Even with the best agile development practices, bugs sometimes slip in. You don't want to manually wade through hundreds of commits and thousands or tens of thousands of lines of code to find your bug. See how find your bug fast using Git, the best (and free) version control software tool. If you are still using CVS, Subversion, or costly commercial version control, you are missing out.
A test strategy is the set of ideas that guides your test design. It's what explains why you test this instead of that, and why you test this way instead of that way. Strategic thinking matters because testers must make quick decisions about what needs testing right now and what can be left alone. You must be able to work through major threads without being overwhelmed by tiny details. James Bach describes how test strategy is organized around risk but is not defined before testing begins. Rather, it evolves alongside testing as we learn more about the product. We start with a vague idea of our strategy, organize it quickly, and document as needed in a concise way. In the end, the strategy can be as formal and detailed as you want it to be. In the beginning, though, we start small. If you want to focus on testing and not paperwork, this approach is for you.
Qt Quick/QML brings designers and developers together to create and collaborate. QML is a collection of technologies that can build modern and fluid interfaces for applications – quickly. Join us for this webinar to explore the best of QML for mobile, embedded and desktop.
Part III will cover:
- C++ Backends
- Reusing existing code
- Creating QML Modules
A test strategy is the set of ideas that guides your test design. It's what explains why you test this instead of that, and why you test this way instead of that way. Strategic thinking matters because testers must make quick decisions about what needs testing right now and what can be left alone. You must be able to work through major threads without being overwhelmed by tiny details. James Bach describes how test strategy is organized around risk but is not defined before testing begins. Rather, it evolves alongside testing as we learn more about the product. We start with a vague idea of our strategy, organize it quickly, and document as needed in a concise way. In the end, the strategy can be as formal and detailed as you want it to be. In the beginning, though, we start small. If you want to focus on testing and not paperwork, this approach is for you.
Qt Quick/QML brings designers and developers together to create and collaborate. QML is a collection of technologies that can build modern and fluid interfaces for applications – quickly. Join us for this webinar to explore the best of QML for mobile, embedded and desktop.
Part III will cover:
- C++ Backends
- Reusing existing code
- Creating QML Modules
Presentación para la charla sobre el libro de Robert C. Martin, Clean Code.
Esta presentación la impartí en CyLicon Valley, aquí tenéis el video con el audio de la charla => https://www.youtube.com/watch?v=1Fss1jBfc3g
NumPy is a python library used for working with arrays.
It also has functions for working in domain of linear algebra, fourier transform, and matrices.
NumPy was created in 2005 by Travis Oliphant. It is an open source project and you can use it freely.
NumPy stands for Numerical Python.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation. This first session creates the foundation for the 2nd and 3rd Clean Code presentation on Dependency Injection, as it explains expected base knowledge. Why writing Clean Code makes us more efficient Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs.
Writing clean code can significantly lower these costs. However, writing clean code also makes you more efficient during the initial development time and results in more stable code. You will be presented design patterns and best practices which will make you write better and more easily maintainable code, seeing code in a holistic way.
You will learn how to apply them by using an existing implementation as the starting point of the presentation. Finally, patterns & practices benefits are explained. This presentation is based on C# and Visual Studio 2012. However, the demonstrated patterns and practice can be applied to every other programming language too.
Note: Moving forwards this presentation will be updated with the latest version of the slides for the last event I did the presentation instead of creating new separate slide decks here on SlideShare.
Presentation dates and locations:
2015-10-03 Silicon Valley Code Camp, San Jose, CA
2015-06-27 SoCal Code Camp - San Diego, CA
2014-11-14 SoCal Code Camp - Los Angeles, CA
2014-10-18 Desert Code Camp - Chandler, AZ
2014-10-11 Silicon Valley Code Camp, Los Altos Hills, CA
A summary of clean code concepts and tips along with some examples and good practices.
These are the slides translated in English from my talk on Clean Code to my coworkers back then
This is my complete introductory course for Software Test Automation.If you need full training that includes different automation tools (Selenium, J-Meter, Burp, SOAP UI etc), feel free to contact me by email (amraldo@hotmail.com) or by mobile (+201223600207).
