Abstract
More and more the world runs on software, furthermore software is increasingly controlling devices in the real world. Software failures can now have a greater impact than just loss of data, physical damage and injury are now concerns. While many high reliability specifications exist, such as MISRA and DO-178B, they can be too “heavy” for many projects and are typically domain specific (automotive and airborne systems respectively) and are not used.
This presentation explores various software techniques that can be used to harden a software system and make it more reliable. The presentation also covers key questions to be answered when developing software that interacts with the real world.
Specifically we will be looking at cases where the software needs to be more reliable than “average” but does not justify investment in a formal specification such as MISRA or DO-178B.
Bio
Lloyd Moore is the founder and owner of CyberData Corporation, which provides consulting services in the robotics, machine vision and industrial automation fields. Lloyd has worked in software industry for 25 years. His formal training in biological-based artificial intelligence, electronics, and psychology. Lloyd is also currently the president of the Northwest C++ User’s Group and an organizer of the Seattle Robotics Society Robothon event.
These slides were presented during technical event at my organization. It focuses on overview to find a root cause of the unexpected system down events. It is mainly useful for Linux or Unix system administrators. Here, I tried to cover all aspects of the topic. It took me more than 2 hours to present these slides, but one can also cover these slides within short time-span. Gray background of slides is implemented to hide the company logo and to preserve the confidentially of private template. However, The Knowledge is not restricted :)
Niek Timmers, Riscure B.V.
Cristofaro Mune, Independent Embedded Security Consultant
Fault injection attacks have been historically perceived as high-end attacks not available to most hackers. They used to require expensive tooling and a mysterious mix of skills which resulted them being out of reach for even the most skilled attackers. These days are over as low-cost fault injection tooling is changing the capabilities of the hacking masses at a rapid pace.
Historically, fault injection attacks are used to break cryptographic implementation (e.g. Differential Fault Analysis) or bypassing security checks like performed by a pin verification function. However, nothing prevents them to be used on richer systems like embedded devices or IoT devices. Fault injection attacks can be used to change the intended behavior of hardware and software, due, among the others, to corrupted memory reads and instructions execution.
In this talk we show that fault injection attacks and, more specifically, voltage fault injection, allow escalating privileges from an unprivileged context, in absence of logically exploitable software vulnerabilities. This is demonstrated using practical examples where the control flow of the Linux kernel is influenced in order to gain root privileges. All practical examples are performed on a fully patched Linux operating system, executed by a fast and feature rich System-on-Chip. A live demonstration of Fault Injection is part of the talk.
This document discusses risk-driven development and risk analysis methods for software systems. It describes conducting a risk analysis at each design step to evaluate risks and ensure the design mitigates risks. Failure mode and effects analysis and fault tree analysis are introduced as structured approaches to identify risks from component failures and their effects. The importance of testing is discussed based on the impact of failures. Design options are compared using risk analysis methods to evaluate and select the optimal design.
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward?
Test faster, release faster, get to market faster. Automated testing is the future of software development but all too often the performance and longevity of the tests themselves are an after thought. This lightning talk discusses why they shouldn't be.
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
These slides were presented during technical event at my organization. It focuses on overview to find a root cause of the unexpected system down events. It is mainly useful for Linux or Unix system administrators. Here, I tried to cover all aspects of the topic. It took me more than 2 hours to present these slides, but one can also cover these slides within short time-span. Gray background of slides is implemented to hide the company logo and to preserve the confidentially of private template. However, The Knowledge is not restricted :)
Niek Timmers, Riscure B.V.
Cristofaro Mune, Independent Embedded Security Consultant
Fault injection attacks have been historically perceived as high-end attacks not available to most hackers. They used to require expensive tooling and a mysterious mix of skills which resulted them being out of reach for even the most skilled attackers. These days are over as low-cost fault injection tooling is changing the capabilities of the hacking masses at a rapid pace.
Historically, fault injection attacks are used to break cryptographic implementation (e.g. Differential Fault Analysis) or bypassing security checks like performed by a pin verification function. However, nothing prevents them to be used on richer systems like embedded devices or IoT devices. Fault injection attacks can be used to change the intended behavior of hardware and software, due, among the others, to corrupted memory reads and instructions execution.
In this talk we show that fault injection attacks and, more specifically, voltage fault injection, allow escalating privileges from an unprivileged context, in absence of logically exploitable software vulnerabilities. This is demonstrated using practical examples where the control flow of the Linux kernel is influenced in order to gain root privileges. All practical examples are performed on a fully patched Linux operating system, executed by a fast and feature rich System-on-Chip. A live demonstration of Fault Injection is part of the talk.
This document discusses risk-driven development and risk analysis methods for software systems. It describes conducting a risk analysis at each design step to evaluate risks and ensure the design mitigates risks. Failure mode and effects analysis and fault tree analysis are introduced as structured approaches to identify risks from component failures and their effects. The importance of testing is discussed based on the impact of failures. Design options are compared using risk analysis methods to evaluate and select the optimal design.
Gunter Ollmann, Microsoft
As reverse engineering tools and hacking techniques have improved over the years, software engineers have been forced to bury their secrets deeper down the stack – securing keys and intellectual property first in software, then drivers, on to custom firmware and microcode, and eventually as etchings on the very silicon itself.
