DOCSLIB.ORG

2Nd USENIX Conference on Web Application Development (Webapps ’11)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2Nd USENIX Conference on Web Application Development (Webapps ’11) conference proceedings Proceedings of the 2nd USENIX Conference Application on Web Development 2nd USENIX Conference on Web Application Development (WebApps ’11) Portland, OR, USA Portland, OR, USA June 15–16, 2011 Sponsored by June 15–16, 2011 © 2011 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-86-7 USENIX Association Proceedings of the 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Conference Organizers Program Chair Armando Fox, University of California, Berkeley Program Committee Adam Barth, Google Inc. Abdur Chowdhury, Twitter Jon Howell, Microsoft Research Collin Jackson, Carnegie Mellon University Bobby Johnson, Facebook Emre Kıcıman, Microsoft Research Michael E. Maximilien, IBM Research Owen O’Malley, Yahoo! Research John Ousterhout, Stanford University Swami Sivasubramanian, Amazon Web Services Geoffrey M. Voelker, University of California, San Diego Nickolai Zeldovich, Massachusetts Institute of Technology The USENIX Association Staff WebApps ’11: 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Message from the Program Chair . v Wednesday, June 15 10:30–Noon GuardRails: A Data-Centric Web Application Security Framework . 1 Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks . 13 Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch, Imperial College London Secure Data Preservers for Web Services . 25 Jayanthkumar Kannan, Google Inc.; Petros Maniatis, Intel Labs; Byung-Gon Chun, Yahoo! Research 1:00–2:30 BenchLab: An Open Testbed for Realistic Benchmarking of Web Applications . 37 Emmanuel Cecchet, Veena Udayabhanu, Timothy Wood, and Prashant Shenoy, University of Massachusetts Amherst Resource Provisioning of Web Applications in Heterogeneous Clouds . 49 Jiang Dejun, VU University Amsterdam and Tsinghua University Beijing; Guillaume Pierre, VU University Amsterdam; Chi-Hung Chi, Tsinghua University Beijing C3: An Experimental, Extensible, Reconfigurable Platform for HTML-based Applications . 61 Benjamin S. Lerner and Brian Burg, University of Washington; Herman Venter and Wolfram Schulte, Microsoft Research 3:00–4:30 The Effectiveness of Application Permissions . .. 75 Adrienne Porter Felt, Kate Greenwood, and David Wagner, University of California, Berkeley Experiences on a Design Approach for Interactive Web Applications . 87 Janne Kuuskeri, Tampere University of Technology Exploring the Relationship Between Web Application Development Tools and Security . 99 Matthew Finifter and David Wagner, University of California, Berkeley Thursday, June 16 1:00–2:30 Integrating Long Polling with an MVC Web Framework . 113 Eric Stratmann, John Ousterhout, and Sameer Madan, Stanford University Detecting Malicious Web Links and Identifying Their Attack Types . .125 Hyunsang Choi, Korea University; Bin B. Zhu, Microsoft Research Asia; Heejo Lee, Korea University Maverick: Providing Web Applications with Safe and Flexible Access to Local Devices . 137 David W. Richardson and Steven D. Gribble, University of Washington Message from the WebApps ’11 Program Chair Welcome to WebApps ’11, the second annual USENIX Conference on Web Application Development. Our con- tinuing emphasis is ensuring that attendees are exposed to the most interesting new work from both industry and academia. To that end, both the program committee and the accepted papers represent a balanced mix of industry practitioners from the highest-profile Web companies and university researchers working on cutting-edge Web technologies. The twelve papers presented (of 28 submissions received) were subjected to the rigorous review standards for which USENIX’s academically focused conferences are known. All papers received at least three thorough reviews and some received more; each paper got a fair and complete discussion at the in-person program committee meet- ing in Berkeley; and each paper was assigned a shepherd to help improve the final presentation. We hope you will be pleased with the results, which showcase a wide variety of Web applications and technologies. I’d like to thank the authors for taking the time to submit a paper, whether it was accepted or not. Preparing a paper is a lot of work, and we are still exploring ways to engage industrial authors and get the best industrial work along with the best academic work. I personally welcome any suggestions from authors or prospective authors in this regard. I also thank the program committee for their efforts in reviewing and shepherding, especially some of the indus- trial participants, whose schedules can be particularly hectic. Lastly, as always, USENIX’s professional organization makes the logistical aspects of running a program commit- tee a breeze, especially Ellie Young, Anne Dickison, Casey Henderson, and Jane-Ellen Long, along with the rest of the USENIX staff. I hope that what you see and hear at WebApps ’11 inspires you to submit your own best work to future WebApps conferences. Armando Fox, University of California, Berkeley