Solid principles in practice the clean architecture - Droidcon ItalyFabio Collini
The Clean Architecture has been formalized by Robert C. Martin in 2012, it's quite new even if it's based on the SOLID principles (presented for the first time in early 2000). The biggest benefit that we get using this architecture is the code testability, indeed it separates the application code from the code connected to external factor (that usually is more difficult to test).
In this talk we'll see a practical example of how to apply the SOLID principle, in particular, the dependency inversion.
Qt Quick/QML brings designers and developers together to create and collaborate. QML is a collection of technologies that can build modern and fluid interfaces for applications – quickly. Join us for this webinar to explore the best of QML for mobile, embedded and desktop.
Part IV will cover:
- Dynamic Item Creation
- Keyboard Input Handling
An introduction to unit testing using Visual Studio, C#, xUnit.net, and Moq. What it is, what is isn't, why we don't do it, how to design for testability, what to test, test driven development, unit testing frameworks, mocking libraries, how to get started.
Having a reliable test suite is incredibly useful when making changes to an existing codebase, both big and small. Mutation testing frameworks run tests against slightly-changed source code in order to detect whether the tests are actually checking the different paths of logic through the application. The aim is to improve the robustness of your test suite, and give you confidence that you aren't introducing any unintended changes.
This presentation gives an overview of mutation testing, along with worked examples in JavaScript of how it catches gaps and improves test coverage.
Hamcrest is a library for creating matchers for usage in unit tests, mocks and UI validation. This talk gives a brief introduction to using and writing Hamcrest matchers.
The topics covered:
* Basic introduction to Hamcrest
* Using Matchers in assertions
* Using Matchers with Mockito
* Writing custom matchers
* Ad-hoc matchers
This is a basic level robot framework presentation. You can install robot framework without any problem and start your first test with this presentation.
Presentación para la charla sobre el libro de Robert C. Martin, Clean Code.
Esta presentación la impartí en CyLicon Valley, aquí tenéis el video con el audio de la charla => https://www.youtube.com/watch?v=1Fss1jBfc3g
NumPy is a python library used for working with arrays.
It also has functions for working in domain of linear algebra, fourier transform, and matrices.
NumPy was created in 2005 by Travis Oliphant. It is an open source project and you can use it freely.
NumPy stands for Numerical Python.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation. This first session creates the foundation for the 2nd and 3rd Clean Code presentation on Dependency Injection, as it explains expected base knowledge. Why writing Clean Code makes us more efficient Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs.
Writing clean code can significantly lower these costs. However, writing clean code also makes you more efficient during the initial development time and results in more stable code. You will be presented design patterns and best practices which will make you write better and more easily maintainable code, seeing code in a holistic way.
You will learn how to apply them by using an existing implementation as the starting point of the presentation. Finally, patterns & practices benefits are explained. This presentation is based on C# and Visual Studio 2012. However, the demonstrated patterns and practice can be applied to every other programming language too.
Note: Moving forwards this presentation will be updated with the latest version of the slides for the last event I did the presentation instead of creating new separate slide decks here on SlideShare.
Presentation dates and locations:
2015-10-03 Silicon Valley Code Camp, San Jose, CA
2015-06-27 SoCal Code Camp - San Diego, CA
2014-11-14 SoCal Code Camp - Los Angeles, CA
2014-10-18 Desert Code Camp - Chandler, AZ
2014-10-11 Silicon Valley Code Camp, Los Altos Hills, CA
A summary of clean code concepts and tips along with some examples and good practices.
These are the slides translated in English from my talk on Clean Code to my coworkers back then
This is my complete introductory course for Software Test Automation.If you need full training that includes different automation tools (Selenium, J-Meter, Burp, SOAP UI etc), feel free to contact me by email (amraldo@hotmail.com) or by mobile (+201223600207).
