A presentation done spontaneously during Droidcon.de 2015.
Shows the trick Opera did - open a web page after uninstalling the binary. Raw meat, C code, included.
Finding and fixing bugs is a major chunk of any developers time. This talk describes the basic rules for effective debugging in any language, but shows how the tools available in PHP can be used to find and fix even the most elusive error
The document discusses extending Nginx functionalities with Lua. It provides an overview of Nginx architecture and how the lua-nginx-module allows running Lua scripts inside Nginx. This provides a powerful and performant programming environment while leveraging Nginx's event-driven architecture. Examples show how to access Nginx variables and APIs from Lua, issue subrequests, and handle requests non-blockingly using cosockets. Libraries like lua-resty-memcached reuse these extensions to build applications in a scalable manner.
The document shows code snippets for integrating Objective-C and Cocoa frameworks like Foundation and Growl with Perl using XS and related modules. It includes examples of registering a Growl application, sending Growl notifications, and handling callbacks from notifications using AnyEvent.
Process monitoring in UNIX shell scriptingDan Morrill
This script monitors a hardcoded process called "ssh" and restarts it if it stops running. It will attempt to restart the process 3 times before reporting a failure. The script logs status messages to a log file called "procmon.log". It uses color codes to identify status messages. The script contains functions to monitor the process, detect failures, and close the script logging the ending status.
This document provides an overview of RabbitMQ internals. It discusses how RabbitMQ uses AMQP and Erlang to provide a messaging broker. Key components include tcp_listener and tcp_acceptor which use prim_inet:async_accept to handle connections, one_for_all and simple_one_for_one supervisors, gen_server2 and priority_queue for request handling, rabbit_log for logging, and rabbit_error_logger which integrates with gen_event. Testing is done with rabbit_tests and common_test/EUnit frameworks.
How to cheat jb detector and detect cheatingHokila Jan
This document contains code snippets to check if a device is jailbroken using several techniques: checking for the existence of files and folders associated with jailbreaking like Cydia.app or /private/var/lib/apt/; checking if the stat function has been hooked by comparing the library it points to; checking if the MobileSubstrate dylib is loaded; checking the DYLD_INSERT_LIBRARIES environment variable. If any of the checks return true, it is determined that the device is jailbroken.
The document provides an overview of common Linux commands and their functions, such as RMDIR to remove empty directories, CHMOD to change file permissions, GREP for pattern matching, FIND to locate files, ECHO to output text, and MORE to view files page by page. It also covers operators like pipes, logical operators, redirection, and command substitution. The document concludes with descriptions of conditional statements like IF/THEN, FOR, WHILE, UNTIL, and CASE that allow scripts to perform actions conditionally.
Legacy applications - 4Developes konferencja, Piotr PasichPiotr Pasich
This document discusses strategies for integrating legacy applications into the Symfony framework. It describes using bundles to namespace the legacy code, autoloading to include the legacy files, and controllers to proxy requests to the legacy application. It also covers testing legacy functionality, using ESI and Varnish for caching parts of pages, and mapping legacy database tables to Doctrine entities. The goal is to modernize the application over time by rewriting specific functionality into Symfony while keeping the legacy system running.
Finding and fixing bugs is a major chunk of any developers time. This talk describes the basic rules for effective debugging in any language, but shows how the tools available in PHP can be used to find and fix even the most elusive error
The document discusses extending Nginx functionalities with Lua. It provides an overview of Nginx architecture and how the lua-nginx-module allows running Lua scripts inside Nginx. This provides a powerful and performant programming environment while leveraging Nginx's event-driven architecture. Examples show how to access Nginx variables and APIs from Lua, issue subrequests, and handle requests non-blockingly using cosockets. Libraries like lua-resty-memcached reuse these extensions to build applications in a scalable manner.
The document shows code snippets for integrating Objective-C and Cocoa frameworks like Foundation and Growl with Perl using XS and related modules. It includes examples of registering a Growl application, sending Growl notifications, and handling callbacks from notifications using AnyEvent.
Process monitoring in UNIX shell scriptingDan Morrill
This script monitors a hardcoded process called "ssh" and restarts it if it stops running. It will attempt to restart the process 3 times before reporting a failure. The script logs status messages to a log file called "procmon.log". It uses color codes to identify status messages. The script contains functions to monitor the process, detect failures, and close the script logging the ending status.