GuardRails: A Data-Centric Web Application Security Framework Jonathan Burket Patrick Mutchler Michael Weaver Muzzammil Zaveri David Evans http://guardrails.cs.virginia.edu University of Virginia Abstract cies is scattered throughout the application, making ac- cess checks at a variety of locations or sanitizing strings Modern web application frameworks have made it easy where they might be potentially harmful. This decentral- to create powerful web applications. Developing a se- ized approach to security makes it difficult, if not impos- cure web application, however, still requires a developer sible, to be certain that all access points and data flow to posses a deep understanding of security vulnerabili- paths are correctly mediated. Further, security policies ties and attacks. Even for experienced developers it is are rarely completely known from the start; rather they tedious, if not impossible, to find and eliminate all vul- evolve along with the development of the application or nerabilities. This paper presents GuardRails, a source-to- in response to new threats. Changing an existing policy source tool for Ruby on Rails that helps developers build can be very difficult, as changes must be made across the secure web applications. GuardRails works by attach- entire application. ing security policies defined using annotations to the data To alleviate these problems, we developed Guard- model itself. GuardRails produces a version of the input Rails, a source-to-source tool for Ruby on Rails appli- application that automatically enforces the specified poli- cations that centralizes the implementation of security cies. GuardRails helps developers prevent a myriad of policies. GuardRails works by attaching security policies security problems including cross-site scripting attacks directly to data, and automatically enforcing these poli- and access control violations while providing a large de- cies throughout the application. Developers define their gree of flexibility to support a range of policies and de- policies using annotations added to their data model. velopment styles. GuardRails automatically generates the code necessary to enforce the specified policies. The policy decisions are centralized and documented as part of the data model 1 Introduction where they are most relevant, and developers do not need to worry about missing security checks or inconsistent Web application frameworks have streamlined develop- enforcement. ment of web applications in ways that relieve program- Like most web application frameworks, Ruby on Rails mers from managing many details like how data is stored provides an object interface to data stored in database ta- in the database and how output pages are generated. Web bles. This enables GuardRails to attach policies to ob- application frameworks do not, however, provide enough jects and make those policies persist as data moves be- assistance to enable developers to produce secure web tween the application and database. The abstract data applications without a great deal of tedious effort. The model provided by Ruby on Rails is one key advantage goal of this work is to demonstrate that incorporating over systems like DBTaint [4, 18], which have no knowl- data-centric policies and automatic enforcement into a edge of what the relevant data actually represents within web application framework can greatly aid developers in the context of the application. While our implementation producing secure web applications. of GuardRails is specific to Ruby on Rails, we expect When developing web applications, developers typi- most of our approach could also be applied to similar cally have an idea of what security policies they want frameworks for other languages. to enforce. Ranging from which users should have ac- cess to which data to how certain pieces of user input Contributions. Our major contribution is a new ap- should be sanitized, these policies are rarely documented proach for managing web application security focused on in
Load more

Recommended publications
  • Table of Contents
    TABLE OF CONTENTS I. EXECUTIVE SUMMARY ...............................................................................................3 A. Recommendations ..............................................................................................................................................3 1. Future Governance board ................................................................................................................................3 2. Integration Models ..........................................................................................................................................3 3. CCIS and JIS Review by Infinity Software Development Inc. .......................................................................4 4. Catalog of Common Data Elements................................................................................................................4 5. Data Exchange Standards and Protocol...........................................................................................................4 6. Infrastructure and Network Standards and Protocol........................................................................................4 7. Security and Access Standards and Protocol...................................................................................................5 8. Unified Statute Table ......................................................................................................................................6 9. Minimum Data Elements for Policy Oversight ...............................................................................................6