Solid principles in practice the clean architecture - Droidcon ItalyFabio Collini
The Clean Architecture has been formalized by Robert C. Martin in 2012, it's quite new even if it's based on the SOLID principles (presented for the first time in early 2000). The biggest benefit that we get using this architecture is the code testability, indeed it separates the application code from the code connected to external factor (that usually is more difficult to test).
In this talk we'll see a practical example of how to apply the SOLID principle, in particular, the dependency inversion.
Qt Quick/QML brings designers and developers together to create and collaborate. QML is a collection of technologies that can build modern and fluid interfaces for applications – quickly. Join us for this webinar to explore the best of QML for mobile, embedded and desktop.
Part IV will cover:
- Dynamic Item Creation
- Keyboard Input Handling
An introduction to unit testing using Visual Studio, C#, xUnit.net, and Moq. What it is, what is isn't, why we don't do it, how to design for testability, what to test, test driven development, unit testing frameworks, mocking libraries, how to get started.
Having a reliable test suite is incredibly useful when making changes to an existing codebase, both big and small. Mutation testing frameworks run tests against slightly-changed source code in order to detect whether the tests are actually checking the different paths of logic through the application. The aim is to improve the robustness of your test suite, and give you confidence that you aren't introducing any unintended changes.
This presentation gives an overview of mutation testing, along with worked examples in JavaScript of how it catches gaps and improves test coverage.
Hamcrest is a library for creating matchers for usage in unit tests, mocks and UI validation. This talk gives a brief introduction to using and writing Hamcrest matchers.
The topics covered:
* Basic introduction to Hamcrest
* Using Matchers in assertions
* Using Matchers with Mockito
* Writing custom matchers
* Ad-hoc matchers
This is a basic level robot framework presentation. You can install robot framework without any problem and start your first test with this presentation.
Too often in the organization of this conference we have heard "but I don't have scalability issues".
This talk discusses what scalability issues actually are, and details why we all inevitably have them. Avoiding them, or delaying solutions until they are unavoidable, leads to making many bad "temporary" decisions that cannot be fixed further down the line.
I will discuss the methodologies and best practices that are required in order to be scalable, and describe the common mistakes they will temper, and why they should be implemented immediately. Finally, I will briefly touch on how to deal with rectifying the bad decisions that we all inevitably make, no matter how forward-thinking we are.
"git bisect" is a command that is part of the Git distributed version control system. This command enables software users, developers and testers to easily find the commit that introduced a regression. This is done by performing a kind of binary search between a known good and a known bad commit. git bisect supports both a manual and an automated mode. The automated mode uses a test script or command. People are very happy with automated bisection, because it saves them a lot of time, it makes it easy and worthwhile for them to improve their test suite, and overall it efficiently improves software quality.
Testers, developers and advanced users, who have some basic knowledge of version control systems, will learn practical tips, techniques and strategies to efficiently debug software.
“What should I work on next?” Code metrics can help you answer that question. They can single out sections of your code that are likely to contain bugs. They can help you get a toehold on a legacy system that’s poorly covered by tests.
Bugs found in GCC with the help of PVS-StudioPVS-Studio
I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked. Unquestionably, GCC is a very qualitative and well-tested project, that's why it's already a great achievement for a tool to find any errors in it. Fortunately, PVS-Studio coped with this task. No one is immune to typos or carelessness. This is why the PVS-Studio can become an additional line of defense for you, on the front of the endless war against bugs.
Achievement Unlocked: Drive development, increase velocity, and write blissfu...All Things Open
Presented at: All Things Open 2019
Presented by: Gleb Bahmutov, Cypress.io
Find the original slides: https://cypress.slides.com/cypress-io/achievement-unlocked
ICSE 2022 - Software Batch Testing to Save Build Test Resources and to Reduce...Mohammad Javad Beheshtian
Testing is expensive and batching tests has the potential to reduce test costs. The continuous integration strategy of testing
each commit or change individually helps to quickly identify faults but leads to a maximal number of test executions. Large companies
that have a massive number of commits, e.g., Google and Facebook, or have expensive test infrastructure, e.g., Ericsson, must batch
changes together to reduce the number of total test runs.
