1) The document proposes a method to track cross-system bug fixings (CSBFs) between systems like FreeBSD and OpenBSD.
2) An empirical study found that while the development teams were largely separate, a small but significant number of CSBFs were identified between FreeBSD and OpenBSD.
3) Committers involved in CSBFs had higher social metrics like degree and betweenness centrality, acted as more brokers between the teams, and were more active committers than others.
How Clones Are Maintained? 2007-2017
Lerina Aversano, Luigi Cerulo, Massimiliano Di Penta
Video here: https://zid.aau.at/?q=campustv/saner-2017-mip-award-and-presentation
How Clones Are Maintained? 2007-2017
Lerina Aversano, Luigi Cerulo, Massimiliano Di Penta
Video here: https://zid.aau.at/?q=campustv/saner-2017-mip-award-and-presentation
The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions and communication protocols used in computer networks. It provides a structured approach to understanding and designing network architectures, allowing different systems and devices to communicate with each other effectively.
The OSI model consists of seven interconnected layers, each responsible for specific functions and services. Here is a brief description of each layer:
Physical Layer: The physical layer is the lowest layer of the OSI model. It deals with the physical transmission of data over the network medium, including cables, connectors, and electrical signals. It defines characteristics such as voltage levels, data rates, and physical connectors.
Data Link Layer: The data link layer provides reliable point-to-point or point-to-multipoint data transfer between network nodes. It is responsible for framing data into packets, error detection and correction, and flow control. Ethernet switches operate at this layer.
Network Layer: The network layer manages the routing and forwarding of data packets across different networks. It determines the optimal path for data transmission, handles addressing, and controls congestion in the network. Routers operate at this layer.
Transport Layer: The transport layer ensures reliable end-to-end data delivery between hosts. It segments data from the upper layers into smaller packets, manages data flow, and provides error recovery mechanisms. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at this layer.
Session Layer: The session layer establishes, manages, and terminates communication sessions between applications. It provides services such as session establishment, maintenance, and synchronization, allowing multiple applications to communicate and coordinate their activities.
Presentation Layer: The presentation layer is responsible for data representation, encryption, compression, and translation. It ensures that data from the application layer is in a format that can be understood by the receiving system.
Application Layer: The application layer is the topmost layer of the OSI model. It provides a direct interface between the network and the applications. It includes protocols and services that support specific applications, such as HTTP for web browsing, SMTP for email, and FTP for file transfer.
The OSI model follows a layered approach, where each layer performs specific functions while relying on the services provided by the layers below it. This modular design allows for interoperability between different network technologies and facilitates easier troubleshooting and development of network protocols.
It's important to note that the OSI model is a conceptual framework and not a specific implementation. Actual networking protocols, such as TCP/IP, do not strictly adhere to the OSI model but borrow concepts from it.
A framework that helps to understand complex network interactions. It is the part of the Internet communications process where these connections occur, by sending packets of data back and forth between different networks. There are two models that are widely referenced today: OSI and TCP/IP. The concepts are similar, but the layers themselves differ between the two models.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions and communication protocols used in computer networks. It provides a structured approach to understanding and designing network architectures, allowing different systems and devices to communicate with each other effectively.
The OSI model consists of seven interconnected layers, each responsible for specific functions and services. Here is a brief description of each layer:
Physical Layer: The physical layer is the lowest layer of the OSI model. It deals with the physical transmission of data over the network medium, including cables, connectors, and electrical signals. It defines characteristics such as voltage levels, data rates, and physical connectors.
Data Link Layer: The data link layer provides reliable point-to-point or point-to-multipoint data transfer between network nodes. It is responsible for framing data into packets, error detection and correction, and flow control. Ethernet switches operate at this layer.
Network Layer: The network layer manages the routing and forwarding of data packets across different networks. It determines the optimal path for data transmission, handles addressing, and controls congestion in the network. Routers operate at this layer.
Transport Layer: The transport layer ensures reliable end-to-end data delivery between hosts. It segments data from the upper layers into smaller packets, manages data flow, and provides error recovery mechanisms. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at this layer.
Session Layer: The session layer establishes, manages, and terminates communication sessions between applications. It provides services such as session establishment, maintenance, and synchronization, allowing multiple applications to communicate and coordinate their activities.
Presentation Layer: The presentation layer is responsible for data representation, encryption, compression, and translation. It ensures that data from the application layer is in a format that can be understood by the receiving system.
Application Layer: The application layer is the topmost layer of the OSI model. It provides a direct interface between the network and the applications. It includes protocols and services that support specific applications, such as HTTP for web browsing, SMTP for email, and FTP for file transfer.
The OSI model follows a layered approach, where each layer performs specific functions while relying on the services provided by the layers below it. This modular design allows for interoperability between different network technologies and facilitates easier troubleshooting and development of network protocols.
It's important to note that the OSI model is a conceptual framework and not a specific implementation. Actual networking protocols, such as TCP/IP, do not strictly adhere to the OSI model but borrow concepts from it.
