The document discusses seccomp and its usage for developers. It begins with an introduction to seccomp, explaining that it allows limiting system calls to prevent untrusted code from performing dangerous actions. It then provides examples of using seccomp in various high-level languages like Java, Crystal, Python, and Go. The document concludes by discussing how seccomp filters work and how violations can be monitored using audit logs.
various tricks for remote linux exploits by Seok-Ha Lee (wh1ant)CODE BLUE
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
various tricks for remote linux exploits by Seok-Ha Lee (wh1ant)CODE BLUE
Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment.
http://codeblue.jp/en-speaker.html#SeokHaLee
Programming Motherfucker or how I rediscovered my hacker spirit - Ole Michael...Codemotion
I had lost my hacking spirit for almost three years… Do you know that feeling when you pull our your laptop in every free minutes you have? That feeling when you want to build and improve that tool that you are truly passionate about? It was a very simple chit-chat with friends in a cafe which brought it back. We should not forget why we are doing this programming thing for a living. Because what we love is: Programming Motherfucker!
Mike Weber's presentation on using Nagios with NRPE.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
PuppetConf 2016: Puppet Troubleshooting – Thomas Uphill, Wells FargoPuppet
Here are the slides from Thomas Uphill's presentation called Puppet Troubleshooting. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Exploit Research and Development Megaprimer: Win32 EgghunterAjin Abraham
Exploit Research and Development Megaprimer
http://opensecurity.in/exploit-research-and-development-megaprimer/
http://www.youtube.com/playlist?list=PLX3EwmWe0cS_5oy86fnqFRfHpxJHjtuyf
Nagios Conference 2011 - Nathan Vonnahme - Integrating Nagios With Test Drive...Nagios
Nathan Vonnahme's presentation on integrating Nagios with test driven development. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security.
This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing.
This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation.
We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.
seccomp is a computer security facility in the Linux kernel, pledge is a similar security facility in the OpenBSD kernel. In this presentation Giovanni Bechis will review the development story and progress of both kernel interfaces and will analyze the main differences. There will be some examples of implementations of security patches made for some important open source projects.
Programming Motherfucker or how I rediscovered my hacker spirit - Ole Michael...Codemotion
I had lost my hacking spirit for almost three years… Do you know that feeling when you pull our your laptop in every free minutes you have? That feeling when you want to build and improve that tool that you are truly passionate about? It was a very simple chit-chat with friends in a cafe which brought it back. We should not forget why we are doing this programming thing for a living. Because what we love is: Programming Motherfucker!
Mike Weber's presentation on using Nagios with NRPE.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
PuppetConf 2016: Puppet Troubleshooting – Thomas Uphill, Wells FargoPuppet
Here are the slides from Thomas Uphill's presentation called Puppet Troubleshooting. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Exploit Research and Development Megaprimer: Win32 EgghunterAjin Abraham
Exploit Research and Development Megaprimer
http://opensecurity.in/exploit-research-and-development-megaprimer/
http://www.youtube.com/playlist?list=PLX3EwmWe0cS_5oy86fnqFRfHpxJHjtuyf
Nagios Conference 2011 - Nathan Vonnahme - Integrating Nagios With Test Drive...Nagios
Nathan Vonnahme's presentation on integrating Nagios with test driven development. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security.
This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing.
This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation.
We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.
seccomp is a computer security facility in the Linux kernel, pledge is a similar security facility in the OpenBSD kernel. In this presentation Giovanni Bechis will review the development story and progress of both kernel interfaces and will analyze the main differences. There will be some examples of implementations of security patches made for some important open source projects.
Locks? We Don't Need No Stinkin' Locks - Michael BarkerJAX London
Embrace the dark side. As a developer you'll often be advised that writing concurrent code should be the purview of the genius coders alone. In this talk Michael Barker will discard that notion into the cesspits of logic and reason and attempt to present on the less understood area of non-blocking concurrency, i.e. concurrency without locks. We'll look the modern Intel CPU architecture, why we need a memory model, the performance costs of various non-blocking constructs and delve into the implementation details of the latest version of the Disruptor to see how non-blocking concurrency can be applied to build high performance data structures.
