This document discusses the Capsicum capability model and its use in sandboxing systems in FreeBSD. Capsicum allows tight sandboxing by limiting access when a process enters capability mode using cap_enter(). It describes debugging capabilities like ktrace and enotcap. It also introduces Casper, which provides additional capabilities through delegation before entering capability mode. Casper allows easier process separation by creating services run with user privileges that processes can then securely access through APIs. The document outlines several system services implemented through Casper and future work integrating it more fully with libc and sandboxing additional system services.
PLAM 2015 - Evolving Backups Strategy, Devploying pyxbackupJervin Real
Not all backup requirements are the same, there are simple backups and then there are complex backup and recovery strategies. After working with hundreds of users laying out the ground work, we've decided that although not all installations are the same, all of them run through the same procedure so we have decided to automate most of this things with pyxbackup. This talk will highlight the evolution of the project from the most basic backup implementation to extending capabilities for different scenarios like compression, remote storage, encryption and being a portable, comprehensible backup utility for the novice and experts alike.
The pyxbackup project can be found at:
https://github.com/dotmanila/pyxbackup
Is It Faster to Go with Redpanda Transactions than Without Them?!ScyllaDB
P99 CONF
We all know that distributed transactions are expensive, have higher latency and lower throughput compared to a non-transactional workload. It's just common sense that when we ask a system to maintain transactional guarantees it should spend more time on coordination and thus have poorer performance, right?
Well, it's true that we can't get rid of this overhead. But at the same time each transaction defines a unit of work, so the system stops dealing with individual requests and becomes more aware about the whole workload. Basically it gets more information and may use it for new kinds of optimizations which compensate for the overhead.
In this talk I'll describe how Redpanda optimized the Kafka API and pushed throughput of distributed transactions up to eight times beyond an equivalent non-transactional workload while preserving sane latency.
Caching in Docker - the hardest thing in computer scienceJarek Potiuk
Presentation about problems encountered while building Breeze - Development Environment for Apache Airflow. Docker is great for containerisation but when you are trying to make full use of it for caching and development, there are a number of problems you have to overcome.
PLAM 2015 - Evolving Backups Strategy, Devploying pyxbackupJervin Real
Not all backup requirements are the same, there are simple backups and then there are complex backup and recovery strategies. After working with hundreds of users laying out the ground work, we've decided that although not all installations are the same, all of them run through the same procedure so we have decided to automate most of this things with pyxbackup. This talk will highlight the evolution of the project from the most basic backup implementation to extending capabilities for different scenarios like compression, remote storage, encryption and being a portable, comprehensible backup utility for the novice and experts alike.
The pyxbackup project can be found at:
https://github.com/dotmanila/pyxbackup
Is It Faster to Go with Redpanda Transactions than Without Them?!ScyllaDB
P99 CONF
We all know that distributed transactions are expensive, have higher latency and lower throughput compared to a non-transactional workload. It's just common sense that when we ask a system to maintain transactional guarantees it should spend more time on coordination and thus have poorer performance, right?
Well, it's true that we can't get rid of this overhead. But at the same time each transaction defines a unit of work, so the system stops dealing with individual requests and becomes more aware about the whole workload. Basically it gets more information and may use it for new kinds of optimizations which compensate for the overhead.
In this talk I'll describe how Redpanda optimized the Kafka API and pushed throughput of distributed transactions up to eight times beyond an equivalent non-transactional workload while preserving sane latency.
Caching in Docker - the hardest thing in computer scienceJarek Potiuk
Presentation about problems encountered while building Breeze - Development Environment for Apache Airflow. Docker is great for containerisation but when you are trying to make full use of it for caching and development, there are a number of problems you have to overcome.
Максим Барышиков-«WoT: Geographically distributed cluster of clusters»Tanya Denisyuk
"World of Tanks — MMOG с зарегистрированным пиковым онлайном превышающем 1 миллион пользователей. Авторитарная архитектура сервера (весь расчет физического мира происходит на стороне сервера и затем транслируется подклчюенным клиентам) позволяет эффективно защититься от нечестной игры, но вместе с тем создает значительную дополнительную нагрузку на серверную инфраструктуру.
В докладе рассказывается об инженерных решениях, принятых на разных стадиях разработки игры, их последствиях, и о том, как в конечном итоге организован географически распределенный «кластер кластеров» World of Tanks."
Replacing Simple Puppet Modules with ProvidersPuppet
We've probably all gone looking for the resolv.conf module, or managed a template just so we could disable PermitRootLogin, or grumbled a little at how the host provider works. What if rather than managing modules for these things, there was an idempotent type available? That is the goal of augeasproviders by the Hercules Team. By writing custom types and providers using augeas you can go back to defining your environment with a DSL, rather than managing templates and additional modules.