These are the slides for the presentation I gave at ESUG 2008, on Continuous Integration in Kapital (the risk management system I work on at J.P. Morgan)
Static analysis should be used regularlyPVS-Studio
We have a practice of occasionally re-analyzing projects we have already checked with PVS-Studio. There are several reasons why we do so. For example, we want to know if we have managed to eliminate false positives for certain diagnostics. But the most interesting thing is to see how new diagnostic rules work and what errors they can find. It is very interesting to watch the tool catch more and more new defects in a project that seems to be cleaned out already. The next project we have re-checked is Clang.
Mockito 2.x Migration - Droidcon UK 2018Hazem Saleh
Mockito 2.x solves many problems that most of the Android developers were having in their tests in Mockito 1.x. But what if you are having today large tests written in Mockito 1.x and PowerMock, will it be an easy task to migrate?
Unfortunately, it is not a straightforward task since Mockito 2 is not fully compatible with the old behaviour of Mockito 1.x. Adding to this complexity, If you are having PowerMock in your old tests, then you will have to face another dimension of complexity since most of PowerMock’s versions are having integration issues with Mockito 2.x.
This session goes through the tips and tricks that you need to consider in order to migrate to and utilize Mockito 2.x. It has demos to show migrating Android app Mockito 1.x tests to Mockito 2.x.
Optimization in the world of 64-bit errorsPVS-Studio
In the previous blog-post I promised to tell you why it is difficult to demonstrate 64-bit errors by simple examples. We spoke about operator[] and I told that in simple cases even incorrect code might work.
What CS Class Didn't Teach About TestingCamille Bell
Computer Science classes don't teach testing. Testing is as critical to software engineering as writing code. Here I show what CS programs should have taught, but didn't.
Mob Programming delivers the very best from your entire team, technical and business alike. Learn about mob programming and how to bring mob programming to remote teams.
Becoming a Software Craftsman takes a lot of practice. Using Code Katas in Coding Dojos is an excellent way to get that practice in a low stress fun way. Discover how to do that.
To become really good at anything takes a lot of practice. Apprenticeships and formal mentoring, common in medieval times, are rare today. To create quality code we need solid practices like Test Driven Development and Pair Programming or Mobbing. In this software craftsmanship workshop attendees practiced those skills on in a code kata.
You're a Certified Scrum Master. Perhaps you are an Agile Manger, Agile Coach or Facilitator.
Maybe you are newly minted or maybe you've been doing it a while, but either way you've noticed that not everything seems to work according the way the training or certification class implied it should.
In this pressentation, Camille Bell explores what you weren't told in training, but need to know. Such as:
o What assumptions Scrum makes that may not apply to your company or organization
o Why some types of teams should not use Scrum and what they should use instead
o How soon Scrum of Scrum stops scaling and what to use when it doesn't scale
o Why some teams don't improve despite holding retrospectives
o How to recognize the hockey stick burn down and what to do about it
o What's a WIP limit and when it can be helpful
o When estimation most helpful, when it's a complete waste and what to do instead
o Why simple prioritization of a Product Backlog won't generate a Minimal Viable Product
o Why the As a.., I want.. So that.. user story isn't enough and what you need to add
o What are the critical missing practices your development team needs
• What is Behavior Driven Development?
• What is its value?
• How does BDD differ from Test-Driven Development?
• What is the role of the customer/product owner in BDD?
• What about teams that have traditional manual testers?
• What about teams that have developers but not testers?
• What is a good BDD test?
• What should be tested manually?
Growing Manual Testers into AutomatorsCamille Bell
Manual testing can't keep up with modern software development. Tests generated by Capture/Playback tools don't work either as these tests become brittle and break. Instead working with business and development testers need to create acceptance criteria that drives product development. To become automators testers need new tools. Testers need new ways of working. Testers need new skills. And the organization needs to support your testers growth. Here is how I and others have made it work.
