This document provides an overview and agenda for a presentation on development tools including Subversion (SVN) for version control, Apache Ant for build automation, JUnit for testing, and ticketing systems. It discusses hands-on examples for using these tools on a sample project called ZooZooPet, including branching, tagging, merging, writing JUnit tests, and setting up an Ant build file. Testing techniques like test-driven development are explained. Debugging strategies and the importance of continuous integration are also covered.
University of Virginia
cs4414: Operating Systems
http://rust-class.org
What happened with Apple's SSL implementation
How to make sure this doesn't happen to you!
Sharing data
ARCs in Rust
Scheduling
For embedded notes, see:
University of Virginia
cs4414: Operating Systems
http://rust-class.org
What happened with Apple's SSL implementation
How to make sure this doesn't happen to you!
Sharing data
ARCs in Rust
Scheduling
For embedded notes, see:
This is the ppt from a talk I gave recently to an audience of elderly folk. I hope it's clear what my message is: to have a stable monetary system, we need appropriate boundaries and regulation, neither which are delivered by a market approach. It's also true that governments do not need to borrow money for investment in productive infrastructure. Feedback always welcomed.
Human Capital as 21st Century Infrastructure Sustento
Examines how ever evolving and disruptive technology impacts major infrastructure investment and proposes that we look at human capital as the most important piece of 21st century infrastructure.
Why do customers every now and then find issues we didn’t find, despite all the efforts we put in testing? Is it maybe because we don’t test the system as the customer uses it? Using real-life tests based upon operational profiles will help you find the bugs before your customer does. And in case your customer still finds these nasty intermittent, hard-to-reproduce, problems, the very same technique helps you to pin-point its root cause.
This presentation was held at the Dutch Testing Conference 2014, Ede
Alexei Vladishev - Zabbix - Monitoring Solution for EveryoneZabbix
Paris Zabbix User Group Meetup 2016
June 23, 2016
1. Open Source
2. Zabbix Architecture
3. Data Collection
4. Problem Detection
5. Problem Forecasting / Trend Prediction
6. Lifecycle and Support Policy
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
This is the ppt from a talk I gave recently to an audience of elderly folk. I hope it's clear what my message is: to have a stable monetary system, we need appropriate boundaries and regulation, neither which are delivered by a market approach. It's also true that governments do not need to borrow money for investment in productive infrastructure. Feedback always welcomed.
Human Capital as 21st Century Infrastructure Sustento
Examines how ever evolving and disruptive technology impacts major infrastructure investment and proposes that we look at human capital as the most important piece of 21st century infrastructure.
Why do customers every now and then find issues we didn’t find, despite all the efforts we put in testing? Is it maybe because we don’t test the system as the customer uses it? Using real-life tests based upon operational profiles will help you find the bugs before your customer does. And in case your customer still finds these nasty intermittent, hard-to-reproduce, problems, the very same technique helps you to pin-point its root cause.
This presentation was held at the Dutch Testing Conference 2014, Ede
Alexei Vladishev - Zabbix - Monitoring Solution for EveryoneZabbix
Paris Zabbix User Group Meetup 2016
June 23, 2016
1. Open Source
2. Zabbix Architecture
3. Data Collection
4. Problem Detection
5. Problem Forecasting / Trend Prediction
6. Lifecycle and Support Policy
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
A science-gateway for workflow executions: online and non-clairvoyant self-h...Rafael Ferreira da Silva
PhD Thesis presented on November 29th 2013 at INSA-Lyon
Abstract - Science gateways, such as the Virtual Imaging Platform (VIP), enable transparent access to distributed computing and storage resources for scientific computations. However, their large scale and the number of middleware systems involved lead to many errors and faults. In practice, science gateways are often backed by substantial support staff who monitors running experiments by performing simple yet crucial actions such as rescheduling tasks, restarting services, killing misbehaving runs or replicating data files to reliable storage facilities. Fair quality of service (QoS) can then be delivered, yet with important human intervention. Automating such operations is challenging for two reasons. First, the problem is online by nature because no reliable user activity prediction can be assumed, and new workloads may arrive at any time. Therefore, the considered metrics, decisions and actions have to remain simple and to yield results while the application is still executing. Second, it is non-clairvoyant due to the lack of information about applications and resources in production conditions. Computing resources are usually dynamically provisioned from heterogeneous clusters, clouds or desktop grids without any reliable estimate of their availability and characteristics. Models of application execution times are hardly available either, in particular on heterogeneous computing resources. In this thesis, we propose a general healing process for autonomous detection and handling of operational incidents in workflow executions. Instances are modeled as Fuzzy Finite State Machines (FuSM) where state degrees of membership are determined by an external healing process. Degrees of membership are computed from metrics assuming that incidents have outlier performance, e.g. a site or a particular invocation behaves differently than the others. Based on incident degrees, the healing process identifies incident levels using thresholds determined from the platform history. A specific set of actions is then selected from association rules among incident levels.