This document provides an overview of RabbitMQ internals. It discusses how RabbitMQ uses AMQP and Erlang to provide a messaging broker. Key components include tcp_listener and tcp_acceptor which use prim_inet:async_accept to handle connections, one_for_all and simple_one_for_one supervisors, gen_server2 and priority_queue for request handling, rabbit_log for logging, and rabbit_error_logger which integrates with gen_event. Testing is done with rabbit_tests and common_test/EUnit frameworks.
How to cheat jb detector and detect cheatingHokila Jan
This document contains code snippets to check if a device is jailbroken using several techniques: checking for the existence of files and folders associated with jailbreaking like Cydia.app or /private/var/lib/apt/; checking if the stat function has been hooked by comparing the library it points to; checking if the MobileSubstrate dylib is loaded; checking the DYLD_INSERT_LIBRARIES environment variable. If any of the checks return true, it is determined that the device is jailbroken.
The document provides an overview of common Linux commands and their functions, such as RMDIR to remove empty directories, CHMOD to change file permissions, GREP for pattern matching, FIND to locate files, ECHO to output text, and MORE to view files page by page. It also covers operators like pipes, logical operators, redirection, and command substitution. The document concludes with descriptions of conditional statements like IF/THEN, FOR, WHILE, UNTIL, and CASE that allow scripts to perform actions conditionally.
Legacy applications - 4Developes konferencja, Piotr PasichPiotr Pasich
This document discusses strategies for integrating legacy applications into the Symfony framework. It describes using bundles to namespace the legacy code, autoloading to include the legacy files, and controllers to proxy requests to the legacy application. It also covers testing legacy functionality, using ESI and Varnish for caching parts of pages, and mapping legacy database tables to Doctrine entities. The goal is to modernize the application over time by rewriting specific functionality into Symfony while keeping the legacy system running.
The document summarizes techniques for Unix programming with Perl, focusing on advanced topics like inter-process communication, signals, and avoiding race conditions. It discusses using IPC::Open3 to avoid deadlocks when communicating between processes via pipes. It also covers how to safely sleep while waiting for a signal using POSIX::pselect or a socketpair to avoid race conditions. Proper error handling for signals is mentioned but not shown.
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
The document discusses using PostgreSQL and JSONB data. It covers installing PostgreSQL, connecting to a database, configuring network access and authentication, creating a database and user, inserting and querying JSONB data using operators like ->> and ->, updating and deleting rows, and creating a functional index to query on fields within the JSONB data.
- The document discusses various aspects of Unix programming using Perl, including handling errors, filehandles after forking processes, and signals.
- It provides examples of how to properly check for errors, avoid resource collisions after forking, and make code cancellable using signals.
- Key topics covered include using the Errno module to check for errors, closing filehandles after forks to prevent sharing issues, and trapping signals like SIGPIPE and SIGTERM.
Talk I've given at True North PHP 2014.
TDD (Test Driven Development) is getting more and more popular. But what can you do to take it to the next level?
What if you could know if your tests are passing every time you save a file without taking your hands off the keyboard. This is what continuous testing gives you.
In this session, we will cover how you can continuously test your PHP application. We will cover
Installation and configuration
Running the tests
Running static analysers
Executing tools that can make your life easier
This document provides an overview of a tutorial and hands-on session about configuration management using Puppet. The session will cover why configuration management is useful, the Puppet DSL for writing configuration files, how Puppet runs work, using Puppet both with and without a master server, and a hands-on demonstration of setting up NTP with Puppet modules.
This document contains test code for testing a Perl module called App::Zamakist. It shows the directory structure of the module with lib/ and t/ directories. It then shows the test workflow: installing dependencies with cpanm, building the module with Makefile.PL and make, and running tests with prove. This provides a high-level overview of how this Perl module is being tested in an automated way.
The document summarizes the steps taken to set up a Django project called "he" on Ubuntu. It shows commands used to install Python, virtualenv, Django and other dependencies. Database setup with PostgreSQL is also demonstrated. An app called "board" is created, with a Post model defined and admin configured. Templates are added and the development server is run. Authentication and registration are implemented along with forms to add new posts. The project is developed iteratively through multiple versions.