For the hackers involved, the skills and tooling needed to extract and monetize these secrets come with ever increasing hurdles and cost. Yet, seemingly as a corollary to Moore’s Law, each year the cost of the tooling drops by half, while access (and desire) doubles. Today, with access to multi-million dollar semiconductor labs that can be rented for as little as $200 per hour, skilled adversaries can physically extract the most prized secrets from the integrated circuits (IC) directly.
Understanding your adversary lies at the crux of every defensive strategy. This session reviews the current generation of tools and techniques used by professional hacking entities to extract the magic numbers, proprietary algorithms, and WORN (Write Once, Read Never) secrets from the chips themselves.
As a generation of bug hunters begin to use such tools to extract the microcode and etched algorithms from the IC’s, we’re about to face new classes of bug and vulnerabilities – lying in (possibly) ancient code – that probably can’t be “patched”. How will we secure secrets going forward?
Test faster, release faster, get to market faster. Automated testing is the future of software development but all too often the performance and longevity of the tests themselves are an after thought. This lightning talk discusses why they shouldn't be.
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Caronne.eu 3rd presentation at 17th nov 2014 meetup FinTech Startups FranceJames Nacass
The document summarizes a presentation given by Jan Kamphuis on integrating data for regulatory reporting. It discusses the challenges of meeting various regulatory reporting requirements and proposes an integrated data approach using master data management, data governance, and a data warehouse to collect, structure, and integrate data from various sources. This would provide a single point of truth, improved analytics and insight, and help ensure compliance with reporting requirements. Kamphuis' company Caronne provides services related to business intelligence, data governance, data warehousing, and analytics to help clients meet their reporting needs.
This document discusses the benefits of private lending through a real estate and auction services company. It states that private lending offers high yields, monthly payments, and security through real estate collateral. Private lending involves trust deed investing and private mortgages, allowing investors to set the rules and act as the bank by lending to qualified borrowers. The process involves the borrower requesting a loan, the broker confirming the deal and introducing the investor, documents being generated, and the investor receiving monthly payments. Risks are minimized through appraisals, qualified attorneys, and insurance. The document promotes current real estate investment opportunities through private lending.
Nieuwe risicomanagement aanpak bij verzekeraars. Strategisch risicomanagement is een onderschoven kindje bij verzekeraars. De RESE aanpak biedt concrete aanknopingspunten die verzekeraars kunnen hanteren bij de implementatie van een risicomanagement raamwerk die naadloos past binnen het strategisch raamwerk.
Presentation given by me over skype on 30.10.2014 for http://appclub.im/events/details/11030
It is a modified version of talk given in Cracow in Poland for Mobiconf 2014 (http://www.slideshare.net/tomaszkustrzynski/092014-mobiconf-2014-v2-39838125)
The first report will be on how the data collected on the basis of the company's managers Shazam to make management decisions, evaluate projects and solve other important issues. Participants should be familiar with basic principles of Kanban methodology to better understand the essence of the report. The presentation will take place via Skype in English.
The Raspberry Pi is an inexpensive ($35), credit card sized computer that is able to run the Linux operating system. The card also contains USB ports, an Ethernet port, camera port, GPIO lines, serial ports, SPI port, HDMI port, and I2C port – just about anything you would want for an inexpensive and very powerful robot controller! Lloyd Moore will show us how to get started with this device. Specifically we'll talk about loading and configuring the operating system, installing the Qt (C++) development system, and controlling some of the ports.
MB-FESCO Trans (MBFT) is a joint venture between Mitsui & Co. and FESCO Transportation Group established in 2004 to provide flexible logistics solutions in Russia. In 2010, MBFT expanded into warehousing and distribution with Mitsui acquiring a 51% stake. MBFT offers transportation services via owned trucks and subcontractors, forwarding of FCL and LCL cargo along FESCO's multimodal corridors, and complex project logistics including long-term warehousing agreements. Notable is MBFT's 45,000 square foot distribution center located 49km from Moscow that aims to efficiently deliver consumer goods to the capital region.
Real Time Debugging - What to do when a breakpoint just won't doLloydMoore
Abstract:
Debugging real time issues present a unique set of challenges and requirements to the developer. Normal debugging techniques such as breakpoints, printf statements and logging frequently fail to locate the problem and can actually make the issue worse. This presentation will examine why common debugging techniques fail when applied to real time issues, and then present tools and techniques which can successfully address the unique challenges of real time debugging.
Bio:
Lloyd Moore is the founder and owner of CyberData Corporation, which provides consulting services in the robotics, machine vision and industrial automation fields. Lloyd has worked in software industry for 25 years, with his formal training in biological based artificial intelligence, electronics, and psychology. Lloyd is also currently the president of NWCPP and organizer of the Seattle Robotics Society Robothon event.
Vereist kapitaal bij Nederlandse zorgverzekeraars staat onder druk. Met de komst van Solvency II is te verwachten dat er verdere opwaartse druk ontstaat op het vereiste kapitaal.
Gebruik van Ondernemingsspecieke parameters (USPs) helpt om een betere inschatting te maken van het werkelijke risicoprofiel met inbegrip van ex ante risicoverevening en ex post compensatiemechanismen.
Microcontrollers represent a highly resource constrained environment. Very small microcontrollers typically have only several K of program space available and several hundred bytes of memory, in addition to very low clock speeds. This talk will look at how to address these resource limitations. Many of the techniques examined also apply to larger / PC class hardware, and can be used to improve the performance for those systems. In addition the techniques explored are also beneficial for optimizing the power consumption of mobile devices and applications.
