The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
This presentation goes more in depth on some key points from the NDC (2017) presentation.
Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context. This is the sandbox used in the Vivaldi, Brave, Chrome and Opera browsers among others. The Chromium Sandbox has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox in detail and go through how the Linux implementation fulfills these requirements.
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
This presentation goes more in depth on some key points from the NDC (2017) presentation.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Introduction to Memory Exploitation (CppEurope 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
Nowadays a lot of embedded system are connected to Internet. And every years, more devices are available in the market but without maintenance. Due to this situation, a lot of security issues raised which could compromised the lifetime of the product and the privacy of their users. To fix these bugs, these security issues or to add new features, updating remotely these systems on regular basis is very important. We have to think about update process for each new product, to be easy, reliable, efficient and not too costly for the required bandwidth or hardware performances.
Several update designs are available to fit your requirements. Due to these constraints, you have to make choice and find the right balance.
Hopefully one free software allows us to perform this task in a easy and flexible way: swupdate. This solution is very well integrated with U-boot, buildroot and Yocto. You can describe exactly how the update should be done.
This talk is to explain the main designs to update an embedded system with pro and cons of all of them and then explain how to implement them with swupdate for your embedded system.
Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context. This is the sandbox used in the Vivaldi, Brave, Chrome and Opera browsers among others. The Chromium Sandbox has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox in detail and go through how the Linux implementation fulfills these requirements.
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
This presentation goes more in depth on some key points from the NDC (2017) presentation.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Introduction to Memory Exploitation (CppEurope 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
Nowadays a lot of embedded system are connected to Internet. And every years, more devices are available in the market but without maintenance. Due to this situation, a lot of security issues raised which could compromised the lifetime of the product and the privacy of their users. To fix these bugs, these security issues or to add new features, updating remotely these systems on regular basis is very important. We have to think about update process for each new product, to be easy, reliable, efficient and not too costly for the required bandwidth or hardware performances.
Several update designs are available to fit your requirements. Due to these constraints, you have to make choice and find the right balance.
Hopefully one free software allows us to perform this task in a easy and flexible way: swupdate. This solution is very well integrated with U-boot, buildroot and Yocto. You can describe exactly how the update should be done.
This talk is to explain the main designs to update an embedded system with pro and cons of all of them and then explain how to implement them with swupdate for your embedded system.
Vagrant provides easy to configure, reproducible, and portable work environments built on top of industry-standard technology and controlled by a single consistent workflow to help maximize the productivity and flexibility of you and your team.
IBM acquired Red Hat
Red Hat logo changed after 20 years
Red Hat Enterprise Linux 8
List of New Features of RHEL 8
CentOS 8 Released
CentOS released new midstream called CentOS Stream
Fedora 31 Released
New Fedora spins
New Features of Fedora 31
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
My session in the Mobile World Congress WIPJam, Barcelona 2014.
In the cloud era, most software projects have shifted from asking "What hardware architecture should be chosen for my backend?" to "Which cloud configuration should be used for my backend?" Bringing up a cloud server has become an obvious choice for any Linux- or Windows-based deployment. As Android emerges as the new Embedded Linux for a growing number of industries, it only makes sense to consider its cloud application as a server. This session will discuss why and how Android can be brought on the cloud system, and on any cloud infrastructure, using AWS (Amazon Web Services) as an example.
The myths of deprecating docker in kubernetesJo Hoon
Don’t be surprise. It is very natural movement from monolithic style to MSA. And it is not sooner issue. Just happen to late 2021 as a plan. And most of customer doesn’t impact your system. Due to many of service provider (GCP, AWS, AZURE, OpenShift, RKE and so on) already change their Container Runtime from (a little noisy?) old version of docker to light Container Runtime. I.e. new version of docker or others. And also it is no no no impact to your current image because you already use containerD monstly and what if you use old version of docker and also k8s said support old dockershim with there supportive method.
DCSF 19 Deploying Rootless buildkit on KubernetesDocker, Inc.
DockerCon Open Source Summit: BuildKit
Akihiro Suda, NTT Corporation
Building images on Kubernetes is attractive for distributing workload across multiple nodes, typically in CI/CD pipeline. However, it had been considered dangerous due to the dependency on `securityContext.privileged`.
In this talk, Akihiro will show how to use Rootless BuildKit in Kubernetes, which can be executed as a non-root user without extra `securityContext` configuration.