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
Firefox OS learnings & visions, WebAPIs - budapest.mobileRobert Nyman
This document summarizes the Firefox OS platform and its APIs. It discusses how Firefox OS uses HTML5, CSS and JavaScript to build apps, and describes various Web APIs for features like notifications, vibration, screen orientation, battery status and more. It also covers app packaging and security levels, and looks at future APIs for areas like NFC, WebRTC and others. Instructions are provided for getting started with Firefox OS development using tools like the simulator and inspector.
Guarding Your Code Against Bugs with Continuous TestingEric Hogue
TDD (Test Driven Development) is getting more and more popular. But what can you do to take it to the next level?
What if you could know if your tests are passing every time you save a file without taking your hands off the keyboard. This is what continuous testing gives you.
In this session, we will cover how you can continuously test your PHP application. We will cover
- Installation and configuration
- Running the tests
- Running static analysers
- Executing tools that can make your life easier
The document discusses deploying a Rails application to Amazon EC2. It explains that the goals are to launch an EC2 instance, connect to it, set up the environment, deploy the application, and profit. It then outlines the plan to launch an instance, connect to it, install necessary packages like Ruby, Rails, and Nginx, configure Nginx and Unicorn, deploy the application using Capistrano, and start the Unicorn process.
Talk given in French at ConFoo 2015
Le TDD (Test Driven Development) gagne en popularité dans la communauté PHP. C’est maintenant une pratique accepté. Mais commencer peut sembler difficile.
Dans cette session, nous allons voir ce qu’est le TDD. Nous allons commencer par voir les principes. Puis les outils utilisés, et comment s’en servir au quotidien. Nous allons aussi voir les difficultés souvent rencontrées et comment les contourner.
Reactive Web - Servlet & Async, Non-blocking I/OArawn Park
This document describes asynchronous programming techniques in Java including threads, executors, futures, and callbacks. It provides examples of making asynchronous API calls using threads, executors, futures that return results, and completion handlers with callbacks. The NotifyApi class is used to make asynchronous calls to get feed and friend notifications.
Node.js is a JavaScript runtime built on Chrome's V8 engine. It allows JavaScript to run on the server-side and is used for building network applications. Some key points about Node.js include:
- It uses an event-driven, non-blocking I/O model that makes it lightweight and efficient.
- Node package manager (npm) allows installation of external packages and libraries.
- Modules are used to organize code into reusable pieces and can be local or installed via npm.
- Testing frameworks like Mocha allow writing unit tests for modules and APIs.
The document describes a presentation about application logging in PHP. It discusses why logging is important, provides code examples of basic logging with error_log() and Monolog, and how to create a custom ApplicationLogger class to consolidate logging functionality. The presentation roadmap indicates it will cover logging introduction, code examples, logging strategy, and conclusions.
This document provides instructions for securing a Debian server including installing openssh for remote access, configuring firewall rules with iptables, restricting services with inetd, adding a warning banner, and removing unnecessary packages. It also mentions configuration files such as /etc/fstab, /etc/hosts.allow, and /etc/hosts.deny that relate to system security.
Puppet Module Reusability - What I Learned from Shipping to the ForgePuppet
A simple search for "puppet-apache" on GitHub returns 70 separate repositories. An awful lot of people are busy reinventing the same configuration wheel. Configuration management tools promise write once, run anywhere code; but writing code that can be used by anyone looks like a lot of work. This presentation aims to show anyone familiar with Puppet how to write reusable modules and importantly how to make them compatible with already shared modules released on the Forge or elsewhere. We'll look at when and why testing a declarative language is actually useful, examples of good and bad modules and how to re-factor puppet code for re-usability. We'll also talk about potential improvements to Puppet that would make reuse easier.
Gareth Rushgrove
Technical Architect, Government Digital Service
Gareth Rushgrove is now a technical architect at the Government Digital Service, part of the UK Government. He is mainly interested in configuration management, infrastructure and platform as a service, deployment and monitoring tooling and the whole devops community. He thinks when used well together these allow you to move really fast, even in tightly controlled environments like Government. When not working, Gareth can be found blogging over on morethanseven.net or uploading code to GitHub. He also curates the Devops Weekly newsletter and occasionally organises community events.
This document provides an introduction to JavaFX 2. It discusses the history of desktop applications in Java, including AWT, Swing, and issues with the old approaches. It then summarizes the announcement and initial challenges of JavaFX 1. It outlines the core concepts of JavaFX 2, including the architecture with Application, Scene, Stage, and FXML. It also briefly discusses controllers, properties, bindings, collections, charts, animation, effects, media, and tools like SceneBuilder and Scenic View.
