash is not very configurable, and has no signatures to tell where a swf
came from
-vulnerabilities: copying data to clipboard, FLV intereger overflow, 
-attacks using flash include"exploit characters" bc flash has lots of info
about OSs etc
, clickjacking (USer Intferface Redressing", sending additioal HTTP header in
requests, simply redirecting the web browser (most common)
-1. redirecting 2. binary exploints 3. web attack vehicle
-SWF Adjack/Gnida, which stores campaign information in a local shared object
(in other campaigns, not techincally malware)
-AV companies are not very effective protecting against flash exploits
-everythnig is very dependent on versions
-flash has two VMs, one programmed in ActionScript 1 and 2, most apps.  AVM2
is programmed ActionScript 3, which is more OOP, which would have bene good,
but most flash developers generaly don't understand OOP
-important: all versions of flash are backward compatible
-includes versions of actions/objects, like DefineButton2, etc.
-VM includes function declarations in the bytecode inline, as well as allowing
byte offsets in branch instructions
	-can jump into another code block,
	-if you write a really long if statement, it will validate, but an
	only jump 16 bits of code, because that's the branch offset size
-also, objects at larger depth levels' code is executed last
-open source version is called "Tamarin"
-two types of attacks to be handled: malformed SWF files that cause memory
corrucption in the lpaye, and wellformed swf files that use the playe'rs API
for evilness
-because flash plaers ar e"fragile", a file is analyzed before it's played,
original is deleted, and then recreated using what was understood from te file
-ACtioGetURL2 is the most widely used action to forard browsers to potentially
dangerous targets
-Blitzableiter implements patches in the VM, which supporsts AVM1 exploits
-avg code inflation is 224%, 82% of those swfs patched, flash also went slower
-Microsoft Silverlight is a good example