    [Show full text]
  • Resin 3.2 Reference
    Contents 1 Overview 3 1.1 Features - Resin and Resin Professional . .3 2 Installation 11 2.1 Resin Installation Quick Start . 11 2.2 Resin Installation . 16 2.3 Resin Web Server . 16 2.4 Resin with Apache . 22 2.5 Resin with IIS . 34 2.6 How the Plugins Dispatch to Resin . 44 3 Command-Line 47 3.1 Command-Line Configuration . 47 4 Admin Guide 51 4.1 User Guide: Administration . 51 5 Watchdog 63 5.1 Resin Watchdog . 63 6 Virtual Hosts 73 6.1 Virtual Hosting . 73 7 Clustering 89 7.1 Resin Clustering . 89 8 Web Applications 109 8.1 An Overview of Web Applications . 109 9 Logging 137 9.1 Log . 137 10 Administration 163 10.1 Resin Administration . 163 1 CONTENTS 11 Deployment 177 11.1 Packaging/Deployment . 177 12 Proxy Caching 181 12.1 Server Caching . 181 13 Quercus 193 13.1 Quercus: PHP in Java . 193 14 Security 217 14.1 Resin Security . 217 15 Inversion of Control 271 15.1 Resin IoC . 271 15.2 Scheduled Task . 308 16 Amber 327 16.1 Amber . 327 17 Embedding Resin 355 17.1 Embedding Resin . 355 18 Filters 367 18.1 Filters . 367 19 BAM 379 19.1 BAM . 379 20 Comet 405 20.1 Comet/Server-Push Servlet . 405 21 Remoting 411 21.1 Resin Remoting . 411 21.2 Hessian . 417 22 Messaging 423 22.1 Resin Messaging . 423 23 JSF - Java Server Faces 435 23.1 JSF - Java Server Faces . 435 24 Configuration Tags 445 24.1 cluster: Cluster tag configuration .
    [Show full text]
  • Pragmatic Guide to Javascript
    www.allitebooks.com What Readers Are Saying About Pragmatic Guide to J a v a S c r i p t I wish I had o w n e d this book when I first started out doing JavaScript! Prag- matic Guide to J a v a S c r i p t will take you a big step ahead in programming real-world JavaScript by showing you what is going on behind the scenes in popular JavaScript libraries and giving you no-nonsense advice and back- ground information on how to do the right thing. W i t h the condensed years of e x p e r i e n c e of one of the best JavaScript developers around, it’s a must- read with great reference to e v e r y d a y JavaScript tasks. Thomas Fuchs Creator of the script.aculo.us framework An impressive collection of v e r y practical tips and tricks for getting the most out of JavaScript in today’s browsers, with topics ranging from fundamen- tals such as form v a l i d a t i o n and JSON handling to application e x a m p l e s such as mashups and geolocation. I highly recommend this book for anyone wanting to be more productive with JavaScript in their web applications. Dylan Schiemann CEO at SitePen, cofounder of the Dojo T o o l k i t There are a number of JavaScript books on the market today, b u t most of them tend to focus on the new or inexperienced JavaScript programmer.
    [Show full text]
  • The Effectiveness of Application Permissions
    The Effectiveness of Application Permissions Adrienne Porter Felt,∗ Kate Greenwood, David Wagner University of California, Berkeley apf, kate eli, [email protected] Abstract cations’ permission requirements up-front so that users can grant them during installation. Traditional user-based permission systems assign the Traditional user-based permission systems assign the user’s full privileges to all applications. Modern plat- user’s full privileges to all of the user’s applications. In forms are transitioning to a new model, in which each the application permission model, however, each appli- application has a different set of permissions based on cation can have a customized set of permissions based its requirements. Application permissions offer several on its individual privilege requirements. If most applica- advantages over traditional user-based permissions, but tions can be satisfied with less than the user’s full priv- these benefits rely on the assumption that applications ileges, then three advantages of application permissions generally require less than full privileges. We explore over the traditional user-based model are possible: whether that assumption is realistic, which provides in- sight into the value of application permissions. • User Consent: Security-conscious users may be We perform case studies on two platforms with appli- hesitant to grant access to dangerous permissions cation permissions, the Google Chrome extension sys- without justification. For install-time systems, this tem and the Android OS. We collect the permission re- might alert some users to malware at installation; quirements of a large set of Google Chrome extensions for time-of-use systems, this can prevent an in- and Android applications.