This C++ program prints out the formula for the quadratic formula in a fraction format over 3 lines, with the variables a, b, c, and d. It outputs the formula to the console and returns 0 at the end, indicating the program executed successfully.
This document summarizes outfits for different daytime activities and evening plans. It describes lightweight pieces like shorts, rompers and lace intimates that are comfortable for mornings. Sweaters and shirtdresses paired with accessories are suggested for transitioning into fall. Stripe dresses and fur coats with clutches or shoulder bags complete evening looks. Various accessories like jewelry, hats, socks and boots add details to the overall styling.
The document summarizes techniques for Unix programming with Perl, focusing on advanced topics like inter-process communication, signals, and avoiding race conditions. It discusses using IPC::Open3 to avoid deadlocks when communicating between processes via pipes. It also covers how to safely sleep while waiting for a signal using POSIX::pselect or a socketpair to avoid race conditions. Proper error handling for signals is mentioned but not shown.
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
The document discusses using PostgreSQL and JSONB data. It covers installing PostgreSQL, connecting to a database, configuring network access and authentication, creating a database and user, inserting and querying JSONB data using operators like ->> and ->, updating and deleting rows, and creating a functional index to query on fields within the JSONB data.
- The document discusses various aspects of Unix programming using Perl, including handling errors, filehandles after forking processes, and signals.
- It provides examples of how to properly check for errors, avoid resource collisions after forking, and make code cancellable using signals.
- Key topics covered include using the Errno module to check for errors, closing filehandles after forks to prevent sharing issues, and trapping signals like SIGPIPE and SIGTERM.
Talk I've given at True North PHP 2014.
TDD (Test Driven Development) is getting more and more popular. But what can you do to take it to the next level?
What if you could know if your tests are passing every time you save a file without taking your hands off the keyboard. This is what continuous testing gives you.
In this session, we will cover how you can continuously test your PHP application. We will cover
Installation and configuration
Running the tests
Running static analysers
Executing tools that can make your life easier
This document provides an overview of a tutorial and hands-on session about configuration management using Puppet. The session will cover why configuration management is useful, the Puppet DSL for writing configuration files, how Puppet runs work, using Puppet both with and without a master server, and a hands-on demonstration of setting up NTP with Puppet modules.
This document contains test code for testing a Perl module called App::Zamakist. It shows the directory structure of the module with lib/ and t/ directories. It then shows the test workflow: installing dependencies with cpanm, building the module with Makefile.PL and make, and running tests with prove. This provides a high-level overview of how this Perl module is being tested in an automated way.
The document summarizes the steps taken to set up a Django project called "he" on Ubuntu. It shows commands used to install Python, virtualenv, Django and other dependencies. Database setup with PostgreSQL is also demonstrated. An app called "board" is created, with a Post model defined and admin configured. Templates are added and the development server is run. Authentication and registration are implemented along with forms to add new posts. The project is developed iteratively through multiple versions.
This document discusses using the prove command-line tool to run tests and other scripts. Prove is a test runner that uses the Test Anything Protocol (TAP) to aggregate results. It can run tests and scripts written in any language by specifying the interpreter with --exec. Extensions other than .t can be run by setting --ext. Prove searches for tests in the t/ directory by default but can run any kind of scripts or tasks placed in t/, such as service monitoring scripts. The .proverc file can save common prove options for a project.
Firefox OS learnings & visions, WebAPIs - budapest.mobileRobert Nyman
This document summarizes the Firefox OS platform and its APIs. It discusses how Firefox OS uses HTML5, CSS and JavaScript to build apps, and describes various Web APIs for features like notifications, vibration, screen orientation, battery status and more. It also covers app packaging and security levels, and looks at future APIs for areas like NFC, WebRTC and others. Instructions are provided for getting started with Firefox OS development using tools like the simulator and inspector.
Guarding Your Code Against Bugs with Continuous TestingEric Hogue
TDD (Test Driven Development) is getting more and more popular. But what can you do to take it to the next level?
What if you could know if your tests are passing every time you save a file without taking your hands off the keyboard. This is what continuous testing gives you.
In this session, we will cover how you can continuously test your PHP application. We will cover
- Installation and configuration
- Running the tests
- Running static analysers
- Executing tools that can make your life easier
The document discusses deploying a Rails application to Amazon EC2. It explains that the goals are to launch an EC2 instance, connect to it, set up the environment, deploy the application, and profit. It then outlines the plan to launch an instance, connect to it, install necessary packages like Ruby, Rails, and Nginx, configure Nginx and Unicorn, deploy the application using Capistrano, and start the Unicorn process.