[mobiconf 2014] Shazam mobile apps - Data Driven Project ManagementTomasz Kustrzynski MSc
Shazam has been growing very fast recently. A lot of this growth happened in the engineering department at London HQ where our mobile apps are being developed.
This talk will go into technicalities of project management techniques we use to keep 100+ MAU a month happy while maintain agility and respond to rapidly changing market situation.
We will talk about data driven Kanban, flow, visual standups, changing requirements and structure of our teams. We will show what metrics we care about, how we measure them and what we do with the results.
You should expect some observations about development of state of art apps useful from product/project manager’s and developer’s perspective.
Abstract:
The Raspberry Pi has become a very popular, inexpensive, credit card sized computer that runs the Linux operating system. The Pi is also, with a bit of help, an excellent controller for robotics projects. This talk will explore the use of the Raspberry Pi, along with an open source Cypress PSoC daughter board, for building a very functional robot. The final goal of this project will be to update the SRS robot with a Raspberry Pi, camera, and Wi-Fi network connection.
This talk builds on several of my previous talks and begins to tie them all together into a functional project. While I won't dive deeply into any of these topics again, the background will be helpful for this talk. Links to my prior talks are:
Getting Started with the Raspberry Pi:
http://www.cyberdata-robotics.com/Presentations/StartingPi/StartingRaspberryPi.pdf
Using the Cypress PSoC Processor:
http://www.cyberdata-robotics.com/Presentations/UsingPSoC.ppt
Using Cypress PSoC Creator:
http://www.cyberdata-robotics.com/Presentations/PsocCreator/Using_PSoC_Creator.ppt
Bio
Lloyd Moore is the founder and owner of CyberData Corporation, which provides consulting services in the robotics, machine vision and industrial automation fields. Lloyd has worked in software industry for 25 years. His formal training in biological-based artificial intelligence, electronics, and psychology. Lloyd is also currently the president of the Northwest C++ User’s Group and an organizer of the Seattle Robotics Society Robothon event.
This talk will cover the USB fundamental needed to implement as USB HID joystick device using the Cypress PSoC 5 processor. The concepts covered by the talk are common to USB communications in general and can be used with other processors as well as implementing other types of devices.
The Cypress PSoC is a programmable “system on chip” device which includes all the functions of a traditional microcontroller, in addition to programmable analog and digital blocks. This combination of resources makes the chip well suited to robotics applications. This will be an introductory talk covering the basic architecture and development tools.
PSoC Creator is the development tool chain for the PSoC 3/5 line of Programmable Systems on Chip. This talk will explore this development environment and create a simple bubble level application using Creator with the PSoC 5 First Touch Starter Kit.
Exception Handling in Python allows programs to handle and recover from errors and unexpected situations gracefully. A try statement runs a block of code and catches any exceptions in except blocks. Even if a statement is syntactically valid, it may cause an error at runtime. Exceptions can be handled through try-except blocks and the finally block is used for cleanup code. Multiprocessing uses multiple processors to run code concurrently for improved speed while multithreading runs multiple threads within a single process using shared memory for lighter resource usage but potential for race conditions.
Performance tuning Grails Applications GR8Conf US 2014Lari Hotari
The document discusses performance tuning for Grails applications. It covers optimizing for latency, throughput, and quality of operations. Key aspects discussed include Amdahl's law, Little's law, profiling tools, common pitfalls, and recommendations for improving performance like eliminating blocking and focusing on feedback cycles. Specific techniques mentioned include optimizing SQL queries, reducing regular expressions, improving caching, and using thread dumps to diagnose production issues.
Defensive programming
Organizing straight-line code
Using Conditionals
Controlling Loops
Unusual Control Structures
Table-Driven Methods
General Control Issues
Layout and Style
Code Tuning Strategies
The document discusses characteristics of good and powerful test automation frameworks. A good framework provides reliability, modularity, error handling, reusability, and reporting. A powerful framework reduces support activities time through features like one touch deployment, zero touch code updates, centralized logging, smart debugging, and hassle-free remote code management. It also improves efficiency through multi-threading, hot pluggable third party scripts, and a results database. The document advocates moving to powerful frameworks rather than just maintaining good frameworks for reduced boredom and sustained innovation.
As one of our primary data stores, we utilize MongoDB heavily. Early last year our DevOps lead, Chris Merz, submitted some of our use cases to 10gen (http://www.10gen.com/events) as fodder for a presentation at the MongoDB conference in Boulder. The presentation went well enough at the Boulder conference that 10gen asked him to give it again at San Francisco, Seattle and again in Boulder.
Hopefully there are some nuggets in this deck that can help you in your quest to dominate MongoDB.
Caronne.eu 3rd presentation at 17th nov 2014 meetup FinTech Startups FranceJames Nacass
The document summarizes a presentation given by Jan Kamphuis on integrating data for regulatory reporting. It discusses the challenges of meeting various regulatory reporting requirements and proposes an integrated data approach using master data management, data governance, and a data warehouse to collect, structure, and integrate data from various sources. This would provide a single point of truth, improved analytics and insight, and help ensure compliance with reporting requirements. Kamphuis' company Caronne provides services related to business intelligence, data governance, data warehousing, and analytics to help clients meet their reporting needs.