    [Show full text]
  • Appendix 1 - 5 Appendix 1 - Questionnaire for Colleges
    Appendix 1 - 5 Appendix 1 - Questionnaire for Colleges Declaration: I, Rajeev Ghode, persuing my Ph.D. in Department of Communication Studies, Pune University. Title of Ph.D. Research is "To study potential and challenges in the use and adoption of ICT in Higher Education"For this research purpose, I want to collect quantitative data from all the professors of colleges which are affiliated to Pune University. I ensure that all the data collected will be used only for the Ph.D. research and secrecy of the data will be maintained. I appreciate you for spending your valuable time to fill this questionnaire. Thanking You <•;. Prof. Rajeev Ghode Questionnaire Name of the College Address/City 1 Arts Science and Commerce College 1 Arts Science and Commerce College with Computer Science Type of College 1 Commerce and BBA Q B.Ed. College 1 1 Law Institutional ICT Infrastructure Sr. ICT Infrastructure Yes No Provision in near No. future 1. Multimedia /Conference Hall 2. Computer Lab 3. Internet Connectivity in Campus 4. Digital Library 5. Website 6. Organization e-mail Server 7. Blog Appendix - I Sr. ICT Infrastructure Yes No Provision in near No. future 8. Presence on SNS 9. Online Admission System 10. Online/Offline Examination Application 11. Biometric Attendance 12. Student Management System 13. Professional membership for online journals Department-wise ICT Infrastructure Sr. ICT Infrastructure Yes No Provision in near No. future 1. Do you have separate Desktops for faculties in every department? 2. Do you have separate Laptops for every department? 3. Does every department have LCD Projector? 4.
    [Show full text]
  • Jquery: Novice to Ninja
    SECOND Pantone: EDITION CMYK: JQUERYGrey scale PANTONE Orange 021 C PANTONE 2955 C NOVICE TO NCMYK IO, 53, N100, 0 JCMYKA 100, 45, 0, 37 NEW KICKS ANDBlack 50% TRICKSBlack 100% BY EARLE CASTLEDINE & CRAIG SHARKIE SIMPLE, FAST, POWERFUL — JAVASCRIPT THE WAY IT SHOULD BE Summary of Contents Preface . xvii 1. Falling in Love with jQuery . 1 2. Selecting, Decorating, and Enhancing . 19 3. Animating, Scrolling, and Resizing . 53 4. Images and Slideshows . 93 5. Menus, Tabs, Tooltips, and Panels . 139 6. Construction, Ajax, and Interactivity . 187 7. Forms, Controls, and Dialogs . 239 8. Lists, Trees, and Tables . 305 9. Plugins, Themes, and Advanced Topics . 347 A. Reference Material . 409 B. JavaScript Tidbits . 419 C. Plugin Helpers . 425 Index . 431 JQUERY: NOVICE TO NINJA BY EARLE CASTLEDINE & CRAIG SHARKIE wnload from Wow! eBook <www.wowebook.com> o D iv jQuery: Novice to Ninja by Earle Castledine and Craig Sharkie Copyright © 2012 SitePoint Pty. Ltd. Product Manager: Simon Mackie Assistant Technical Editor: Diana MacDonald Technical Editor: Tom Museth Indexer: Michele Combes Expert Reviewer: Jörn Zaefferer Cover Designer: Alex Walker Editor: Kelly Steele Printing History: Latest Update: February 2012 First Edition: February 2010 Second Edition: February 2012 Notice of Rights All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means without the prior written permission of the publisher, except in the case of brief quotations included in critical articles or reviews. Notice of Liability The authors and publisher have made every effort to ensure the accuracy of the information herein.
    [Show full text]
  • Modern Web Application Frameworks
    MASARYKOVA UNIVERZITA FAKULTA INFORMATIKY Û¡¢£¤¥¦§¨ª«¬­Æ°±²³´µ·¸¹º»¼½¾¿Ý Modern Web Application Frameworks MASTER’S THESIS Bc. Jan Pater Brno, autumn 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or ex- cerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Bc. Jan Pater Advisor: doc. RNDr. Petr Sojka, Ph.D. i Abstract The aim of this paper was the analysis of major web application frameworks and the design and implementation of applications for website content ma- nagement of Laboratory of Multimedia Electronic Applications and Film festival organized by Faculty of Informatics. The paper introduces readers into web application development problematic and focuses on characte- ristics and specifics of ten selected modern web application frameworks, which were described and compared on the basis of relevant criteria. Practi- cal part of the paper includes the selection of a suitable framework for im- plementation of both applications and describes their design, development process and deployment within the laboratory. ii Keywords Web application, Framework, PHP,Java, Ruby, Python, Laravel, Nette, Phal- con, Rails, Padrino, Django, Flask, Grails, Vaadin, Play, LEMMA, Film fes- tival iii Acknowledgement I would like to show my gratitude to my supervisor doc. RNDr. Petr So- jka, Ph.D. for his advice and comments on this thesis as well as to RNDr. Lukáš Hejtmánek, Ph.D. for his assistance with application deployment and server setup. Many thanks also go to OndˇrejTom for his valuable help and advice during application development.