Testing for Agility: Bringing Testing into EverythingCamille Bell
A testing focus can drive agility in every aspect of software development. Topics include: the cost of waiting to test, how waterfall can be transformed into agility with feedback, how testing can drive requirements discovery, testing your vision, testing during development, testing as part of integration and deployment, testing for customer acceptance, agile ratios of different types of tests, agile testing for bug fixes and maintenance, management concerns for agile testing and code coverage.
Kanban is an Lean practice that focuses on completing work. Used alone Kanban provides an evolutionary approach to agile development and better fits many SW development teams (like maintenance or sysadmin) that don't have an iterative cadence. Used in combination with agile processes like Scrum or Extreme Programming, Kanban practices like WIP limits and Service Level swim lanes solve issues real teams and companies encounter every day. Project managers should pay special attention to Kanban Lead Time metric.
Promoting Agility with Running Tested Features - Lightening TalkCamille Bell
This short Lighting Talk introduces the Running Tested Feature (RTF) metric, a wonderfully useful metric that's easy to collect and promotes agility. It provides examples of RTF when development has steady progress and when SW breaks. This talk also discusses what happens when people try to game the RTF metric.
The Running Tested Features metric provides developers, managers and customers alike with a clear, unambiguous gauge of real software development progress. Usable on any kind of development project, RTF’s focus on outcome instead of process makes RTF especially fit for Agile projects. Because RTF can be used with both Agile and Waterfall projects, RTF makes an excellent progress metric for teams transitioning to Agile.
Promoting Agility with Running Tested Features - PaperCamille Bell
The Running Tested Features (RTF) metric provides developers, managers and customers alike with a clear, unambiguous gauge of real software development progress. Usable on any kind of development project, RTF’s focus on outcome instead of process makes RTF especially fit for Agile projects. Because RTF can be used with both Agile and Waterfall projects, RTF makes an excellent progress metric for teams transitioning to Agile.
Adapting Agility: Getting your Agile Transformation UnstuckCamille Bell
In this presentation, I explore many common Agile transformation issues and what you can do about them. I cover challenges with customers, technical process, organizational hurdles, prioritization, agile requirements, etc. Some of the topics include:
o No single Product Owner in Scrum.
o No on-site customer for Extreme Programming.
o The user stories are too big.
o The user stories are too vague.
o Bug count is going up or not going down.
o Customer/Stakeholders/PO never choose technical stories for next iteration/sprint.
o Customer/Stakeholders/PO won't take the time to prioritize their backlog.
o Even though story points match prior velocity, there seems to be too much work.
o Stand-up or Scrum meetings take forever.
o Stand-up or Scrum meetings are short, but no one talks about real problems.
o Management doesn't value removing impediments quickly.
o Velocity seems to be slowing down.
o So many hoops to jump through that it takes forever to get anything done.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
1. cbell@CamilleBellConsul/ng.com
1
Automated Debugging with
git bisect
TDD
Camille
Bell
Agile
Coach
/
Rails
Developer
cbell@CamilleBellConsul9ng.com
Twi6er
@agilecamille
h;p://www.slideshare.net/Camille_Bell/
2. cbell@CamilleBellConsul/ng.com
2
How
do
you
find
a
bug
in
a
large
code
base
with
lots
of
commits?
1st
2nd
3rd
4th
97th
98th
99th
100th
3. cbell@CamilleBellConsul/ng.com
3
Debugging
Op9ons
• Manually
inspect
all
the
code
and
hope
you
find
the
bug
!"
• Logically
eliminate
some
of
the
code,
inspect
all
the
rest
and
hope
you
find
the
bug
!
• Use
automa9on
to
find
your
bug
fast
☺
4. cbell@CamilleBellConsul/ng.com
4
Steps
to
Target
the
Buggy
Code
• Create
new
or
use
an
exis9ng
automated
bug
detector
to
dis9nguish
between
bug
free
code
from
buggy
code
(usually
an
automated
test)
• Determine
the
bug
commit
range
– Use
git log
if
needed
• Use
git bisect
– Run
the
test
– Use
git diff
to
narrow
bug
to
code
lines
5. cbell@CamilleBellConsul/ng.com
5
Automa9ng
Bug
Detec9on
• Perhaps
you
already
have
a
good
automated
test,
but
weren’t
running
it
with
every
commit.