For more information visit http://www.rafaelsilva.com
Can you go faster with less weight? In 45 minutes, I build a web server with an address book with tests firsts and no frameworks. What can you do if you really understand what's going on?
As the leap second approaches, there is no better time to reflect on our misconceptions about time and numerals, past catastrophes and possible mitigation techniques.
In this advanced session, we will investigate all the ways that you can automate your testing processes with TestBox and many CI and automation tools. From Jenkins integration, Travis CI, Node runners, Grunt watchers and much more. This session will show you the value of continuous integration and how to apply it with modern tools and technologies.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
74. ZooZooPet | Best game ever
1.0 released (1 billion download)
Thinking about 2.0 features
More animals
Team#2 assigned
Bug found in public release of 1.0!
74
75. Hands on 2/3
1.0 released
Bug #1 filed
Bug fix on 1.0, release 1.1
2.0 release
75
138. Bust or Budget game rule
class BustOrBudgetGameTest {
@Test
void itShouldEndWhenThereIsOnlyOnePlayingTeam()
{
// Given ...
bobGameDriver.startGame(team1, team2);
// ...
// When ...
bobGameDriver.endTurn(team2, true);
assert bobGameDriver.teamInPlay.size == 1;
// Then
assert bobGameDriver.matchOver == true;
}
}
138
139. Poll: When to run tests?
1. Before a major deadline
2. After major code change
3. When Prof. Simha looks over your
shoulder
4. When Prof. Parmer looks over your
shoulder
5. All of the above
6. None of the above
139
During this talkExpress my opinionAs you move on with your careerYou may find people with different opinionsWhen you talk to these peopleAll I want you to remember Is that I was right
Why?Most commonJoel Spolsky12 Steps to Better Code
… Let me introduce myself
At the same time!
$1M
2 promotions in 2 yearsManager of dev teamYoungest managerLed team of 5, within team of 40 spread over in 4 continentsDelivered AV/AS sig to 3M+ customers (AOL, Verizon, Fortune 500 etc.)Earned more money than my parents combined
… Looking for a challengeUse tech to empower
…Friend tells me about Charles
… Build prototype1st customer
…Great achievements
… Build beautiful interface>> Pull out table tablet
…Deliver to kiosks, tablets
…We use tech to supportwellness & prog at senior communitiesAlexandria, VA
…I like to think that …great soft eng product …is the result of the effort of a great teamLed by vision and strategyEveryone on the team is moving together in the same directionIn order to be efficient, need for structureTools help
…Before I talk about toolsHighlight the differences
…Work with a lot more peopleCommunication (MMM)Everyone is differentCollaborate and come together on product
…Having worked at CA
… Land on project with few years of existenceExpected to last more yearsProject needs to be sustainableand maintainableDecision are made for the long term
… Land on project with existing codeMore developers, more code: dauntingCode not written by youUnderstand the existing and improve on it
…So far you have been dealing with nice professors$$$Expectation, Support
…First feature of SVNImportant because:Code=Asset, IPBackupSecure locationRestricted access
…Second feature of SVNImportant because:Collaborationand sharing
…Third feature of SVNAudit & reviewWho, when, whatRelease management
1972: SCCS (Bell Labs)2000: SVN (Apache)Most commonBloomberg migrated to SVN in 2010Chromium OSSwas using in SVN as of 20102008: GitHub - Git, Gitorious - Git, BitBucket – Mercurial (Distributed)
… SVN is made up of 2 components:ServerClient
…When you join a project and are granted access to the codeThe first thing you will do isStorage = File structureLocal/working vs repo
… Edit code (working copy)
Uploadchangeset to serverAdd, modify, deletesvn add, svnmkdirPublish to everyoneWho, when, is automatically recorded with what.
…Commit creates a new revCreate new, not modifyLatest rev. no. auto-incrementsEach commit results in snapshot of entire file system treeDeletefile = Removea file from future revision, still exists in past revision
Review, track progressWay to communicateList history of changes@Head
…Ifproject is properly structured, an interesting thing to do is2nd dimension
…If you want to get more details on a changesetCompare file and folder changes
…Another use case for diff
…Other developers will be working on same repo at the same timeSync by downloading latestcode from server
…When you do an SVN update, you may run into an interesting scenarioSame portion of the fileShared data w/ concurrent R/W What design change to avoid conflicts?
….When yourun into conflictsContent of working copy need to be selected
…Two common scenariosin soft eng delivery
…During dev, typically @HEADDebug version in the wildFind last revision thatledto release
… Use technique calledtaggingBookmark revision with label
…Here label is “1.0”
Revert to state of codebase to given point in time
… Customer reports bug. Latest release was 1.8, didn’t exist in 1.0Find bug by finding rev that introduced the bugDivide and conquer
Run steps that leads to bug
Customers is on my back
…Another common scenario is maintaining a releaseFix bugsDivert from main line of devIsolation
Main line of dev = trunkEach line has own release, purpose1.xTrunkSwitch to branch
Technically, branch = tagPurpose, branch != tag
…SVN copy: snapshot of revision subtree
Can you spot it?