Talk given in French at ConFoo 2015
Le TDD (Test Driven Development) gagne en popularité dans la communauté PHP. C’est maintenant une pratique accepté. Mais commencer peut sembler difficile.
Dans cette session, nous allons voir ce qu’est le TDD. Nous allons commencer par voir les principes. Puis les outils utilisés, et comment s’en servir au quotidien. Nous allons aussi voir les difficultés souvent rencontrées et comment les contourner.
Reactive Web - Servlet & Async, Non-blocking I/OArawn Park
This document describes asynchronous programming techniques in Java including threads, executors, futures, and callbacks. It provides examples of making asynchronous API calls using threads, executors, futures that return results, and completion handlers with callbacks. The NotifyApi class is used to make asynchronous calls to get feed and friend notifications.
Node.js is a JavaScript runtime built on Chrome's V8 engine. It allows JavaScript to run on the server-side and is used for building network applications. Some key points about Node.js include:
- It uses an event-driven, non-blocking I/O model that makes it lightweight and efficient.
- Node package manager (npm) allows installation of external packages and libraries.
- Modules are used to organize code into reusable pieces and can be local or installed via npm.
- Testing frameworks like Mocha allow writing unit tests for modules and APIs.
The document describes a presentation about application logging in PHP. It discusses why logging is important, provides code examples of basic logging with error_log() and Monolog, and how to create a custom ApplicationLogger class to consolidate logging functionality. The presentation roadmap indicates it will cover logging introduction, code examples, logging strategy, and conclusions.
This document provides instructions for securing a Debian server including installing openssh for remote access, configuring firewall rules with iptables, restricting services with inetd, adding a warning banner, and removing unnecessary packages. It also mentions configuration files such as /etc/fstab, /etc/hosts.allow, and /etc/hosts.deny that relate to system security.
Puppet Module Reusability - What I Learned from Shipping to the ForgePuppet
A simple search for "puppet-apache" on GitHub returns 70 separate repositories. An awful lot of people are busy reinventing the same configuration wheel. Configuration management tools promise write once, run anywhere code; but writing code that can be used by anyone looks like a lot of work. This presentation aims to show anyone familiar with Puppet how to write reusable modules and importantly how to make them compatible with already shared modules released on the Forge or elsewhere. We'll look at when and why testing a declarative language is actually useful, examples of good and bad modules and how to re-factor puppet code for re-usability. We'll also talk about potential improvements to Puppet that would make reuse easier.
Gareth Rushgrove
Technical Architect, Government Digital Service
Gareth Rushgrove is now a technical architect at the Government Digital Service, part of the UK Government. He is mainly interested in configuration management, infrastructure and platform as a service, deployment and monitoring tooling and the whole devops community. He thinks when used well together these allow you to move really fast, even in tightly controlled environments like Government. When not working, Gareth can be found blogging over on morethanseven.net or uploading code to GitHub. He also curates the Devops Weekly newsletter and occasionally organises community events.
This document provides an introduction to JavaFX 2. It discusses the history of desktop applications in Java, including AWT, Swing, and issues with the old approaches. It then summarizes the announcement and initial challenges of JavaFX 1. It outlines the core concepts of JavaFX 2, including the architecture with Application, Scene, Stage, and FXML. It also briefly discusses controllers, properties, bindings, collections, charts, animation, effects, media, and tools like SceneBuilder and Scenic View.
This C++ program prints out the formula for the quadratic formula in a fraction format over 3 lines, with the variables a, b, c, and d. It outputs the formula to the console and returns 0 at the end, indicating the program executed successfully.
This document summarizes outfits for different daytime activities and evening plans. It describes lightweight pieces like shorts, rompers and lace intimates that are comfortable for mornings. Sweaters and shirtdresses paired with accessories are suggested for transitioning into fall. Stripe dresses and fur coats with clutches or shoulder bags complete evening looks. Various accessories like jewelry, hats, socks and boots add details to the overall styling.
The document discusses crowd testing, beta distributions, crash reports, and application analytics services provided by Applause. It also mentions that Applause is hiring and provides contact information. Przemek Jakubczyk's contact information is listed as a senior Android developer at Applause. The document promotes Applause's testing services and indicates they are looking to hire new employees.