This document discusses the benefits of private lending through a real estate and auction services company. It states that private lending offers high yields, monthly payments, and security through real estate collateral. Private lending involves trust deed investing and private mortgages, allowing investors to set the rules and act as the bank by lending to qualified borrowers. The process involves the borrower requesting a loan, the broker confirming the deal and introducing the investor, documents being generated, and the investor receiving monthly payments. Risks are minimized through appraisals, qualified attorneys, and insurance. The document promotes current real estate investment opportunities through private lending.
Nieuwe risicomanagement aanpak bij verzekeraars. Strategisch risicomanagement is een onderschoven kindje bij verzekeraars. De RESE aanpak biedt concrete aanknopingspunten die verzekeraars kunnen hanteren bij de implementatie van een risicomanagement raamwerk die naadloos past binnen het strategisch raamwerk.
Presentation given by me over skype on 30.10.2014 for http://appclub.im/events/details/11030
It is a modified version of talk given in Cracow in Poland for Mobiconf 2014 (http://www.slideshare.net/tomaszkustrzynski/092014-mobiconf-2014-v2-39838125)
The first report will be on how the data collected on the basis of the company's managers Shazam to make management decisions, evaluate projects and solve other important issues. Participants should be familiar with basic principles of Kanban methodology to better understand the essence of the report. The presentation will take place via Skype in English.
The Raspberry Pi is an inexpensive ($35), credit card sized computer that is able to run the Linux operating system. The card also contains USB ports, an Ethernet port, camera port, GPIO lines, serial ports, SPI port, HDMI port, and I2C port – just about anything you would want for an inexpensive and very powerful robot controller! Lloyd Moore will show us how to get started with this device. Specifically we'll talk about loading and configuring the operating system, installing the Qt (C++) development system, and controlling some of the ports.
MB-FESCO Trans (MBFT) is a joint venture between Mitsui & Co. and FESCO Transportation Group established in 2004 to provide flexible logistics solutions in Russia. In 2010, MBFT expanded into warehousing and distribution with Mitsui acquiring a 51% stake. MBFT offers transportation services via owned trucks and subcontractors, forwarding of FCL and LCL cargo along FESCO's multimodal corridors, and complex project logistics including long-term warehousing agreements. Notable is MBFT's 45,000 square foot distribution center located 49km from Moscow that aims to efficiently deliver consumer goods to the capital region.
Real Time Debugging - What to do when a breakpoint just won't doLloydMoore
Abstract:
Debugging real time issues present a unique set of challenges and requirements to the developer. Normal debugging techniques such as breakpoints, printf statements and logging frequently fail to locate the problem and can actually make the issue worse. This presentation will examine why common debugging techniques fail when applied to real time issues, and then present tools and techniques which can successfully address the unique challenges of real time debugging.
Bio:
Lloyd Moore is the founder and owner of CyberData Corporation, which provides consulting services in the robotics, machine vision and industrial automation fields. Lloyd has worked in software industry for 25 years, with his formal training in biological based artificial intelligence, electronics, and psychology. Lloyd is also currently the president of NWCPP and organizer of the Seattle Robotics Society Robothon event.
Vereist kapitaal bij Nederlandse zorgverzekeraars staat onder druk. Met de komst van Solvency II is te verwachten dat er verdere opwaartse druk ontstaat op het vereiste kapitaal.
Gebruik van Ondernemingsspecieke parameters (USPs) helpt om een betere inschatting te maken van het werkelijke risicoprofiel met inbegrip van ex ante risicoverevening en ex post compensatiemechanismen.
Microcontrollers represent a highly resource constrained environment. Very small microcontrollers typically have only several K of program space available and several hundred bytes of memory, in addition to very low clock speeds. This talk will look at how to address these resource limitations. Many of the techniques examined also apply to larger / PC class hardware, and can be used to improve the performance for those systems. In addition the techniques explored are also beneficial for optimizing the power consumption of mobile devices and applications.
[mobiconf 2014] Shazam mobile apps - Data Driven Project ManagementTomasz Kustrzynski MSc
Shazam has been growing very fast recently. A lot of this growth happened in the engineering department at London HQ where our mobile apps are being developed.
This talk will go into technicalities of project management techniques we use to keep 100+ MAU a month happy while maintain agility and respond to rapidly changing market situation.
We will talk about data driven Kanban, flow, visual standups, changing requirements and structure of our teams. We will show what metrics we care about, how we measure them and what we do with the results.
You should expect some observations about development of state of art apps useful from product/project manager’s and developer’s perspective.
Abstract:
The Raspberry Pi has become a very popular, inexpensive, credit card sized computer that runs the Linux operating system. The Pi is also, with a bit of help, an excellent controller for robotics projects. This talk will explore the use of the Raspberry Pi, along with an open source Cypress PSoC daughter board, for building a very functional robot. The final goal of this project will be to update the SRS robot with a Raspberry Pi, camera, and Wi-Fi network connection.
This talk builds on several of my previous talks and begins to tie them all together into a functional project. While I won't dive deeply into any of these topics again, the background will be helpful for this talk. Links to my prior talks are:
Getting Started with the Raspberry Pi:
http://www.cyberdata-robotics.com/Presentations/StartingPi/StartingRaspberryPi.pdf
Using the Cypress PSoC Processor:
http://www.cyberdata-robotics.com/Presentations/UsingPSoC.ppt
Using Cypress PSoC Creator:
http://www.cyberdata-robotics.com/Presentations/PsocCreator/Using_PSoC_Creator.ppt
Bio
Lloyd Moore is the founder and owner of CyberData Corporation, which provides consulting services in the robotics, machine vision and industrial automation fields. Lloyd has worked in software industry for 25 years. His formal training in biological-based artificial intelligence, electronics, and psychology. Lloyd is also currently the president of the Northwest C++ User’s Group and an organizer of the Seattle Robotics Society Robothon event.