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Reference CNF development journey and outcomesVictor Morales
Transforming VNFs to CNFs requires many considerations. Some of them are related with the architecture of the application (e.g. use of micro-services instead of monolithic architecture) and others refer to the proper usage of the container's toolset (Docker, Docker-Compose, Kubernetes, Multus, Flannel, Helm, etc.) .
Docker is the new kool kid in town. This presentation covers some of the common goof-ups and what should be kept in mind when dealing with docker configurations.
Download the Vulnerable Docker VM : https://www.notsosecure.com/vulnerable-docker-vm/
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...CODE BLUE
In many targeted attack cases, once the attacker gains entry into the network, malware infection will spread laterally. In incident responses, investigating this lateral movement activity is very important. Methods for investigating lateral movement include log analysis of infected hosts and forensic analysis of disk images. However, in many cases, useful logs for incident investigation are not recorded in infected hosts, making it difficult to trace the attackers' behavior. This often results in not being able to get a clear picture of how the infection spreads across the network.
Therefore, we conducted investigation on attackers' C2 servers and malware to gain insight into their actives. By decoding the malware's communication logs and C2 server logs, we were able to understand the attackers’ activity after the network intrusion. We also found common patterns in how infection spread laterally. Also, even in different campaigns with different malware deployed, many common tools were used by attackers.
Taking advantage of the similarity, we figured that tracking these tools is effective in understanding lateral movements. In Windows PCs, which are the main target of APT attacks, certain
Kernel Recipes 2013 - Viewing real time ltt trace using gtkwaveAnne Nicolas
This presentation will explain how to use some ltt to be viewd in gtkwave, a graphical visualization tool, developped by the Parrot team.
It will also explain why this tool was developed, review some of the problems that have been analyzed using these traces. It will finally end up on the ongoing integration with LTTng 2.x.
Android 5.0 Lollipop brings huge change, compare to before.
This report includes statistics from source code with data and hidden features from source code & git log investigation.
Hands-on tutorial on installation IPFS node and creation of smart contracts that use IPFS for data storage. As an example of IPFS usage in smart contracts, we create ERC-721 NFT that reference file in IPFS.
Tools and technologies used in this tutorial:
GCP https://console.cloud.google.com/home
ApiDapp https://apidapp.com/
Etherscan https://kovan.etherscan.io/
Solidity https://solidity.readthedocs.io/en/v0.6.1/
Open Zeppelin https://openzeppelin.com/contracts/
Vagrant provides easy to configure, reproducible, and portable work environments built on top of industry-standard technology and controlled by a single consistent workflow to help maximize the productivity and flexibility of you and your team.
IBM acquired Red Hat
Red Hat logo changed after 20 years
Red Hat Enterprise Linux 8
List of New Features of RHEL 8
CentOS 8 Released
CentOS released new midstream called CentOS Stream
Fedora 31 Released
New Fedora spins
New Features of Fedora 31
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
My session in the Mobile World Congress WIPJam, Barcelona 2014.
In the cloud era, most software projects have shifted from asking "What hardware architecture should be chosen for my backend?" to "Which cloud configuration should be used for my backend?" Bringing up a cloud server has become an obvious choice for any Linux- or Windows-based deployment. As Android emerges as the new Embedded Linux for a growing number of industries, it only makes sense to consider its cloud application as a server. This session will discuss why and how Android can be brought on the cloud system, and on any cloud infrastructure, using AWS (Amazon Web Services) as an example.
The myths of deprecating docker in kubernetesJo Hoon
Don’t be surprise. It is very natural movement from monolithic style to MSA. And it is not sooner issue. Just happen to late 2021 as a plan. And most of customer doesn’t impact your system. Due to many of service provider (GCP, AWS, AZURE, OpenShift, RKE and so on) already change their Container Runtime from (a little noisy?) old version of docker to light Container Runtime. I.e. new version of docker or others. And also it is no no no impact to your current image because you already use containerD monstly and what if you use old version of docker and also k8s said support old dockershim with there supportive method.
DCSF 19 Deploying Rootless buildkit on KubernetesDocker, Inc.
DockerCon Open Source Summit: BuildKit
Akihiro Suda, NTT Corporation
Building images on Kubernetes is attractive for distributing workload across multiple nodes, typically in CI/CD pipeline. However, it had been considered dangerous due to the dependency on `securityContext.privileged`.
In this talk, Akihiro will show how to use Rootless BuildKit in Kubernetes, which can be executed as a non-root user without extra `securityContext` configuration.