The document discusses different options for storing user credentials in Android applications, including using the file system, shared preferences, a database, or the Account Manager. It recommends using the Account Manager, as it is secure, allows for credential sharing between apps from the same developer, and enables sync functionality through a Sync Adapter. The Account Manager handles authentication through Android's authorization proxy and is the recommended solution by Google.
A guide to make crashproof libraries
A tips and tricks presentation for Poznań Android Developer Group.
http://www.meetup.com/Poznan-Android-Developer-Group/events/228107133/
The document describes how to detect when an Android app has been uninstalled using the inotify framework and starting an intent. It involves:
1. Using JNI to call native code from an Android app that uses inotify to monitor a directory for file deletions.
2. When inotify detects an uninstall, the native code forks a new process to start an intent using the am command.
3. This allows detecting the uninstall even after the app process is killed during uninstallation. However, forking from JNI is not recommended and can break the Android activity lifecycle.
iWatch is a real-time filesystem monitoring program that monitors directories and files for changes. It can run as a daemon or from the command line. When changes are detected, it can send email alerts or execute commands. The document provides examples of using iWatch to monitor directories recursively with exceptions, and describes its features like supporting regex filters and an XML configuration file to monitor multiple targets.
An inconvenient truth: Evading the Ransomware Protection in windows 10 @ LeHackSoya Aoyama
How many sites do you use? Is the password long enough and secure? Do not tell me you reused it.
Unfortunately, we have not a memory good enough to remember so many passwords long and secure.
For this reason, there are several companies providing password management applications. However, are they really secure?
I have executed a man-in-the-middle attack against a certain password management application.
Surprisingly, the password was exchanged in plain text between .exe and .dll, and it was very easy to steal it.
The program I created is generic and, under certain conditions, can steal information between all .exe and .dll in Windows.
In this talk, I will demonstrate the actual attack, and provide technical explanations to enable this attack. And finally, I suggest ways to protect other apps from this attack.
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
The document discusses managing shared secrets for applications using basic Unix tools like GPG and the pass password manager. It describes storing secrets in an encrypted password store that multiple developers can access. Secrets like API tokens are added to the store and environment variables are used to access them when running applications without embedding secrets directly in code. The process for initializing a shared password store and adding/removing developer access is also covered.
This document discusses how to detect when an Android app has been uninstalled. It explains that listening for the PACKAGE_REMOVED broadcast does not work reliably because the OS unregisters receivers when the app is removed. Instead, it recommends using inotify to monitor changes to the app's data directory on the file system. The document provides sample code from the Opera browser app that successfully uses this approach with native code to watch for deletion of its data directory, allowing it to detect uninstalls.
This document provides an overview of key Android concepts including:
- Android's history and version timeline from 1.0 to Oreo.
- The Android activity lifecycle including methods like onCreate(), onStart(), onResume(), etc.
- What fragments are in Android and their core lifecycle methods.
- Different types of layouts that can be used in an Android app like RelativeLayout, LinearLayout, etc.
- How to integrate APIs and handle network requests and responses in an Android app.
It also provides code examples and tips for beginners on resources for learning Android development.
The document discusses node.js basics including setting up a development environment, using npm commands, executing JavaScript files, using external files, function scopes, and closures. It provides code examples and explanations of key concepts like requiring modules, exports vs module.exports, and how variable scoping works differently inside and outside of functions in JavaScript.
getID3() is an open source PHP library for extracting metadata from audio and video files. It supports tags, audio formats like MP3 and Ogg Vorbis, and video formats like AVI and MPEG. The documentation describes getID3()'s licensing, usage, supported file formats, returned data structure, requirements, and future plans.
This document proposes a system called "Information Leak Track System" to track how information is leaked after a security incident. It aims to add "fingerprints" or unique location information to data as it moves, to identify the path the information took. Two approaches are discussed: 1) Adding fingerprints to fonts for copy/paste data, and 2) Adding fingerprints to files by modifying the Linux kernel and using extended file attributes. Sample code demonstrates adding MAC addresses and user IDs to file attributes during a CIFS mount. The conclusion notes limitations and seeks other ways to add fingerprints covertly, such as unique file formats or steganography.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Gimli: Server Process Monitoring and Fault AnalysisWez Furlong
Gimli is an Open Source (3-clause BSD License) crash tracing and analysis framework that provides watchdog and tracing support for Linux, Solaris and Darwin.