Finding and fixing bugs is a major chunk of any developers time. This talk describes the basic rules for effective debugging in any language, but shows how the tools available in PHP can be used to find and fix even the most elusive error
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
For a long time Linux was far behind operating systems of Unix family from the perspective of debuggability, specifically in a live production systems.
However, over the course of 2016 Linux saw a series of patches that brought it on par with Unix world: an old Linux tool called BPF has risen and extended into powerful new one – eBPF. Some say that eBPF marks the begining of true DTrace for Linux.
During the presentation I'm going to talk about tracing basics, cover a series of events that led to the development of eBPF and will compare eBPF with DTrace from Unix world. Current state of affairs of Linux tracing tools will be explored. Finally, together we'll look at some of the exciting examples of eBPF application.
***
Eugene is well known in our Ruby (and Elixir) communities. Last time when he was at #pivorak he made a very light and interesting intro to the Elixir. You can check his speech out here - http://bit.ly/2evCd9R
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtAnne Nicolas
Ftrace is the official tracer of the Linux kernel. It has been apart of Linux since 2.6.31, and has grown tremendously ever since. Ftrace’s name comes from its most powerful feature: function tracing. But the ftrace infrastructure is much more than that. It also encompasses the trace events that are used by perf, as well as kprobes that can dynamically add trace events that the user defines.
This talk will focus on learning how the kernel works by using the ftrace infrastructure. It will show how to see what happens within the kernel during a system call; learn how interrupts work; see how ones processes are being scheduled, and more. A quick introduction to some tools like trace-cmd and KernelShark will also be demonstrated.
Steven Rostedt, VMware
Automating with NX-OS: Let's Get Started!Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Cisco's flagship data center platform, the Nexus series of switches, has a variety of programming protocols to offer. This session will provide participants with an overview and code examples on various protocols: * NX-API * XMPP * Netconf
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Similar to Alexander Reelsen - Seccomp for Developers (20)
The Architecture of Uncertainty - Kevlin HenneyDevDay Dresden
Slides of our Meetup 14.04.2022
Contents:
Ralph Johnson defined architecture as "the decisions that you wish you could get right early in a project, but that you are not necessarily more likely to get them right than any other". Given our inability to predict the future, how can we design effectively for it? Much project management thinking is based on the elimination of uncertainty, and advice on software architecture and guidance for future-proofing code often revolves around adding complexity to embrace uncertainty. In most cases, this is exactly the opposite path to the one that should be taken.
The talk looks at how uncertainty, lack of knowledge and options can be used to partition and structure the code in a system.
About:
Kevlin Henney is an independent consultant, speaker, writer and trainer. His development interests include programming languages, software architecture and programming practices, with a particular emphasis on unit testing and reasoning about practices at the team level. He has helped many teams with their code, culture and practices. He is co-author of two volumes in the Pattern-Oriented Software Architecture series, editor of 97 Things Every Programmer Should Know and co-editor of 97 Things Every Java Programmer Should Know.
DevDay 19 Accessibility: Praxistipps für EntwicklerDevDay Dresden
Die einfachste funktionierende Lösung muss das Erreichen eines positiven Nutzererlebnisses für jeden Nutzer ermöglichen.
Mit der Aufnahme von nur 10 Praxistipps zur Barrierefreiheit und Software-Ergonomie in den Entwicklungsalltag kann jeder Web- und Softwareentwickler zu dieser Vision beitragen. Das Entwickeln von Softwarelösungen - die super funktionieren, die von den Anwendern gern genutzt und von allen Nutzern, auch beeinträchtigten oder älteren, bedient werden können - ist kein Hexenwerk. Diese Session tritt den Beweis an!
Dev Day 2019: Phillip Krenn – Aggregierte Logging PatternsDevDay Dresden
In verteilten Applikationen besteht immer der Bedarf Logs zu zentralisieren - sobald man mehr als ein paar Server oder Container hat, reichen SSH und cat, tail oder less nicht mehr aus. Das übliche Problem ist aber, wie man möglichst effizient zu einer zentralisierten oder aggregierten Log-Lösung kommt.