This talk will cover the USB fundamental needed to implement as USB HID joystick device using the Cypress PSoC 5 processor. The concepts covered by the talk are common to USB communications in general and can be used with other processors as well as implementing other types of devices.
The Cypress PSoC is a programmable “system on chip” device which includes all the functions of a traditional microcontroller, in addition to programmable analog and digital blocks. This combination of resources makes the chip well suited to robotics applications. This will be an introductory talk covering the basic architecture and development tools.
PSoC Creator is the development tool chain for the PSoC 3/5 line of Programmable Systems on Chip. This talk will explore this development environment and create a simple bubble level application using Creator with the PSoC 5 First Touch Starter Kit.
Exception Handling in Python allows programs to handle and recover from errors and unexpected situations gracefully. A try statement runs a block of code and catches any exceptions in except blocks. Even if a statement is syntactically valid, it may cause an error at runtime. Exceptions can be handled through try-except blocks and the finally block is used for cleanup code. Multiprocessing uses multiple processors to run code concurrently for improved speed while multithreading runs multiple threads within a single process using shared memory for lighter resource usage but potential for race conditions.
Performance tuning Grails Applications GR8Conf US 2014Lari Hotari
The document discusses performance tuning for Grails applications. It covers optimizing for latency, throughput, and quality of operations. Key aspects discussed include Amdahl's law, Little's law, profiling tools, common pitfalls, and recommendations for improving performance like eliminating blocking and focusing on feedback cycles. Specific techniques mentioned include optimizing SQL queries, reducing regular expressions, improving caching, and using thread dumps to diagnose production issues.
Defensive programming
Organizing straight-line code
Using Conditionals
Controlling Loops
Unusual Control Structures
Table-Driven Methods
General Control Issues
Layout and Style
Code Tuning Strategies
The document discusses characteristics of good and powerful test automation frameworks. A good framework provides reliability, modularity, error handling, reusability, and reporting. A powerful framework reduces support activities time through features like one touch deployment, zero touch code updates, centralized logging, smart debugging, and hassle-free remote code management. It also improves efficiency through multi-threading, hot pluggable third party scripts, and a results database. The document advocates moving to powerful frameworks rather than just maintaining good frameworks for reduced boredom and sustained innovation.
As one of our primary data stores, we utilize MongoDB heavily. Early last year our DevOps lead, Chris Merz, submitted some of our use cases to 10gen (http://www.10gen.com/events) as fodder for a presentation at the MongoDB conference in Boulder. The presentation went well enough at the Boulder conference that 10gen asked him to give it again at San Francisco, Seattle and again in Boulder.
Hopefully there are some nuggets in this deck that can help you in your quest to dominate MongoDB.
Grails has great performance characteristics but as with all full stack frameworks, attention must be paid to optimize performance. In this talk Lari will discuss common missteps that can easily be avoided and share tips and tricks which help profile and tune Grails applications.
The document discusses performance tuning for Grails applications. It outlines that performance aspects include latency, throughput, and quality of operations. Performance tuning optimizes costs and ensures systems meet requirements under high load. Amdahl's law states that parallelization cannot speed up non-parallelizable tasks. The document recommends measuring and profiling, making single changes in iterations, and setting up feedback cycles for development and production environments. Common pitfalls in profiling Grails applications are also discussed.
Grails has great performance characteristics but as with all full stack frameworks, attention must be paid to optimize performance. In this talk Lari will discuss common missteps that can easily be avoided and share tips and tricks which help profile and tune Grails applications.
Scripting experts from Inductive Automation cover general best practices that will help you add flexibility and customization to HMI, SCADA, IIoT, and other industrial applications. Some specific tips about using scripting in the Ignition platform will be included as well.
In this webinar, learn more about:
• Common scripting pitfalls and how to avoid them
• The best programming languages to use
• Things to consider before using scripting
• How scripting environments work
• Scripting timesavers
• And more
This document provides an overview of building cloud-ready applications in .NET. It defines what makes an application cloud-ready, discusses common issues with legacy applications, and recommends design patterns and practices to address these issues, including loose coupling, high cohesion, messaging, service discovery, API gateways, and resiliency policies. It includes code examples and links to additional resources.
Scripting experts from Inductive Automation cover general best practices that will help you add flexibility and customization to HMI, SCADA, IIoT, and other industrial applications. Some specific tips about using scripting in the Ignition platform will be included as well.
In this webinar, learn more about:
• Common scripting pitfalls and how to avoid them
• The best programming languages to use
• Things to consider before using scripting
• How scripting environments work
• Scripting timesavers
• And more
Memory leaks in Java can occur due to objects remaining reachable even when no longer needed. The four main causes are unknown references, long-living objects, failure to clean up native resources, and bugs. To detect leaks, one can use verbose GC logging, monitor the Java process, dump the heap to analyze which objects are retaining others, and use profiling tools. Profiling works by insertion of code, sampling, or instrumenting the virtual machine and helps identify where time is being spent and what objects are being allocated.
