PyBerlin 42 - 🍁🍁 Autumn event 🍁🍁

Agenda:

• 18:00 - Opening doors of the venue

• 18:20 - Welcome to PyBerlin! // Organisers

• 18:30 - Welcome from the host // Native Instruments

• 18:40 - 19:10 - The CPU in your browser: WebAssembly demystified // Dr. Antonio Cuni

In the recent years we saw an explosion of usage of Python in the browser: Pyodide, CPython on WASM, PyScript, etc. All of this is possible thanks to the powerful functionalities of the underlying platform, WebAssembly.
In this talk we will examine what is exactly WebAssembly, what are the strong and weak points, what are the limitations and what the future will bring us. We will also see why and how WebAssembly is useful and used outside the browser.
This talk is targeted to an intermediate/advanced audience: no prior knowledge of WebAssembly is required, but it is required to have a basic understanding of what is a compiler, an interpreter and the concept of bytecode.
The introduction will cover the basics to make sure that the talk is understandable also by people who are completely new to the WebAssembly world, but after that we will dive into the low-level technical details, with a special focus on those who are relevant to the Python world, such WASI vs emscripten, dynamic linking, JIT compilation, interoperability with other languages, etc.

Speaker's bio:
Dr. Antonio Cuni is a Principal Software Engineer at Anaconda. He is a core developer of PyScript and PyPy, and one of the founders of the HPy project, which aims to design a better and more modern C API for Python. He loves to write tools from developers for developers, such as Pdb++, fancycompleter and vmprof and he is creator/maintainer/contributor of numerous other open source projects. He have also been very active in the Python community for years, giving talks at various conferences such as EuroPython, EuroSciPy, PyCon Italia, and many others. He regularly writes on the PyPy blog and on the HPy blog. His main areas of interest are compilers, language implementation, TDD and performance.

• 19:10 - 19:30 - Four Key Enabling Questions for Agile Delivery //Paul Hammond

This talk will share an approach to agility for use by your team members, your team and your organisation, using four simple Key Enabling Questions.

Speaker's bio:
Paul is the CTO at Native Instruments, and has previously held senior leadership positions at Microsoft, Skype, eBay and Zoopla.

• 19:30 - 19:50 - Short break
• 19:50 - 20:20 - Incorporating LLMs into practical NLP workflows // Ines Montani

In this talk, I'll show how large language models such as GPT-4 complement rather than replace existing machine learning workflows. Initial annotations are gathered from the OpenAI API via zero- or few-shot learning, and then corrected by a human decision maker using an annotation tool. The resulting annotations can then be used to train and evaluate models as normal. This process results in higher accuracy than can be achieved from the LLM alone, with the added benefit that you'll own and control the model for runtime.

Speaker's bio:
Ines Montani is a developer specializing in tools for AI and NLP technology. She’s the co-founder and CEO of Explosion and a core developer of spaCy, a popular open-source library for Natural Language Processing in Python, and Prodigy, a modern annotation tool for creating training data for machine learning models.

• 20:20 - 20:50 - Live Web Hacking: Server Takeover via a Single Python Vulnerability // Shahriyar Rzayev

This technical session will focus on a live demonstration of exploiting a Server-Side Template Injection (SSTI) vulnerability in a Python web application. The demonstration will illustrate the process of using an SSTI vulnerability to gain initial access to a server, followed by a privilege escalation to obtain root access. Detecting SSTI: Methods for identifying SSTI vulnerabilities within Python web applications. Exploitation Technique: Step-by-step exploitation of the identified SSTI vulnerability to gain control over the server. Privilege Escalation: Techniques to escalate privileges from a lower-privileged shell to root access.

Speaker's bio:
Senior Software Engineer at Nord Security. Azerbaijan Python User Community leader. Focused on Security, Architecture and Python

• 20:50 - Closing session // Organisers

This event will be only in-person. Please check our Code of Conduct and official health regulation in Berlin before coming. If you feel some signs of sickness, please consider skipping this event and attending another time. We will have plenty of events in different formats in the future.

Looking forward seeing you all soon!