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Reference CNF development journey and outcomesVictor Morales
Transforming VNFs to CNFs requires many considerations. Some of them are related with the architecture of the application (e.g. use of micro-services instead of monolithic architecture) and others refer to the proper usage of the container's toolset (Docker, Docker-Compose, Kubernetes, Multus, Flannel, Helm, etc.) .
Docker is the new kool kid in town. This presentation covers some of the common goof-ups and what should be kept in mind when dealing with docker configurations.
Download the Vulnerable Docker VM : https://www.notsosecure.com/vulnerable-docker-vm/
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...CODE BLUE
In many targeted attack cases, once the attacker gains entry into the network, malware infection will spread laterally. In incident responses, investigating this lateral movement activity is very important. Methods for investigating lateral movement include log analysis of infected hosts and forensic analysis of disk images. However, in many cases, useful logs for incident investigation are not recorded in infected hosts, making it difficult to trace the attackers' behavior. This often results in not being able to get a clear picture of how the infection spreads across the network.
Therefore, we conducted investigation on attackers' C2 servers and malware to gain insight into their actives. By decoding the malware's communication logs and C2 server logs, we were able to understand the attackers’ activity after the network intrusion. We also found common patterns in how infection spread laterally. Also, even in different campaigns with different malware deployed, many common tools were used by attackers.
Taking advantage of the similarity, we figured that tracking these tools is effective in understanding lateral movements. In Windows PCs, which are the main target of APT attacks, certain
Kernel Recipes 2013 - Viewing real time ltt trace using gtkwaveAnne Nicolas
This presentation will explain how to use some ltt to be viewd in gtkwave, a graphical visualization tool, developped by the Parrot team.
It will also explain why this tool was developed, review some of the problems that have been analyzed using these traces. It will finally end up on the ongoing integration with LTTng 2.x.
Android 5.0 Lollipop brings huge change, compare to before.
This report includes statistics from source code with data and hidden features from source code & git log investigation.
Hands-on tutorial on installation IPFS node and creation of smart contracts that use IPFS for data storage. As an example of IPFS usage in smart contracts, we create ERC-721 NFT that reference file in IPFS.
Tools and technologies used in this tutorial:
GCP https://console.cloud.google.com/home
ApiDapp https://apidapp.com/
Etherscan https://kovan.etherscan.io/
Solidity https://solidity.readthedocs.io/en/v0.6.1/
Open Zeppelin https://openzeppelin.com/contracts/
Chicago Docker Meetup Presentation - MediaflyMediafly
Bryan Murphy's presentation from the 2nd Chicago Docker meetup on March 12, 2014 at Mediafly HQ. In his presentation, Bryan explains how we use Docker right now at Mediafly in production.
This blog is to provide steps for installation and configuration of Odoo for production environment using Git source and Python environment on an Ubuntu system. To install Odoo 17 on Ubuntu you just follow here steps. Call us!
These are the slides for a talk/workshop delivered to the Cloud Native Wales user group (@CloudNativeWal) on 2019-01-10.
In these slides, we go over some principles of gitops and a hands on session to apply these to manage a microservice.
You can find out more about GitOps online https://www.weave.works/technologies/gitops/
Simplifying and accelerating converged media with Open Visual CloudLiz Warner
Challenges exist with media transformation into Visual Cloud services and the flexibility to migrate those services to new HW platforms. Learn how Intel and partners are solving these challenges with highly optimized cloud native media processing, media analytics, and graphics/rendering components to quickly and easily deliver end-to-end visual cloud services with scalable open source software. Two visual cloud services around media delivery and media analytics will be demonstrated to showcase how to enable faster time to market for innovative “new media” services.
Finding target for hacking on internet is now easierDavid Thomas
Finding target on internet for penetration testing involves searching internet using google or using Google Hacking/Dorking. There are google hacking queries available on internet, according to ethical hacking researcher of International Institute of Cyber Security it is the main source of passive attacks on internet. This whole process of finding target on internet using GHDB is automated using python based framework named as Katana framework.
How we use fastlene for android at ookami, Inc.
We use fastlane to
1. Build using gradle
2. Beta Distribution
3. Upload builds and metadata to Google Play
See more about fastlane.
https://github.com/fastlane/fastlane
Supply - Command line tool for updating Android apps and their metadata on the Google Play Store.
https://github.com/fastlane/supply
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
.NET Conf 2019 Tel-Aviv Israel
There are cases where bugs are discovered only after the product is shipped and used by the end-users. The main reason for these bugs that appear only in the production environment is the use of real user scenarios with real user data. Production debugging is about solving customer-facing issues that aren't easily reproducible in the development or testing environments. When it comes to a cloud-hosted application, production debugging becomes even harder. The code is running on multiple hosts, a business flow can span many services. A remote debugging session with the cloud is dangerous and may introduce side effects to the currently running software, such as performance degradation, interruption of service, and data correctness issues.