Dieser Vortrag stellt mehrere Ansätze und Patterns mit ihren Vor- und Nachteilen vor, so dass die Zuhörer den auswählen können, der am besten zu Ihrer Organisation passt:
* Parsen: Bestehende Logdaten können weiterverwendet werden und die relevanten Informationen werden per Regular Expression extrahiert.
* Senden: Mit einem geeigneten Log-Appender werden die Ereignisse direkt gesendet, ohne dass sie in einer Logdatei gespeichert werden müssen.
* Strukturieren: Ereignisse in einem strukturierten Format abspeichern, das dann direkt zentralisiert werden kann.
* Containerisieren: Das Logging mit Containern erfordert zusätzliche Automatismen, um effizient mit Logs arbeiten zu können.
* Orchestrieren: Auch wenn Dienste nur kurzfristig laufen und dynamisch verteilt werden, gibt mit Kubernetes Möglichkeiten den Überblick zu bewahren.
Dev Day 2019: Mirko Seifert – Next Level Integration Testing mit Docker und T...DevDay Dresden
Docker hat in den letzten Jahren die Art und Weise wie wir Software ausliefern revolutioniert. Aber Docker ist darüberhinaus ein Werkzeug, das auch beim Testen von Anwendungen extrem nützlich sein kann.
Im Vortrag stellen wir verschiedene Anwendungsmöglichkeiten von Docker beim Softwaretest vor. Anschließend zeigen wir Euch welche Tools/Bibliotheken im Java-Umfeld (u.a. testcontainers.io) in diesem Kontext eingesetzt werden können. Zum Abschluss des Vortrags besprechen wir mit Euch Fallstricke sowie Lösungsansätze zu komplexeren Testszenarien.
Dev Day 2019: Nathan Mattes – Kommunikation ist wichtig, scheiße wichtig und ...DevDay Dresden
Gemeinsam mit einem Freund nehme ich einen Podcast auf, bei dem es sich ein Kaltgetränk lang um irgendwas mit Softwareentwicklung dreht, manchmal bei Limo und Tee, meistens bei Bier. Manchmal haben wir Gäste, meistens nicht. Der Name des Ganzen: Codestammtisch. Uns fällt immer wieder auf, wie wichtig Kommunikation im Alltag von Softwareentwickler*innen ist. Die schlechte Nachricht: Kommunikation ist schwierig, du fliegst eigentlich ständig auf die Fresse. Über die guten, was das Leben von Programmierer*innen sonst noch erleichtert, wie ihr dahin kommt — Kommunikation! — und was wir sonst noch so bisher während des Podcasts gelernt haben, möchte ich gerne ein Kaltgetränk lang auf einer Bühne erläutern.
Dev Day 2019: Stephan Birnbaum – Die Glaskugel hat ausgedient, wir machen Sof...DevDay Dresden
Unser über Jahre gewachsenes monolithisches System soll modernisiert werden und wir ziehen dafür eine Restrukturierung bzw. Zerlegung in Betracht. Wie gut kennen wir aber eigentlich unser Legacy-System? Die Dokumentation ist veraltet und die verantwortlichen Entwickler haben das Unternehmen vor langer Zeit verlassen. Wie finden wir nun heraus, wie sich fachliche und technische Aspekte in der Code-Struktur abbilden, welche Zusammenhänge zwischen diesen bestehen und wo Risiken schlummern?
Der Vortrag nähert sich dieser Frage via Software Analytics. Am Beispiel eines Open-Source eCommerce-Systems wird gezeigt, wie die werkzeugunterstützte Analyse von Code-Strukturen und Metriken Licht ins Dunkel bringen kann. Mit den gewonnenen Informationen und geeigneten Visualisierungen kann anschließend der Prozess von der Aufwandsabschätzung bis hin zur Umstrukturierung wirkungsvoll unterstützt werden.
Dev Day 2019: Markus Winand – Die Mutter aller Abfragesprachen: SQL im 21. Ja...DevDay Dresden
Wussten Sie, dass das rein relationale Dogma von SQL bereits 1999 aufgegeben wurde?