The document discusses monitors, which are a synchronization mechanism used in operating systems. A monitor is a collection of shared variables and associated procedures that enforce mutual exclusion. Only one process can be active in a monitor at a time. Monitors were developed to make it easier to avoid deadlocks compared to other synchronization methods like semaphores. The document provides examples of how monitors can be used to solve common synchronization problems.
A real-time operating system (RTOS) is an operating system (OS) intended to serve real-time applications that process data as it comes in, typically without buffer delays. Processing time requirements (including any OS delay) are measured in tenths of seconds or shorter increments of time.
This document discusses strategies for hardening Windows operating systems and applications. It provides resources and guidelines for securing Microsoft OS's using tools like the Microsoft Security Compliance Manager and the Center for Internet Security benchmarks. Specific recommendations are given for mitigating risks from Java, Adobe Reader, local administrator passwords, and enabling full disk encryption with BitLocker. Troubleshooting tips are also included for addressing issues that may arise from an OS hardening project.
Cloud Foundry Summit 2015: 12 Factor Apps For OperationsVMware Tanzu
Speakers: Rags Srinivas, EMC; Matt Cowger, EMC
To learn more about Pivotal Cloud Foundry, visit http:///www.pivotal.io/platform-a-as-a-service/pivotal-cloud-foundry.
The document introduces the secure boot pattern, which addresses ensuring the integrity of the software stack loaded on a platform. The pattern uses a chain of trust where each boot stage verifies the integrity of the next stage using cryptographic methods. The root of trust is a first module protected by hardware that verifies the initial integrity. The pattern provides security benefits while introducing complexity and overhead. Variants include authenticated boot, which detects instead of preventing integrity violations.
Boost Your Savings with These Money Management AppsJhone kinadey
A money management app can transform your financial life by tracking expenses, creating budgets, and setting financial goals. These apps offer features like real-time expense tracking, bill reminders, and personalized insights to help you save and manage money effectively. With a user-friendly interface, they simplify financial planning, making it easier to stay on top of your finances and achieve long-term financial stability.
🏎️Tech Transformation: DevOps Insights from the Experts 👩💻campbellclarkson
Connect with fellow Trailblazers, learn from industry experts Glenda Thomson (Salesforce, Principal Technical Architect) and Will Dinn (Judo Bank, Salesforce Development Lead), and discover how to harness DevOps tools with Salesforce.
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...kalichargn70th171
In today's fiercely competitive mobile app market, the role of the QA team is pivotal for continuous improvement and sustained success. Effective testing strategies are essential to navigate the challenges confidently and precisely. Ensuring the perfection of mobile apps before they reach end-users requires thoughtful decisions in the testing plan.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Enhanced Screen Flows UI/UX using SLDS with Tom KittPeter Caitens
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Superpower Your Apache Kafka Applications Development with Complementary Open...Paul Brebner
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...kalichargn70th171
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
Orca: Nocode Graphical Editor for Container OrchestrationPedro J. Molina
Tool demo on CEDI/SISTEDES/JISBD2024 at A Coruña, Spain. 2024.06.18
"Orca: Nocode Graphical Editor for Container Orchestration"
by Pedro J. Molina PhD. from Metadev
Stork Product Overview: An AI-Powered Autonomous Delivery FleetVince Scalabrino
Imagine a world where instead of blue and brown trucks dropping parcels on our porches, a buzzing drove of drones delivered our goods. Now imagine those drones are controlled by 3 purpose-built AI designed to ensure all packages were delivered as quickly and as economically as possible That's what Stork is all about.
How GenAI Can Improve Supplier Performance Management.pdfZycus
Data Collection and Analysis with GenAI enables organizations to gather, analyze, and visualize vast amounts of supplier data, identifying key performance indicators and trends. Predictive analytics forecast future supplier performance, mitigating risks and seizing opportunities. Supplier segmentation allows for tailored management strategies, optimizing resource allocation. Automated scorecards and reporting provide real-time insights, enhancing transparency and tracking progress. Collaboration is fostered through GenAI-powered platforms, driving continuous improvement. NLP analyzes unstructured feedback, uncovering deeper insights into supplier relationships. Simulation and scenario planning tools anticipate supply chain disruptions, supporting informed decision-making. Integration with existing systems enhances data accuracy and consistency. McKinsey estimates GenAI could deliver $2.6 trillion to $4.4 trillion in economic benefits annually across industries, revolutionizing procurement processes and delivering significant ROI.
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...Luigi Fugaro
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
The Role of DevOps in Digital Transformation.pdfmohitd6
DevOps plays a crucial role in driving digital transformation by fostering a collaborative culture between development and operations teams. This approach enhances the speed and efficiency of software delivery, ensuring quicker deployment of new features and updates. DevOps practices like continuous integration and continuous delivery (CI/CD) streamline workflows, reduce manual errors, and increase the overall reliability of software systems. By leveraging automation and monitoring tools, organizations can improve system stability, enhance customer experiences, and maintain a competitive edge. Ultimately, DevOps is pivotal in enabling businesses to innovate rapidly, respond to market changes, and achieve their digital transformation goals.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
2. Appropriate Use of This Presentation
Causes of Failures
Watchdogs
MemoryTechniques
“Safer” Coding Practices
Safe Shutdown Practices
Summary
Overview
3. This presentation is intended to fill a “middle region” between normal
software development practices and formal high reliability specifications
such as: MISRA, DO-178B, PCI-DSS, IEC 62304 and many others.