Use
that
test
(and
set
up
a
CI
server
soon).
• If
not
create
a
new
test
that
should
fail
(RED)
when
the
bug
is
present
and
pass
(GREEN)
when
the
bug
is
fixed.
– Write
the
test
in
whatever
test
language
makes
sense
(e.g.
RSpec
for
low
level
Ruby,
Cucumber
high
level
behavior,
Jasmine
for
JavaScript,
JUnit
for
Java,
NUnit
for
C#,
etc.)
6. cbell@CamilleBellConsul/ng.com
6
Verify
the
Test
Catches
the
Bug
• Run
the
test
on
the
latest
buggy
code
and
watch
it
fail
(RED).
• Go
back
to
a
known
good
commit,
run
the
test
and
watch
it
pass
(GREEN).
7. cbell@CamilleBellConsul/ng.com
7
$ rspec . –color
F.
Failures:
1) Account depositing to account produces the correct balance
when 9 dollars is deposited the balance is 10 dollars
Failure/Error: @account.balance.should == 1000
expected: 1000
got: 999.9999 (using ==)
# ./account_spec.rb:15:in `block (3 levels) in <top
(required)>'
Finished in 0.00058 seconds
2 examples, 1 failure
Failed examples:
rspec ./account_spec.rb:12 # Account depositing to account
produces the correct balance when 9 dollars is deposited the
balance is 10 dollars
$
Verifying
Failure
on
Known
Bad
Commit
8. cbell@CamilleBellConsul/ng.com
8
$ rspec . –color
..
Finished in 0.00047 seconds
2 examples, 0 failures
$
Verifying
Success
on
a
Known
Good
Commit
9. cbell@CamilleBellConsul/ng.com
9
Running
git bisect
• Start
with
a
known
bad
git repository
– $
git bisect start
– $
git bisect bad
– $
git bisect good <good_commit>
• Run
your
tests
• If
the
test
passes
– $
git bisect good
• If
the
test
fails
– $ git bisect bad
• Repeat
un9l
you
find
the
bad
commit
Use
either
tag
or
git
commit
#
If
needed
checkout
a
bad
git
commit
#
10. cbell@CamilleBellConsul/ng.com
10
!"#"#"#"#" #"#"#"
Determine
the
Bug
Commit
Range:
•
The
last
known
commit
without
the
bug
•
The
first
commit
aeer
the
bug
observed
Star9ng
Good
Commit
Star9ng
Bad
Commit
Bug
Inserted
Within
These
8
Commits
11. cbell@CamilleBellConsul/ng.com
11
git bisect does
a
binary
search
through
your
commit
range.
!"#"#"#"#" #"#"#"
Good
Commit
Bad
Commit
bisect
Star9ng
Commit
bisect begins
with
the
commit
halfway
between
the
known
good
commit
and
the
known
bad
commit
12. cbell@CamilleBellConsul/ng.com
12
Assume
the
1st
test
on
bisect failed.
!"!"#"#"#" !"!"!"
Good
Commit
Bad
Commit
bisect
Next
Commit
Then
bisect would
select
the
commit
between
the
known
good
commit
and
the
last
bad
bisect
Bad
Commit
Can
ignore
these
Commits
Bug
inserted
Within
These
4
Commits
13. cbell@CamilleBellConsul/ng.com
13
Assume
the
2nd
test
on
bisect passed.
!"!"#" !"!"!"
Good
Commit
Bad
Commit
Then
bisect would
select
the
commit
between
the
last
known
good
commit
and
the
last
bad
bisect
Bad
Commit
Can
ignore
these
Commits
Bug
inserted
Within
These
2
Commits
Can
ignore
these
Commits
Good
Commit
bisect
Next
Commit
14. cbell@CamilleBellConsul/ng.com
14
If
the
3rd
test
on
bisect failed.
!"!"!" !"!"!"
Good
Commit
Bad
Commit
Then
that
commit
is
where
the
bug
was
inserted.