SQL-92 war der letzte Standard, der auf die relationale Idee beschränkt war. Ab 1999 wurde SQL um nicht-relationale Operationen und Datenstrukturen erweitert. Obwohl dieser Schritt damals viel diskutiert wurde, dauerte es Jahrzehnte, bis die Datenbankhersteller dieses Paradigmenwechsel verdaut hatten. Viele Entwickler haben bis heute nichts davon gehört.
Dieser Vortrag gibt einen Überblick über die Evolution von SQL seit 1999 und stellt einige der neuen Funktionen anhand häufiger Anforderungen vor. Dabei wird auch aufgezeigt, wann diverse Hersteller begonnen haben, nicht-relationales SQL zu unterstützen. Letztendlich zeigt der Vortrag, dass sich SQL in den letzten Jahrzehnten genauso weiterentwickelt hat, wie die Anforderungen mit denen man in der Entwicklung zu tun hat.
Dev Day 2019: Kay Grebenstein – Wie wir müssen das noch testen? - design for ...DevDay Dresden
Bereits vor der Einführung von agile Methoden und DevOps war das Ziel von Entwicklungsprojekten die schnelle Bereitstellung von hochwertigen Produkten. Im Vordergrund stehen die Überlegungen zur optimalen Architektur und zum passenden Design. Die Aspekte der Qualitätssicherung kommen meist später, was sich während der Tests bemerkbar macht. In diesem Vortrag werden die Überlegungen und Erfahrungen zum design for testability angesprochen, die sinnvoll sind, um in Softwareprojekten von Beginn an eine optimale Testbarkeit gewährleisten zu können.
Dev Day 2019: Kathrin Friedrich/Michael Kunze – Design better together - Styl...DevDay Dresden
Impulsvortrag über das Potential eines Living Styleguides zur ganzheitlichen und effizienten Ausgestaltung verschiedener digitalen Kanäle: Website, Shop, Newsletter bis hin zu Powerpoint.
Was uns an gängigen Tools am Markt störte und wie wir unsere eigene Toolkette für ein Brand Design Framework von Konzeption, Design, Spezifikation hin in die Frontend Entwicklung optimiert haben.
Dev Day 2019: Benjamin Wolf – "Some fixes" - Commit Message 101DevDay Dresden
Commit-Messages wie etwa “some fixes” bei mehr als 200 betroffenen Dateien und mehr als 70.000 geänderten Zeilen Code sind nicht hilfreich. Im Gegenteil.
Sie sind extrem schädlich.
In diesem Lightning Talk erkläre ich, weshalb Entwickler*innen oft an Commit-Messages scheitern und wie ihr mit gezielten Fragen sowie mit sieben kleinen Regeln in Zukunft großartige Nachrichten für euch und euer Team schreiben könnt.
Dev Day 2019: Lucas Fiedler – DevOps-Dashboard: Transparenz für DevOps-TeamsDevDay Dresden
Neue Zusammenarbeitsmodelle, Verantwortung in crossfunktionalen Teams und automatisierte Workflows erfordern Transparenz für Alle. DevOps ermöglicht schneller auf Feedback zu reagieren und Geschwindigkeit, Kosten, Qualität und Risiken auszubalancieren. In Zukunft wird es daher mehr und mehr Pipelines geben, die überwacht und evaluiert werden müssen. Wir stellen unsere Idee für ein DevOps Dashboard als Tool-unabhängige Lösung, um DevOps-Metriken und Erkenntnisse entlang der der DevOps-Toolchain.
Dev Day 2019: Ulrich Deiters – Offene Daten und IT-Lösungen für den RadverkehrDevDay Dresden
Das Fahrrad gewinnt als flexibles und umweltfreundliches Verkehrsmittel wieder eine stärkere Bedeutung für die Mobilität in Städten. Zivilgesellschaftliche Initiativen wie z.B. die Radentscheide fordern von Politik und Planung eine schnellere Schaffung zeitgemäßer Infrastruktur, bringen sich ein und schaffen eine neue Fahrradkultur. Aber auch Unternehmen entdecken das Rad als Teil innovativer Mobilitätskonzepte.