In this lecture, we will see how we can remote debug our cloud staging environment, and how we can use Visual Studio Snapshot debugger to set Snapshots and Log points in our production environment.
To get even more insights, the audience will see a revolutionary tool and approach for a collaborative production debugging – OzCode Debugging as a Service (DaaS), where the DevOps and the Dev team can solve production problems together!
You will learn:
1. The difficulties of debugging a modern cloud-hosted application
2. Methods and tools for capturing the state and debugging cloud-hosted services
Similar to Linux Security and How Web Browser Sandboxes Really Work (Security Researchers Meetup 0x05 2017) (20)
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.
Return Oriented Programming, an introductionPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of.
In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.
I can't work like this (KDE Academy Keynote 2021)Patricia Aas
Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".
Dependency Management in C++ (NDC TechTown 2021)Patricia Aas
C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.
Introduction to Memory Exploitation (Meeting C++ 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old.
We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
Thoughts On Learning A New Programming LanguagePatricia Aas
How should we teach a new language to folks that already know how to program?
How do we use what we already know to leapfrog the learning process?
Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Elections, Trust and Critical Infrastructure (NDC TechTown)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
Survival Tips for Women in Tech (JavaZone 2019) Patricia Aas
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before.
https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html
More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?
Keynote: Deconstructing Privilege (C++ on Sea 2019)Patricia Aas
Can you describe a situation that caused you to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through a simple exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as another programming tool. We will mainly be looking at C and x86_64 assembly, so bring snacks.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
2. Linux Security
and How Web Browser Sandboxes Really Work
Patricia Aas
Security Researchers Meetup 2017
@pati_gallardo
3. Patricia Aas
Programmer - mainly in C++ and Java
Currently : Vivaldi Technologies
Previously : Cisco Systems, Knowit, Opera Software
Master in Computer Science
Twitter : @pati_gallardo
Will put up link to slides on Twitter/LinkedIn
7. Namespaces in use
CLONE_NEWUSER
No privilege is needed to create a
User NS, and in one we can create a
PID NS without global privilege.
CLONE_NEWPID
Same PID number can represent
different processes in different
PID namespaces. One init (PID 1)
process per PID NS
CLONE_NEWNET
Isolate a process from network@pati_gallardo
Zygote + Renderer
8. At Clone : Create NAmespaces
Clone flags define the process*
created and will create
namespaces (NS) for it
1. Test which NS are available
2. Fail if not sufficient
3. Construct the biggest
supported and applicable set
Emulates fork with longjmp
* Also used to create threads@pati_gallardo
Zygote + Renderer
9. int flags = CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET;
jmp_buf env;
if (setjmp(env) == 0) {
return CloneAndLongjmpInChild(flags, ptid, ctid, &env);
}
@pati_gallardo
chromium/base/process/launch_posix.cc
Code Simplified To Illustrate
14. Seccomp BPF Program
Program written in an
assembly-like language to
filter system-calls.
Runs in a simple VM in kernel
space. All syscalls will be
filtered by this program
TSYNC : Once a Seccomp Program
is installed it applies to all
threads in a process
@pati_gallardo
Renderer + Gpu + Broker
15. Seccomp : BPF Policies
BPF Program defined in a Policy
Fundamentally a whitelist,
allows a set of syscalls and
has custom handling of others
An extended Policy is then
generally more permissive
1. BaselinePolicy
1.1 GpuProcessPolicy
1.1.1 GpuBrokerProcessPolicy
1.2 RendererProcessPolicy@pati_gallardo
Renderer + Gpu + Broker
18. Chroot : Drop Access to FS
A chroot is done in a
clone(CLONE_FS) child that does
chroot(”/proc/self/fdinfo/”) and
immediately does a chdir(“/”) and
_exit(0)
You can see this by looking at
ls -l /proc/<pid>/root
Of the Zygote or any ancestor
Credentials::DropFileSystemAccess
@pati_gallardo
Zygotes + Renderer
23. Sources
Michael Kerrisk
Book: The Linux Programming Interface
Course: Linux Security and Isolation APIs
Chromium/Kernel source + Linux Man Pages + lwn.net
All Errors Are My Own
24. Linux Security
and How Web Browser Sandboxes Really Work
Patricia Aas, Vivaldi Technologies
@pati_gallardo
Photos from pixabay.com