IF THE PROJECTYOU ARE WORKING ON IS SUBJECT TO FORMAL
RELIABILITY GUIDELINES AND/OR SPECIFICATIONS THIS
PRESENTATION IS NOT FORYOU – FOLLOWTHE APPROPERATE
GUIDELINES TO THE LETTER!
Ok if you are still reading then what is this presentation about? The above
guidelines do not apply to every case and are too “heavy” for many projects.
This presentation will cover techniques that can be used as needed to make
a project better in terms of reliability, but without going so far as to increase
the development cost of the project.
Appropriate Use of this Presentation
4. • Software bugs!!!
• The program does exactly what you said to do, just not what you intended to do!
• Electrical and environmental noise
• Both noisy power lines and stray induced magnetic fields can alter system state
• ESD (static electricity ) can alter memory and register contents randomly
• Operator abuses
• They did WHAT?!?!?!?!?!?!?!?!?
• Resource limitations
• Memory fragmentation, unexpectedly large inputs, unexpectedly long times
• Failures in other parts of the system
• Mechanical changes and/or failures
• Component failures which cascade, but do not fully disable the system
• Networking and communications issues
Causes of Failures
5. • Set the compiler to the most sensitive warning level, and ensure the code
builds with ZERO warnings
• Use of pragmas to clear warnings isVERY debatable, unused variables like the only one
that is a valid case
• Use “safe” libraries
• No “naked” pointers
• Use APIs with length checking to avoid buffer overruns
• Some groups also now have “no naked loops” rule – may not achievable in all cases
• Have an established development and test process
• Use revision control, defect tracking, and whatever else you believe is a “best practice”
• Do code reviews on ALL code – builds team understanding and finds bugs early
• Unit test coverage should be 100% of critical code and as much of non-critical code as
management will afford you
• When there is a failure do a “root cause” analysis and update deficient processes
• The key is to have SOMETHING in place to which improvements can be made over time
This slide is NOT complete as there are MANY talks and debates covering these
topics!
The Basics
6. General Definition: Maintain surveillance over (person, activity, situation)
In our case refers to an independent piece of hardware which monitors the
desired process and either shuts down or resets the desired process if some
condition is not met.
Most common form is the WatchdogTimer, which is a dedicated piece of
hardware which will reset the main processor if it does not see a specific
activity happen within a specified time interval.
The activity is generally toggling an I/O line or writing one or more values to
specific registers.
Two general forms of this: “on chip” and “off chip” – advantages and
disadvantages to both and some feel quite strongly over which is better!
Desktop PC motherboards can also be purchased with watchdog hardware!
Watchdogs
7. Single Stage Watchdog:
• Must toggle a line or write a specific value to a location every X mS to reset
the watchdog timer
• If the watchdog reset event does not happen the watchdog resets the system
/ main processor
Windowed Watchdog:
• Must reset every X mS but not more often then everyY mS
• Protects against more cases than Single Stage Watchdog
Multi-stage Watchdog:
• Must toggle a line high then low, toggle multiple lines or write multiple
specific values to specific locations at some predefined time interval(s)
• Specifics vary from device to device
• Key is that you can ensure multiple locations in your code are executing in the
desired order
Watchdog Behavior
9. DO NOT put watch dog resets into interrupt calls unless the only thing you
care about is verifying that the interrupt is still running!
On-chip watchdogs are typically disabled when in debugging mode, off-chip
watchdogs are not. Typical issue is you connect the debugger, hit a break
point and your system resets!
• Recommended practice – have the reset signal trace on the board
connected by default, but allow for a jumper location.
• On debug boards cut the trace and install the jumper, on production
boards leave the trace alone, and no jumper.
As your code grows and changes the length of time for the watchdog
timeout will also change – keep an eye on this as watchdog resets will look
like system crashes when you are developing!!!
Watchdog Gotchas!
10. Specific regions in memory that are protected by some form of “lockout”.These are typically
assisted by dedicated hardware but can also be emulated with a MMU.
Goal is to prevent accidental writes to some type of critical control.
Various forms of this:
• Location can only been written X clock cycles after reset
• Location can only been written once after reset
• Location is protected by some other location which must have a “key value” currently written
to it
• Note in this case you may NOT want to have the “key access” and “protected value” access in a common routine!
• Remember to always clear the “key value” when you are done updating!
Very commonly used to protect the on-chip watchdog timer, both in terms of configuring the
timer and writing to the reset location.
On chips with FPGA style resources you can also build your own protection to do specifically what
is needed.
Memory (I/O) Lockout Regions
11. In long running systems memory fragmentation becomes a big issue.
Many embedded systems run for years without a reboot and don’t have any
virtual memory system to “hide” fragmentation.
In these cases dynamic memory allocation becomes a source of instability!
Potential solutions:
• Use only static allocations – memory usage known at compile time
• For embedded microcontrollers actually a very desirable solution
• Use only automatic allocations – everything will end up on the stack
• Watch your stack space here – trades fragmentation for stack overflow
• Use dynamic memory allocation but only once at system startup
• If using C++ may want to disable new() and delete() to prevent “hidden” allocations
• Will also preclude using portions of the standard library!