Der Talk gibt einen Überblick über IT-Ansätze für die Unterstützung des Radverkehrs von Experimenten und Kampagnen über Sensoren, Apps und Tools bis hin zur Integration mit Verwaltungsprozessen zur Erhöhung der Transparenz.
Offene Daten stellen eine wesentliche Basis dar, um sowohl der Zivilgesellschaft als auch Unternehmen die Entwicklung innovativer Mobilitätslösungen zu ermöglichen. Am Beispiel von Berlin wird aufgezeigt welche Daten es schon gibt und wie ein umfassendes Open Data Angebot aussehen sollte.
Dev Day 2019: Alexander Lichter - JAMstack - Eine neuartige Webanwendungs-Arc...DevDay Dresden
JAMstack, und damit ist nicht der portablen Gitarrenverstärker den man beim Googlen als erstes findet gemeint, ist eine framework-unabhängige Architektur für moderne Webanwendungen. Bestehend aus *J*avascript, *A*PIs und *M*arkup verspricht der Ansatz besser Sicherheit "by default", einfachere Skalierung und auch noch erhöhte Performance. Ob das so einfach geht?
Dev Day 2019: Martin Schurz - Manual Work Is A Bug!DevDay Dresden
Manuelle Arbeiten sind fehleranfällig, das Wissen unsere Kunden, und das wissen auch wir selbst. Unsere Projekte drehen sich daher hauptsächlich um Digitalisierung und Automatisierung. Sei es nun für unsere Kunden oder für unsere Kollegen oder uns selbst, überall finden wir Möglichkeiten wie wir Aufgaben, der Effizienz zu liebe, weg automatisieren können.
Leider gibt es unendlich viele mögliche Lösungen und die vermeintliche "Rettung" durch Automatisierung wird auch gerne mal zu einer Sackgasse oder einem ungeliebten Kind im Projekt. Im schlimmsten Fall bekommt man dann noch die "sehr positive" Rückmeldung: "wenn das die Lösung ist, will ich mein Problem zurück".
Im Vortrag werden mehrere Modelle zur Umsetzung von Automatisierungen vorgestellt und auf dabei auftretende Probleme eingegangen. Dabei liegt der Fokus bewusst nicht auf technischen Lösungen, sondern beim methodisches Vorgehen in der Umsetzung.
Dev Day 2019: Mirko Zeibig – "Hallo " <> "Elixir"DevDay Dresden
Seit Prozessoren nicht mehr schneller sondern nur noch mehr werden, werden uns häufig Konzepte aus der Welt der funktionalen Programmierung als Lösung versprochen. Aber wer hat schon Lust, Quellcode zu schreiben, dessen zweite Hälfte aus schließenden Klammern besteht?
Funktional programmieren aber mit modernem Syntax und solidem Unterbau. Das verspricht die Programmiersprache Elixir.
Dieser Vortrag wird zum einen die Grundlagen der Sprache vorstellen und wo vorhanden Parallelen zum Java-Umfeld aufzeigen.
Zum anderen wird gezeigt, warum Anwendungen auf Basis von Elixir die Bezeichnungen „Serverless“ und „Microservices“ eher verdienen als andere.
Dev Day 2019: Mike Sperber – Software Design für die SeeleDevDay Dresden
Ein Großteil der praktizierten Software-Entwicklung ist Wartung, also das Herumbasteln an Software, die eigentlich schon fertig sein sollte, aber trotzdem irgendwie noch nicht ganz so funktioniert wie sie soll. "Bastelorientiertes Programmieren" ist so ziemlich das Gegenteil von robuster und sicherer Entwicklung, aber die meisten heutigen Informatik-Systeme werden genauso entwickelt. (Inbesondere die allgegenwärtigen IoT-Geräte, denen wir immer mehr Aspekte unseres Lebens anvertrauen.) Wie also bekommen wir die Kontrolle über die Software der Zukunft zurück, die zunehmend außer Kontrolle gerät? Nicht mit objektorientierter Programmierung: Veränderbarer Zustand, die Abwesenheit von uniformen Abstraktionsmechanismen und vererbungsbedingte Komplexität machen es für Menschen schwer, korrekte und robuste Software zu entwickeln. Während agile Methoden Entwicklerinnen und Entwickler von den seelensaugenden Prozessen der Vergangenheit befreit haben, ist die vorherrschende Technologie - Objektorientierung - immer noch Teil des Problems, nicht der Lösung. Es ist an der Zeit, sich davon zu verabschieden: Wir sollten die systematische Konstruktion korrekter Software propagieren. Im Zentrum dieser Revolution steht die konsequente Anwendung funktionaler Programmierung - also unveränderlicher Datenstrukturen, systematischer Abstraktion und Datenmodellierung. Weg mit den toten techologieorientierten Objekten der Vergangenheit, her mit geschmeidigen Modellen, die unsere Domänen bereichern und unsere Seele!