Greg Swift
Linux Engineer, Rackspace
Greg is a Linux Engineer for Rackspace. An open source enthusiast by day and a fire performer by night, he has been working extensively with Augeas inside Puppet for the past two years, including contributions to the Augeasproviders module.
Restinio - header-only http and websocket servercorehard_by
Restinio - header-only http and websocket server, Николай Гродзицкий
RESTinio is a header-only library for creating REST applications in c++. It helps to create http server that can handle requests asynchronously. And since v.0.3 it supports websockets.
Rust is a system programming language focused on safety, speed, and concurrency. It's standard library provides API for dealing with I/O, but for now in a synchronous way. In this talk we'll dive into the ecosystem of asynchronous libraries published so far on crates.io and how to use them in order to build robust, scalable, and production ready network clients and servers.
How to manage stateful applications in KubernetesFlorian Woerner
Managing stateless applications with Kubernetes is easy, but it becomes complex when information needs to persist in time, like for example for databases.
During this talk, I will go through the state of the Kubernetes storage ecosystem and make a demo to demonstrate how to manage persistent volume in Kubernetes.
Unikraft: Fast, Specialized Unikernels the Easy WayScyllaDB
P99 CONF
Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraft, a novel micro-library OS that (1) fully modularizes OS primitives so that it is easy to customize the unikernel and include only relevant components and (2) exposes a set of composable, performance-oriented APIs in order to make it easy for developers to obtain high performance.
Our evaluation using off-the-shelf applications such as nginx, SQLite, and Redis shows that running them on Unikraft results in a 1.7x-2.7x performance improvement compared to Linux guests. In addition, Unikraft images for these apps are around 1MB, require less than 10MB of RAM to run, and boot in around 1ms on top of the VMM time (total boot time 3ms-40ms). Unikraft is a Linux Foundation open source project and can be found at www.unikraft.org.
Three engineers, at various points, each take their own approach adding Rust to a C codebase, each being more and more ambitious. I initially just wanted to replace the server’s networking and event loop with an equally fast Rust implementation. We’d reuse many core components that were in C and just call into them from Rust. Surely it wouldn’t be that much code…
Pelikan is Twitter’s open source and modular framework for in-memory caching, allowing us to replace Memcached and Redis forks with a single codebase and achieve better performance. At Twitter, we operate hundreds of cache clusters storing hundreds of terabytes of small objects in memory. In-memory caching is critical, and demands performance, reliability, and efficiency.
In this talk, I’ll share my adventures in working on Pelikan and how rewriting it in Rust can be more than just a meme.
Из презентации вы узнаете:
про большинство утилит из арсенала Go, предназначенных для оптимизации производительности;
— как и когда их (утилиты) использовать, а также мы посмотрим как они устроены внутри;
— про применимость linux утилиты perf для оптимизации программ на Go.
Кроме того, устроим небольшой crash course, в рамках которого поэтапно соптимизируем несколько небольших программ на Go с использованием вышеперечисленных утилит.
Crimson: Ceph for the Age of NVMe and Persistent MemoryScyllaDB
Ceph is a mature open source software-defined storage solution that was created over a decade ago.
During that time new faster storage technologies have emerged including NVMe and Persistent memory.
The crimson project aim is to create a better Ceph OSD that is more well suited to those faster devices. The crimson OSD is built on the Seastar C++ framework and can leverage these devices by minimizing latency, cpu overhead, and cross-core communication. This talk will discuss the project design, our current status, and our future plans.
Максим Барышиков-«WoT: Geographically distributed cluster of clusters»Tanya Denisyuk
"World of Tanks — MMOG с зарегистрированным пиковым онлайном превышающем 1 миллион пользователей. Авторитарная архитектура сервера (весь расчет физического мира происходит на стороне сервера и затем транслируется подклчюенным клиентам) позволяет эффективно защититься от нечестной игры, но вместе с тем создает значительную дополнительную нагрузку на серверную инфраструктуру.
В докладе рассказывается об инженерных решениях, принятых на разных стадиях разработки игры, их последствиях, и о том, как в конечном итоге организован географически распределенный «кластер кластеров» World of Tanks."
Replacing Simple Puppet Modules with ProvidersPuppet
We've probably all gone looking for the resolv.conf module, or managed a template just so we could disable PermitRootLogin, or grumbled a little at how the host provider works. What if rather than managing modules for these things, there was an idempotent type available? That is the goal of augeasproviders by the Hercules Team. By writing custom types and providers using augeas you can go back to defining your environment with a DSL, rather than managing templates and additional modules.
Greg Swift
Linux Engineer, Rackspace
Greg is a Linux Engineer for Rackspace. An open source enthusiast by day and a fire performer by night, he has been working extensively with Augeas inside Puppet for the past two years, including contributions to the Augeasproviders module.