• Use dedicated heap(s) and re-initialize it every so often
Memory Allocation Patterns
12. Data values themselves can change OUTSIDE OF program control!
Most of us are familiar with “overwrite” type problems, however in some
systems this isn’t the only issue. Memory can also be affected by:
• Bad memory locations
• Electrical noise
• Electrostatic discharge (special form of electrical noise)
• Environmental radiation
Note that this may not happen very often but it does happen! Electrostatic
discharge is a particularly common event in many areas, particularly in low
humidity conditions.
Some systems address this issue with ECC memory.
Data Integrity Issues
13. General principle is to keep critical data in a common data structure. Now
you can operate on the data as a set and this gives you some advantages:
• Data can be checked easily
• Sentinel values can be placed into the data structure and tested at regular
intervals – these are constant values through the life of the program
• Whole data structure can be checksum / CRC validated at key points
• Data structure can be “mirrored” and again validated at key points
These techniques work best when the program duty cycle is low, and
checking is done during the idle times.
Can also incorporate this into the watchdog reset routine such that the
watchdog is only reset if the data validation tests pass.
DataValidation Methods
14. Embedded microcontrollers will typically have extra memory which is not
used by the application. System reliability can be improved by properly
filling the memory with specific data:
• Unused RAM can be filled with a given pattern, and that pattern verified
as described in the data validation slide
• Particularly useful to do this just beyond the maximum expected stack
• Unused flash/ROM memory can be filled to trigger a reset or halt if the
program ever jumps out of the defined program region
• This is a processor dependent technique
• Fill memory with NOP instructions – will cause most processors to loop around to
start of memory just like a reset (beware of memory lockouts!)
• Fill memory with “reset” instructions – some processors have this others don’t
• Fill memory with jumps to a common safe halting or reset routine
• Note: Generally DO NOT want to fill memory with HALT instructions! If you just
halt you don’t know the system is in a “safe” state
Memory “Munging”
15. This is a technique where each major step of the program verifies that it was
called from the correct location.
The idea is to abort if any segment of code is called from an unexpected
path. By necessity this will make your program very rigid!
Typically involves some type of check at the beginning of each critical
routine. For a state machine this could simply be checking the prior state as
a precondition to executing the current state.
In the most general case this would be checking the call stack to make sure
the caller is one of an expected set.
StateTracking
16. The general idea here is to have specific boundaries in your program where
you fully check parameters being passed and/or overall system state. Very
similar in concept to threat modeling called “trust boundaries”.
1. Divide your application to specific layers and modules (should be doing
this anyway!)
2. Anytime flow crosses from one layer or module to another any data
being passed gets “sanity checked”
3. Extreme version of this is checking at the entry to EVERY function call –
may not be feasible due to knowledge or time limitations
Has the benefit of pushing “sanity checks” to the various module APIs of the
application where they are most easily accomplished and most easily
verified by code review to exist!
Validation Boundaries
17. Time calculations are a frequent source of “one time” errors, specifically:
• Leap year events
• End of year events
• The 49 day roll-over event (and similar) (32 bit int used as mS timer)
Recommendations:
• Always use full date / time values for calculations
• Use standard libraries for time manipulation, do not invent your own!
• Scale simple counters to have a lifetime of exceeding the maximum
possible lifetime of your program execution
• Battery powered devices, at least 2x expected battery life, assuming batteries come
out and force a reset
• Other devices just use a 64 bit int!Typically gives millions of years – good enough!
Time Calculations
18. Recursion
• Great for solving some types of problems but in general will lead to stack
overflows which are dependent on data values
Threading
• Again great for certain types of problems but getting threading correct is
HARD!!
• In many embedded applications threading can be simulated by the use of
interrupts
• Hardware guarantee of priority
• On some processors only one can be “in flight” at any time
Techniques to Avoid
19. This is a VERY application dependent question – and can go either way!
Error conditions will generally appear to happen at random times, therefore the
state of your system when an error conditions occurs should not be assumed.
• Motors could be on moving machinery
• Heating / cooling elements can be on
• Communication transaction could be in process
General recommendation here is to have ONE routine which places the system
into a “safe condition” for your application.This routine is called at startup and
also called anytime an error condition is detected. Note that this also means the
“safe condition” routine gets tested regularly!
Question of halting or resetting now becomes one of desired behavior – do you
want the process to continue without human intervention?
Can also use “scheduled resets” to improve system reliability.
To Halt orTo Reset?????
20. Register an “exit” function with the language / framework you are using and
redirect to your “safe condition” routine.
This function is called automatically any time the program terminates
normally.
Always terminate the program though a controlled mechanism (do not use
abort() or similar methods).
Catch all top level exceptions so you always exit clean, some don’t like this
but ensures your “safe condition” routine is run at exit.
• For C: int atexit(void (*func)(void) );
• For C++: extern int atexit(void (*func)(void) );
• For C++ 11: extern int atexit(void (*func)(void) ) noexcept;
Note: Not typically available on straight microcontroller environments.
Use an “At Exit” Routine
21. • In real world application errors can come from sources other than
programming bugs.
• Make sure you are following all the “basics” of good coding practices
• Watchdog timers are the most common form of error detection used on
systems, however to get maximum benefit the watchdog needs to be
used correctly.
• Most non-bug related failures come as a result of environmental
influences corrupting memory and there are several techniques available
to detect this condition without having to resort to ECC memory.
• Knowing the expected flow of your program opens up further opportunity
for validation.
Summary