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Agenda
What is seccomp and why should I care as a developer?
Using Seccomp in high level languages (Java, Crystal, Python)
Monitoring seccomp violations
5. Security is a requirement
High adoption
Providing software vs. operating it
No assumptions about environment (AppArmor, SELinux)
Multiple layers (Java Security Manager and seccomp)
7. What's the problem?
Run untrusted code in your system
No virtualization, but isolation
Limit code to prevent certain dangerous system calls
8. History lesson
2005/2.6.12: strict mode allowing only read , write , exit and sigreturn
system calls, use via proc file system
2007/2.6.23: Added new prctl() argument
2012/3.5: Allow configurable seccomp-bpf filter in prctl() call
2014/3.17: Own seccomp() system call
10. How does this work?
Process tells the operating system to limit its own abilities
A management process does the same before start up (i.e. systemd)
One-way transition
The list of allowed/blocked calls is called a seccomp filter
15. Use ausearch (part of auditd)
Run sudo /usr/sbin/ausearch --syscall bind
time->Mon Jun 15 15:38:32 2020
type=SECCOMP msg=audit(1592235512.578:148): auid=1000 uid=1000 gid=1000 ses=4
subj==unconfined pid=6939 comm="nc" exe="/usr/bin/nc.traditional" sig=31
arch=c000003e syscall=49 compat=0 ip=0x7f67398a0497 code=0x0
16. Hard to read
time->Mon Jun 15 15:38:32 2020
type=SECCOMP msg=audit(1592235512.578:148): auid=1000 uid=1000 gid=1000 ses=4
subj==unconfined pid=6939 comm="nc" exe="/usr/bin/nc.traditional" sig=31
arch=c000003e syscall=49 compat=0 ip=0x7f67398a0497 code=0x0
type: type of event
msg: timestamp and uniqueid (can be shared among several records)
auid: audit user id (kept the same even when using su - )
uid: user id
gid: group id
ses: session id
17. Hard to read
time->Mon Jun 15 15:38:32 2020
type=SECCOMP msg=audit(1592235512.578:148): auid=1000 uid=1000 gid=1000 ses=4
subj==unconfined pid=6939 comm="nc" exe="/usr/bin/nc.traditional" sig=31
arch=c000003e syscall=49 compat=0 ip=0x7f67398a0497 code=0x0
subj: SELinux contest
pid: process id
comm: commandline name
exe: path to the executable
sig: 31 aka SIGSYS
arch: cpu architecture
18. Hard to read
time->Mon Jun 15 15:38:32 2020
type=SECCOMP msg=audit(1592235512.578:148): auid=1000 uid=1000 gid=1000 ses=4
subj==unconfined pid=6939 comm="nc" exe="/usr/bin/nc.traditional" sig=31
arch=c000003e syscall=49 compat=0 ip=0x7f67398a0497 code=0x0
syscall: syscall (49 is bind() ), see ausyscall --dump
compat: syscall compatibility mode,
ip: ip address
code: seccomp action
29. Running as root!
$ ls -l /bin/ping
-rwsr-xr-x 1 root root 78168 Feb 16 2019 /bin/ping
Hint: Ensure iputils-ping is installed
30. Which processes are using seccomp right now?
# for i in $(grep Seccomp /proc/*/status | grep -v '0$' | cut -d'/' -f3) ; do ps hww $i ; done
16708 pts/1 S+ 0:00 python3 python-seccomp/app.py -s
221 ? Ss 0:01 /lib/systemd/systemd-journald
243 ? Ss 0:00 /lib/systemd/systemd-udevd
345 ? Ss 0:00 /lib/systemd/systemd-logind
6034 ? Ssl 9:48 /usr/share/elasticsearch/jdk/bin/java ... org.elasticsearch.
bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid
--quiet
6371 ? Ssl 4:47 /usr/share/auditbeat/bin/auditbeat -environment systemd
-c /etc/auditbeat/auditbeat.yml -path.home /usr/share/auditbeat
-path.config /etc/auditbeat -path.data /var/lib/auditbeat
-path.logs /var/log/auditbeat
31. Seccomp filters
A set of rules to check every system call against
Written in BPF (no loops or jumping backwards, dead code detection, directed
acyclic graph)
BPF filtering is done in kernel space (efficient)
Possible outcomes
system call is allowed
process/thread is killed
an error is returned to the caller
32. Using seccomp in Java
Java has the ability to call native code!
See Elasticsearch's SystemCallFilter.java
34. // seccomp takes a long, so we pass it one explicitly to keep the JNA simple
SockFProg prog = new SockFProg(insns);
prog.write();
long pointer = Pointer.nativeValue(prog.getPointer());
int method = 1;
// install filter, if this works, after this there is no going back!
// first try it with seccomp(SECCOMP_SET_MODE_FILTER), falling back to prctl()
if (linux_syscall(arch.seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, new NativeLong(pointer)) != 0) {
method = 0;
int errno1 = Native.getLastError();
if (logger.isDebugEnabled()) {
logger.debug("seccomp(SECCOMP_SET_MODE_FILTER): {}, falling back to prctl(PR_SET_SECCOMP)...",
JNACLibrary.strerror(errno1));
}
if (linux_prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, pointer, 0, 0) != 0) {
int errno2 = Native.getLastError();
throw new UnsupportedOperationException("seccomp(SECCOMP_SET_MODE_FILTER): " + JNACLibrary.strerror(errno1) +
", prctl(PR_SET_SECCOMP): " + JNACLibrary.strerror(errno2));
}
}
// now check that the filter was really installed, we should be in filter mode.
if (linux_prctl(PR_GET_SECCOMP, 0, 0, 0, 0) != 2) {
throw new UnsupportedOperationException("seccomp filter installation did not really succeed. seccomp(PR_GET_SECCOMP): "
+ JNACLibrary.strerror(Native.getLastError()));
}
35. // try seccomp() first
linux_syscall(arch.seccomp, SECCOMP_SET_MODE_FILTER,
SECCOMP_FILTER_FLAG_TSYNC, new NativeLong(pointer))
// if seccomp() fails due to old kernel, try prctl()
linux_prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, pointer, 0, 0)
// ensure filter was successfully installed
linux_prctl(PR_GET_SECCOMP, 0, 0, 0, 0)
36. Using JNA
Java Native Access
Access native shared libraries without JNI
Multi platform
47. Summary
seccomp is a great mechanism, battle tested
Other operating systems have similar features under different names
easy to implement, also in high level languages
Packages in python, crystal, Go, Rust, Perl - none uptodate for ruby and node
If there is no package, you can still create a profile using firejail, but...
51. Rethink your design...
Validate inputs
Do not implement your own security mechanisms!
Do not call binaries in your apps
Think about proper isolation
52. ... by isolating
Different processes
Proper isolation (dropping privileges)
No network connection
Optional Authentication
Additional operational complexity
53. Thanks for listening
Q & A
Alexander Reelsen
Community Advocate
alex@elastic.co | @spinscale
56. Resources
Github Repo: seccomp-samples
Tools: Auditbeat
Blog post: Seccomp in the Elastic Stack
Docs: Kernel seccomp documentation & seccomp manpage
Auditd: Understanding audit log files
Blog post: Elasticsearch - Securing a search engine while maintaining usability
Talk: seccomp - your next layer of defense
Libraries: libseccomp including python integration, go-seccomp-bpf, seccomp.cr
for Crystal