Restinio - header-only http and websocket servercorehard_by
Restinio - header-only http and websocket server, Николай Гродзицкий
RESTinio is a header-only library for creating REST applications in c++. It helps to create http server that can handle requests asynchronously. And since v.0.3 it supports websockets.
Rust is a system programming language focused on safety, speed, and concurrency. It's standard library provides API for dealing with I/O, but for now in a synchronous way. In this talk we'll dive into the ecosystem of asynchronous libraries published so far on crates.io and how to use them in order to build robust, scalable, and production ready network clients and servers.
How to manage stateful applications in KubernetesFlorian Woerner
Managing stateless applications with Kubernetes is easy, but it becomes complex when information needs to persist in time, like for example for databases.
During this talk, I will go through the state of the Kubernetes storage ecosystem and make a demo to demonstrate how to manage persistent volume in Kubernetes.
Unikraft: Fast, Specialized Unikernels the Easy WayScyllaDB
P99 CONF
Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraft, a novel micro-library OS that (1) fully modularizes OS primitives so that it is easy to customize the unikernel and include only relevant components and (2) exposes a set of composable, performance-oriented APIs in order to make it easy for developers to obtain high performance.
Our evaluation using off-the-shelf applications such as nginx, SQLite, and Redis shows that running them on Unikraft results in a 1.7x-2.7x performance improvement compared to Linux guests. In addition, Unikraft images for these apps are around 1MB, require less than 10MB of RAM to run, and boot in around 1ms on top of the VMM time (total boot time 3ms-40ms). Unikraft is a Linux Foundation open source project and can be found at www.unikraft.org.
Three engineers, at various points, each take their own approach adding Rust to a C codebase, each being more and more ambitious. I initially just wanted to replace the server’s networking and event loop with an equally fast Rust implementation. We’d reuse many core components that were in C and just call into them from Rust. Surely it wouldn’t be that much code…
Pelikan is Twitter’s open source and modular framework for in-memory caching, allowing us to replace Memcached and Redis forks with a single codebase and achieve better performance. At Twitter, we operate hundreds of cache clusters storing hundreds of terabytes of small objects in memory. In-memory caching is critical, and demands performance, reliability, and efficiency.
In this talk, I’ll share my adventures in working on Pelikan and how rewriting it in Rust can be more than just a meme.
Из презентации вы узнаете:
про большинство утилит из арсенала Go, предназначенных для оптимизации производительности;
— как и когда их (утилиты) использовать, а также мы посмотрим как они устроены внутри;
— про применимость linux утилиты perf для оптимизации программ на Go.
Кроме того, устроим небольшой crash course, в рамках которого поэтапно соптимизируем несколько небольших программ на Go с использованием вышеперечисленных утилит.
Crimson: Ceph for the Age of NVMe and Persistent MemoryScyllaDB
Ceph is a mature open source software-defined storage solution that was created over a decade ago.
During that time new faster storage technologies have emerged including NVMe and Persistent memory.
The crimson project aim is to create a better Ceph OSD that is more well suited to those faster devices. The crimson OSD is built on the Seastar C++ framework and can leverage these devices by minimizing latency, cpu overhead, and cross-core communication. This talk will discuss the project design, our current status, and our future plans.
The current Linux kernel /proc/PID interface is great, time-proven and reliable way to get info about processes running on a system. Right? Well, yes and no. We found out (and you, too, might have noticed it) this is what makes ps and top slow when there are thousands of processes running. Besides the speed, there are a number of other problems with the current /proc/PID interface.
The talk describes all those in great details, then goes on to the alternative we are proposing for inclusion to the kernel, a new interface called task_diag. The new interface is slick, fast (5-10x speed improvement), and extendable.
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...Yandex
Lightweight virtualization", also called "OS-level virtualization", is not new. On Linux it evolved from VServer to OpenVZ, and, more recently, to Linux Containers (LXC). It is not Linux-specific; on FreeBSD it's called "Jails", while on Solaris it’s "Zones". Some of those have been available for a decade and are widely used to provide VPS (Virtual Private Servers), cheaper alternatives to virtual machines or physical servers. But containers have other purposes and are increasingly popular as the core components of public and private Platform-as-a-Service (PAAS), among others.
Just like a virtual machine, a Linux Container can run (almost) anywhere. But containers have many advantages over VMs: they are lightweight and easier to manage. After operating a large-scale PAAS for a few years, dotCloud realized that with those advantages, containers could become the perfect format for software delivery, since that is how dotCloud delivers from their build system to their hosts. To make it happen everywhere, dotCloud open-sourced Docker, the next generation of the containers engine powering its PAAS. Docker has been extremely successful so far, being adopted by many projects in various fields: PAAS, of course, but also continuous integration, testing, and more.
syzkaller is an unsupervised, coverage-guided Linux syscall fuzzer.