Bad
Commit
Can
ignore
these
Commits
Bug
inserted
Within
These
2
Commits
Can
ignore
these
Commits
Good
Commit
Final
Commit
Failed
Test
15. cbell@CamilleBellConsul/ng.com
15
If
the
3rd
test
on
bisect passed.
!"!"!"!"!"
Good
Commit
Bad
Commit
Then
the
next
commit
is
where
the
bug
was
inserted.
Bad
Commit
Can
ignore
these
Commits
Bug
inserted
Within
These
2
Commits
Can
ignore
these
Commits
Good
Commit
Final
Commit
Passed
Test
16. cbell@CamilleBellConsul/ng.com
16
Example
Test
require_rela9ve
'account'
describe
Account
do
before
do
@star9ng_balance_in_pennies
=
100
@account
=
Account.new(@star9ng_balance_in_pennies)
end
context
"deposi9ng
to
account
produces
the
correct
balance"
do
it
"when
9
dollars
is
deposited
the
balance
is
10
dollars"
do
deposit_amount_in_pennies
=
900
@account.deposit(deposit_amount_in_pennies)
@account.balance.should
==
1000
end
end
end
17. cbell@CamilleBellConsul/ng.com
17
Some9mes
the
Commit
Messages
from
git log Pinpoint
the
Bug
$ git log --pretty="%h - %s"
561bb3a - added withdrawal and deposit messages
6ca7ee1 - added error
c546d1f - added to_s
1974592 - added withdrawal
7a8c508 - Initial commit
But
usually
the
log
only
provides
a
range
Known
Good
Commit
Known
Bad
Commit
18. cbell@CamilleBellConsul/ng.com
18
Star9ng
up
git bisect with
Test
on
the
Middle
git Commit
$ git bisect start
Already on 'master’
$ git bisect bad
$ git bisect good 7a8c508
Bisecting: 1 revision left to test after this (roughly
1 step)
[c546d1f89b5b0c14ab160e227fc83d62fb780e6f] added to_s
$ rspec . --color
..
Finished in 0.00071 seconds
2 examples, 0 failures
$ git bisect good
Bisecting: 0 revisions left to test after this (roughly
0 steps)
[6ca7ee1909bf0b3f7344feee25a5b44a97602e2c] added error
Known
Good
Commit
Known
Bad
Commit
If
the
tests
pass,
Tell
git bisect good
Otherwise
git bisect bad
C
O
M
M
I
T
19. cbell@CamilleBellConsul/ng.com
19
Test
on
the
final
git commit
$ rspec . --color
F.
Failures:
1) Account depositing to account produces the correct balance when 9
dollars is deposited the balance is 10 dollars
Failure/Error: @account.balance.should == 1000
expected: 1000
got: 999.9999 (using ==)
# ./account_spec.rb:15:in `block (3 levels) in <top (required)>'
Finished in 0.00053 seconds
2 examples, 1 failure
Failed examples:
rspec ./account_spec.rb:12 # Account depositing to account produces
the correct balance when 9 dollars is deposited the balance is 10
dollars
$
20. cbell@CamilleBellConsul/ng.com
20
$ git diff c546d1f 6ca7ee1
diff --git a/account.rb b/account.rb
index a979e55..0a572ef 100644
--- a/account.rb
+++ b/account.rb
@@ -5,7 +5,7 @@ class Account
end
def deposit(new_deposit)
- @balance += new_deposit
+ @balance += (new_deposit - 0.0001)
end
def withdrawl(new_withdrawl)
$
git diff Targets
the
Bug
Even
More
Good
Commit
Just
Before
Bug
Commit
Where
Bug
First
Appeared
Bug
inserted
in
one
or
more
of
the
+
lines.
21. cbell@CamilleBellConsul/ng.com
21
Thank You for Listening
Camille
Bell
Agile
Coach
/
Rails
Developer
cbell@CamilleBellConsul9ng.com
Twi6er
@agilecamille
h;p://www.slideshare.net/Camille_Bell/