… Bug fix is branchNeed to port to main line of dev
What to version control?Everything you need to buildSource codeResources (config, properties file, etc.)Exclude Generated (class files)Large files: library binariesStatic filesWhen to commit?Too few VS too many changesCohesiveness What to say?Commit commentsTrunk policyMin requirementDon’t break the trunkEveryone is using itMust compileMust pass unit tests (tests coverage)
StorageCollaboration, communicationRelease managementRecommendation: use oneGoogle codeGithub
…Running your app is necessary in order to testWeb:deployed to web serverMobile:SimulatorDesktop: IDE
…Building your app is necessary in order to deliver to end userReady to useWith build tool, you create script to automate steps to have your app in a deliverable state.Web: deployed to web serverMobile: deliver to app storeDesktop: deliver installer to web or CDDistribute for betaPhone Ad-Hoc build Provisioning Portal
Concept popularized by OSS world in late 90sTight feedbackloop with usersCommon todayAdvocated by GoogleToday’s norm:users expect frequent updatesLS = ~6, 7 production release per monthWhy automate? Expected to build veryoften.
…Projects are expected produce different buildsProduce build for target profileDev: debug, local, unsecuredProd: optimized, cloud/domain, securedProduce build for target platformsWhy automate? Consistentparameterized build.
…In academia, run onlyOr simple build with basic steps: compile, link, package or deployLinked Senior4 web projects2 compiled languagesCloud integration100+ library dependenciesDigital signatureEmail notificationInternal web update500+ lines long with 30+ stepsAmazonLarge companiesDedicated build teamsFirefoxInstructions to run a build gives me a headachehttps://developer.mozilla.org/en-US/docs/Developer_Guide/Build_Instructions?redirectlocale=en-US&redirectslug=Build_DocumentationBefore you can build Firefox, you'll need the build tools listed below and a few gigabytes of free disk space. Builds will be slow unless you have at least 2GB of RAM.Builds do more
Targets = functionTargets can be executed on their own
Built-in ANT tasksArchive TasksAudit/Coverage TasksDeployment TasksDocumentation TasksFile TasksMail TasksSCM Taskshttp://ant.apache.org/manual/tasksoverview.htmlWrite your custom taskExternal ANT tasks (Third party)
Recommendation: do you need to build? Web apps
Have to do itSD storyManualTediousError prone (missed tests)
Beautiful, qualityHappy customers
… Who here has writtennew feature and broken an existingcollaterally?Write code = risk of changing qualityEvolution of codeis unavoidableFramework = easy to run testSafety netRefactor = clarity
Unittesting framework VS integrated1 test per class1 test per componentVery fast
Currency adderRegular java@Test annotationintercepted by JUnit
…Working new feature?Write test first
…Start feature byBDDHelps designTend to write simple code
Easy to changedesignNot restricted by existing classes
…Doc drifts away from code (design changes, new features)Doc often has low priorityTest must passTest must compileTight bond with actual codeSimpleHigh level
Spend as much as possible w/o going over budget
Charles’ turn
Hit / stay
https://linkedsenior.unfuddle.com/a#/projects/4/tickets/by_number/1677I write a test
Excellent steps to reproduceNo crash = doesn’t work as expectedWorst bugs No stacktraceNo starting pointEven with stacktrace, real cause maybe somewhere elseNPEClassCastException
…Searching for cause for bug is painful: That’s why they invented debuggersCowboy style
Short & sweetPragmatic
5 minutesto edit code
Find the cause:95%
When to test?Every time code changesWhy?early feedbackOverkill?So what?
Wasting time running even if automatedHave someone else runs?ToolsSVN client to download codeBuild scriptAutomated tests=> Integrate the 3?
Continuous integrationBuild serverNotify & report
Early feedbackIf fail, still fresh
Web apps: SeleniumJavascript: JasmineRecommendation: Give unit testing a try
Communication with external/internal usersSteps to reproduce are important
Search for dupsReopen bugKB (How did you fix this?)
Not just for bugsNew featureRoadmap featureIdeasNew features come from: users, yourselfHard to keep track
Agile envSmall iterative cyclesListof ticketsAssignTODO list on steroidFocus, track progress
Ticket tied to IDE resource filteringTicket tied to SVN commit comments
… In one cycle, you close 20 tickets for total of 33 pointsIn another cycle, you close 15 tickets for total of 27 pointsTicketing system allows you to track thisVelocity ~= 30 points per cycleVelocity = speed at which you release featureAbility to predict your release scheduleNew feature? When is it going to comeout?Provide better estimates = happy customers
Recommendation: use one even if it’s excel
Streamline communicationStructure your workflowGuidelines