The presentation covers basic of operation of the fuzzer, gives tutorial on how to run it and how to extend it to fuzz new drivers.
This course gets you started with writing device drivers in Linux by providing real time hardware exposure. Equip you with real-time tools, debugging techniques and industry usage in a hands-on manner. Dedicated hardware by Emertxe's device driver learning kit. Special focus on character and USB device drivers.
Delve Labs was present during the GoSec 2016 conference, where our lead DevOps engineer presented an overview of the current options available for securing Docker in production environments.
https://www.delve-labs.com
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
1. Mariusz Zaborski: Case studies of sandboxing base system
with Capsicum
Outline
● capsicum
● is capsicumizing hard?
● debugging infra
● casper
● future
Capsicum
● echo: can read write all data
● capability model
● kernel inra
○ tight sandboxing
○ cap_enter()
Capsicum vs namespaces
● PIDs
● file paths
● NFS handles
● fs ids
● sysctl mib
● sysv ipc
● posix ipc
● clocks
● jails
● CPU sets
● protocol addrs
● routing tables
Capsicum
● int cap_enter(void);
● int cap_rights_limit(int fd, const cap_rights_t *rights);
● caps as file descriptors
rights
● CAP_READ, WRITE, APPEND, ACCEPT, FCHMOD, CREATE, UNLINKAT< IOCTL, RECV, LISTEN
Capsicum
● two ways to obtain more caps
○ initialization phase
○ delegation
● Privileged -> Resources
○ -> Sandboxed (send resource by fd passing)
Is capsicumizing hard?
● Not for new code. Existing code?
2015 sandboxing effort
● dhclient, ...
2016 sandboxing effort
● much more
bspatch(1)
● SA-16:25: negative value
● SA-16:29: integer overflows
bspatch(1) - Step 0: read the code
● (... C code …)
2. Step 1: code reorg
● every single open is done during initialization phase, i.e. move open before cap_enter()
Step 2: read more code
● code attempts to read from fds, seeking on fds
Step 3: limit operations on fds
● CAP_READ, CAP_SEEK
cmp(1) - deduplicate code
● read file, determine if same or not
capsicum helpers
● capsicum_helpers.h
● inline functions
○ caph_limit_stream(), limit_stdout(), limit_stdin(), limit_stderr()
libc is not your friend
● err(3)
● localtime(3)
● syslog
● modify vdso to not open device
● more helpers
○ caph_cache_catpages(): NLS support
○ caph_cache_tzdata()
debugging infrastructure
● ktrace/kdump
○ getting only trace
● very easy to miss something
● hard to cover all paths
debugging - krace
● (example output)
debugging - enotcap
● kern.trap_enotcap
● procctl(PROC_TRAPCAP_CTL)
● get core dump
● hard to miss something
● hard to cover all code paths
debugging - enotcap
● (example enotcap SIGTRAP)
libCasper
● 2nd way to get more caps: delegation
Casper
● provides functionality not avail in cap mode through convenient APIs
● easier process separation
● done before entering Capability mode
● Creating zygote
● set of dynamic libs
Casper: how?
● process (cap_init()) -> casper -> zygote
● casper -> service (cap_service_open())
● cap_close(): leave only process->service
Casper
● system.dns
● system.grp
● system.pwd: password files
● system.random
● system.sysctl
Traceroute - capsicumize with casper
3. (.. C code …)
casper - mocks
● reduce amount of ifdefs in code
● hide ifdefs in lib itself
● use inline/defines to create mocks
● e.g.
○ cap_gethostbyname ifdef’ed to gethostbyname in header if not using casper
Future!
Casper - next next generation
● integration with libc?
○ make libc more pluggable, e.g. multiple gethostbyname functions (scott: nss?)
○ start casper in _start
● sandbox services
○ services run with user privileges
○ reduce TCB
Casper services
● system.filesystem
● system.syslog
● system.login
● system.tls
● system.socket
● system.configuration
Casper - dhclient(8)
(SIGTRAP core dump example)
dhclient started before syslog in initscripts
Casper - system.syslog
● change the order? (not viable)
● casper service D12824
● fixed dhclient D12825
casper - sshd(8)
(sshd core dump example)
● login_getpwclass() was failing
● opens $HOME/login.conf and /etc/login.conf
● patch specific to FreeBSD
Acknowledgements
Q&A
● per thread caps? A: caps represented by descriptors, so no
● much more fine grained than OpenBSD pledge? A: yes
● Is this a bit like Android permissions? A: no, fd represent a much more precise thing. More granular.