    [Show full text]
  • Google Security Chip H1 a Member of the Titan Family
    Google Security Chip H1 A member of the Titan family Chrome OS Use Case [email protected] Block diagram ● ARM SC300 core ● 8kB boot ROM, 64kB SRAM, 512kB Flash ● USB 1.1 slave controller (USB2.0 FS) ● I2C master and slave controllers ● SPI master and slave controllers ● 3 UART channels ● 32 GPIO ports, 28 muxed pins ● 2 Timers ● Reset and power control (RBOX) ● Crypto Engine ● HW Random Number Generator ● RD Detection Flash Memory Layout ● Bootrom not shown ● Flash space split in two halves for redundancy ● Restricted access INFO space ● Header fields control boot flow ● Code is in Chrome OS EC repo*, ○ board files in board/cr50 ○ chip files in chip/g *https://chromium.googlesource.com/chromiumos/platform/ec Image Properties Chip Properties 512 byte space Used as 128 FW Updates INFO Space Bits 128 Bits Bitmap 32 Bit words Board ID 32 Bit words Bitmap Board ID ● Updates over USB or TPM Board ID Board ID ~ Board ID ● Rollback protections Board ID mask Version Board Flags ○ Header versioning scheme Board Flags ○ Flash map bitmap ● Board ID and flags Epoch ● RO public key in ROM Major ● RW public key in RO Minor ● Both ROM and RO allow for Timestamp node locked signatures Major Functions ● Guaranteed Reset ● Battery cutoff ● Closed Case Debugging * ● Verified Boot (TPM Services) ● Support of various security features * https://www.chromium.org/chromium-os/ccd Reset and power ● Guaranteed EC reset and battery cutoff ● EC in RW latch (guaranteed recovery) ● SPI Flash write protection TPM Interface to AP ● I2C or SPI ● Bootstrap options ● TPM
    [Show full text]
  • Apigee X Migration Offering
    Apigee X Migration Offering Overview Today, enterprises on their digital transformation journeys are striving for “Digital Excellence” to meet new digital demands. To achieve this, they are looking to accelerate their journeys to the cloud and revamp their API strategies. Businesses are looking to build APIs that can operate anywhere to provide new and seamless cus- tomer experiences quickly and securely. In February 2021, Google announced the launch of the new version of the cloud API management platform Apigee called Apigee X. It will provide enterprises with a high performing, reliable, and global digital transformation platform that drives success with digital excellence. Apigee X inte- grates deeply with Google Cloud Platform offerings to provide improved performance, scalability, controls and AI powered automation & security that clients need to provide un-parallel customer experiences. Partnerships Fresh Gravity is an official partner of Google Cloud and has deep experience in implementing GCP products like Apigee/Hybrid, Anthos, GKE, Cloud Run, Cloud CDN, Appsheet, BigQuery, Cloud Armor and others. Apigee X Value Proposition Apigee X provides several benefits to clients for them to consider migrating from their existing Apigee Edge platform, whether on-premise or on the cloud, to better manage their APIs. Enhanced customer experience through global reach, better performance, scalability and predictability • Global reach for multi-region setup, distributed caching, scaling, and peak traffic support • Managed autoscaling for runtime instance ingress as well as environments independently based on API traffic • AI-powered automation and ML capabilities help to autonomously identify anomalies, predict traffic for peak seasons, and ensure APIs adhere to compliance requirements.
    [Show full text]
  • Google Chrome OS VS Distribuciones GNU/Linux 18
    1Google Chrome OS Universidad Católica “Nuestra Señora de la Asunción” Facultad de Ciencias y Tecnología Departamento de Ingeniería Electrónica e Informática TAI 2 Chrome OS Fernando Cardozo [email protected] Mat:51300 Prof: Ing Juan Urraza Asunción – Paraguay 2010 2Google Chrome OS Índice Introducción 4 Un nuevo modelo 5 Kernel 6 Arquitectura del software 6 El sistema en sí y los servicios 7 El navegador y el administrador de ventanas 8 Sistema de archivos 8 Diagrama del proceso de booteo 9 Requerimientos del hardware 10 Seguridad en el Chrome OS 10 Interfaz del usuario 11 Pestaña de aplicaciones 12 Panel 13 Multiples ventanas 14 Como se sincroniza Chrome en la nube 15 Google Cloud Printing 16 Chromoting 17 Chrome OS vs Windows 18 Google Chrome OS VS Distribuciones GNU/Linux 18 Cuestionamientos 19 Cuestionamientos 20 Proyectos similares 21 3Google Chrome OS Proyectos similares 22 Anexo 23 Conclusión 24 Referencias 25 4Google Chrome OS Introducción Google Chrome OS es un proyecto llevado a cabo por la compañía Google para desarrollar un sistema operativo basado en web. A través de su blog oficial, Google anunció el 7 de julio de 2009 que Google Chrome OS será un sistema realizado con base en código abierto (Núcleo Linux) y orientado inicialmente para mini portátiles, estando disponible en el segundo semestre de 2010. Funcionará sobre microprocesadores con tecnología x86 o ARM.. La compañía Google ha declarado que el código fuente del proyecto Google Chrome OS fue liberado a finales de 2009. Aunque el sistema se basa en un kernel Linux, tendrá un gestor de ventanas propio de Google.