A framework that helps to understand complex network interactions. It is the part of the Internet communications process where these connections occur, by sending packets of data back and forth between different networks. There are two models that are widely referenced today: OSI and TCP/IP. The concepts are similar, but the layers themselves differ between the two models.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
1. Social Interactions around
Cross-System Bug Fixings:
The Case of
FreeBSD and OpenBSD
Gerardo Canfora, Luigi Cerulo,
Marta Cimitile, Massimiliano Di Penta
dipenta@unisannio.it
2. Context
Source code is often reused across different systems
Unixes (FreeBSD, OpenBSD, Linux)
Office applications (NeoOffice, OpenOffice)
Desktop environment apps (KDE or GNOME apps)
Maintenance might require to propagate bug fixings
We call this “Cross System Bug Fixing” (CSBF)
Example:
FreeBSD, 1996/01/19, file ip_icmp.h:
– “Added definitions for ICMP router discovery. Reviewed by:
wollman
OpenBSD, 1996/08/02, file ip_icmp.h:
– “ICMP Router Discovery definitions; from FreeBSD”
3. What we propose
A method to track CSBFs
A study on the social characteristics
and development activity made by
CSBF committers
degree, betweenness, brokerage
commits, lines changed
4. Detecting CSBF - I
Step 1: mining cross-referencing commits
openbsd, atphy.c,2008/09/25 20:47:16,brad,
Add a driver for the Attansic F1 PHY. From FreeBSD via
kevlo@
Step 2: mine commits previously performed on files
with same name in the other system
freebsd,atphy.c,2008/05/19 01:12:10,yongari,
Add Attansic/Atheros F1 PHY driver.
openbsd, atphy.c,2008/09/25 20:47:16,brad,
Add a driver for the Attansic F1 PHY. From FreeBSD via
kevlo@
5. Detecting CSBF - II
Step 3: compute file similarity with clone detection
CCFinder
Threshold: at least 10% of cloned lines
Step 4: take the previous change with the highest
textual similarity in the commit note
Use of Vector Space models
Cosine similarity; threshold (0.20) to filter out unrelated
commits
Add Attansic/Atheros F1 PHY driver.
= 0.72
Add a driver for the Attansic F1 PHY. From FreeBSD via kevlo@
6. Building Committers' Network
We extract communication from mailing
lists
Bug fixing mailing lists
Heuristic similar to the one of Bird et al.
[2006] to map inconsistent namings /
emails
Also, to map committer Ids to mailing list
names/emails
Nodes of the network labeled as:
Committer / other mailing list contributors
CSBFs committer
7. Empirical Study
Goal: analyze the phenomenon of CSBFs
Purpose: understanding its relevance with
respect to the social characteristics of the
involved developers
Context: CVS repositories and mailing lists
archives of FreeBSD and OpenBSD
Period: 1993-2009 (FreeBSD), 1998-2009
(OpenBSD)
Commits: 119,000 (FreeBSD), 70,000 (OpenBSD)
8. Research Questions
RQ1: How do the source code committers
and contributors of the two systems
overlap?
RQ2: How frequent is the phenomenon of
CSBFs?
RQ3: Who are the contributors involved in
CSBFs?
RQ4: Are mailing list contributors involved
in CSBFs more active than others?
9. RQ1 – Team overlap
FreeBSD OpenBSD Both
Committers 383 211 26
Mailing list contribs 8035 3843 359
Committers and 213 122 17
mailing list contributors
The two projects have less than 10% of
common contributors →
the development team of Free and
Open BSD is really different
10. RQ2 – Commit filtering
1000 933
900
800
700
600
500 439
400
296
300
200 133 120
100
59
0
FreeBSD OpenBSD
Referring commits Cloned files Linked commits
At the end of the filtering not that many but...
11. RQ2 – Cloned lines in CSBF files
C source files header files
Percentage smaller for .h files
Use of preprocessor conditional to make header files system-
dependent
#if defined(__FreeBSD__)
13. RQ3: social characteristics
Importance in terms of
(in/out) degree: number of (incoming/outcoming)
communication links
Betweenness: number of communications for which the
node is in the short path
Brokerage metrics: useful to analyze the
communication between two clusters
B is a coordinator
B is a gatekeeper
B is a representative
14. RQ3 – social characteristics
Representative
Gatekeeper
12
Coordinator /10
10
Betweenness / 1000
8
Out-degree
Column 1
6
In-degree Column 2
Column 3
4
Degree
2 0 5 10 15 20 25 30 35 40 45 50
0
Row 1 CSBF
Row 2 Others
Row 3 Row 4
All differences statistically significant
High effect size (Cohen d>1)
Contributors involved in CSBF have a higher importance in
the communication and in the flow of communication
between systems
16. RQ4 – change activity of CSBF
committers and others
LOC added/removed Commits
40000 1500
1000
20000
500
0 0
FreeBSD OpenBSD FreeBSD OpenBSD
CSBF Others CSBF Others
All differences statistically significant
High effect size (Cohen d∼1)
Contributors involved in CSBF are more active
than others
17. Conclusions and Work-in-Progress
We proposed method to mine CSBF
We reported a study on FreeBSD and OpenBSD where:
Development team is almost disjoint
There is a small, though not negligible portion of CSBF
Committers involved in CSBF have
– Higher social importance
– Higher brokerage level
– Higher activity in source code commits
Work-in-progress:
Better approaches to identify implicit CSBF, tracking and
linking changes occurring on both systems
More extensive study on less obvious cases