    [Show full text]
  • Web Development and Perl 6 Talk
    Click to add Title 1 “Even though I am in the thralls of Perl 6, I still do all my web development in Perl 5 because the ecology of modules is so mature.” http://blogs.perl.org/users/ken_youens-clark/2016/10/web-development-with-perl-5.html Web development and Perl 6 Bailador BreakDancer Crust Web Web::App::Ballet Web::App::MVC Web::RF Bailador Nov 2016 BreakDancer Mar 2014 Crust Jan 2016 Web May 2016 Web::App::Ballet Jun 2015 Web::App::MVC Mar 2013 Web::RF Nov 2015 “Even though I am in the thralls of Perl 6, I still do all my web development in Perl 5 because the ecology of modules is so mature.” http://blogs.perl.org/users/ken_youens-clark/2016/10/web-development-with-perl-5.html Crust Web Bailador to the rescue Bailador config my %settings; multi sub setting(Str $name) { %settings{$name} } multi sub setting(Pair $pair) { %settings{$pair.key} = $pair.value } setting 'database' => $*TMPDIR.child('dancr.db'); # webscale authentication method setting 'username' => 'admin'; setting 'password' => 'password'; setting 'layout' => 'main'; Bailador DB sub connect_db() { my $dbh = DBIish.connect( 'SQLite', :database(setting('database').Str) ); return $dbh; } sub init_db() { my $db = connect_db; my $schema = slurp 'schema.sql'; $db.do($schema); } Bailador handler get '/' => { my $db = connect_db(); my $sth = $db.prepare( 'select id, title, text from entries order by id desc' ); $sth.execute; layout template 'show_entries.tt', { msg => get_flash(), add_entry_url => uri_for('/add'), entries => $sth.allrows(:array-of-hash) .map({$_<id> => $_}).hash,
    [Show full text]
  • Algorithmic Reflections on Choreography
    ISSN: 1795-6889 www.humantechnology.jyu.fi Volume 12(2), November 2016, 252–288 ALGORITHMIC REFLECTIONS ON CHOREOGRAPHY Pablo Ventura Daniel Bisig Ventura Dance Company Zurich University of the Arts Switzerland Switzerland Abstract: In 1996, Pablo Ventura turned his attention to the choreography software Life Forms to find out whether the then-revolutionary new tool could lead to new possibilities of expression in contemporary dance. During the next 2 decades, he devised choreographic techniques and custom software to create dance works that highlight the operational logic of computers, accompanied by computer-generated dance and media elements. This article provides a firsthand account of how Ventura’s engagement with algorithmic concepts guided and transformed his choreographic practice. The text describes the methods that were developed to create computer-aided dance choreographies. Furthermore, the text illustrates how choreography techniques can be applied to correlate formal and aesthetic aspects of movement, music, and video. Finally, the text emphasizes how Ventura’s interest in the wider conceptual context has led him to explore with choreographic means fundamental issues concerning the characteristics of humans and machines and their increasingly profound interdependencies. Keywords: computer-aided choreography, breaking of aesthetic and bodily habits, human– machine relationships, computer-generated and interactive media. © 2016 Pablo Ventura & Daniel Bisig, and the Agora Center, University of Jyväskylä DOI: http://dx.doi.org/10.17011/ht/urn.201611174656 This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 International License. 252 Algorithmic Reflections on Choreography INTRODUCTION The purpose of this article is to provide a first-hand account of how a thorough artistic engagement with functional and conceptual aspects of software can guide and transform choreographic practice.
    [Show full text]