The watchdog feature enables the process to be respawned in the case of a fault (such as a crash or a hang), and the tracing feature allows collection of information from the faulting process that will allow a software developer to diagnose and resolve the problem, perhaps without having to invoke traditional debugging tools.
While these capabilities are not earth shattering, the Gimli solution tackles this from the perspective of an automated but extensible debugger. The default tracing behavior is to output a stack trace of all threads in the process, unwinding using DWARF-3 debugging information (with traces superior to GDB in some cases). A Gimli aware software package can provide gimli modules that will be run during tracing to gather additional information from the target, for example, to dump out the contents of a circular log buffer as part of the trace file.
This session is aimed at Developers and Systems Administrators and shows how to apply Gimli to your processes, be they written in C or scripted in Perl, PHP or whatever, to take advantage of its watchdog and tracing capabilities. We’ll also touch on creating gimli modules for augmentation of trace files.
This document provides an overview of Gatekeeper, Apple's built-in macOS security feature that aims to block unauthorized code from being installed or run on a user's system. It discusses how Gatekeeper works under the hood, including how it uses file quarantine attributes and the launchservices framework to check for and potentially block execution of apps from untrusted developers. The document also examines ways that Gatekeeper's protections can be bypassed or understood in more detail.
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
MacOS forensics and anti-forensics (DC Lviv 2019) presentation. Prepared specially for DC38032. Prepared by Oleh Levytskyi (https://twitter.com/LeOleg97)
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
Le moyen le plus rapide d'obtenir une réponse d'un Backend est de ne pas l'appeler ;-) Une solution fournie par les "reverse-proxy" me direz-vous, mais pas si simple d'invalider le cache...
Ce talk aborde une fonctionnalité méconnue de Varnish: les tags. Nous verrons comment en tirer partie via les "event listeners" d'une application Symfony standard. Au menu, un cluster de Rasberry Pi, une API, et des données toujours fraîches sous la milliseconde.
Backdooring the web is the cheapest and most hidden way to achieve
persistence on a compromised network, both if you're looking at
privileges on the webapp itself or at executing command to underlying
system.
During the talk, we will discuss the context of a web backdoor: the
environment where she can born and grow up will be defined.
Each environmental aspect will be thoroughly analyzed: where is the best
point of injection, why we choose a specific function or trick, what
permissions are needed, how to trigger the backdoor in a safe, hidden
and reproducible way, and of course what to inject.
The talk will thus present several ways to inject obfuscated and hard to
spot vulnerabilities in PHP code. Shown examples will backdoor CMS
plugins as well as custom code, altering the code and polluting the
webapp ecosystem (read: DBMS and webservers).
The document provides an overview of the Android platform, development environment, application fundamentals, and performance tips. It discusses that Android is based on the Linux kernel and uses Dalvik as its virtual machine. It also summarizes that the application framework includes activities, services, content providers, and broadcast receivers that communicate via intents. Developers use Java and Android SDK tools to build apps in Eclipse or other IDEs that follow common patterns for layouts, views, resources and user experience.
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
The document discusses the Trinidad web server for JRuby applications. It describes how Trinidad can be used to run Rails, Rack, and Spring applications. It also summarizes Trinidad's support for extensions, scheduling jobs, application lifecycles, hot deployment, and integration with Resque. The document concludes by soliciting feedback on potential new features for Trinidad.
This document provides an overview of the Android permission system. It discusses how Android uses a permission model to control access to system resources and protect user privacy and security. Permissions are categorized as normal, dangerous, or signature/system level. The document outlines how permissions are declared in manifest files and enforced at both install-time and runtime via checks by the package manager. It also describes how permissions relate to application sandboxing using Linux users and groups, and how they are checked for various app components like activities, services, and broadcasts.
Similar to How to recognise that the user has just uninstalled your android app (20)
6. Read the broadcast
void onReceive(Context context, Intent intent) {
Bundle bundle = intent.getExtras();
Iterator<String> it =
bundle.keySet().iterator;
while (it.hasNext()) {
String key = it.next();
Log.e("DDD", key +"="+bundle.get(key)); }
7. Usually we see (install)
E/DDD (29199): Dumping Intent start
[android.intent.extra.UID=10089]
[android.intent.extra.user_handle=0]
E/DDD (29199): Dumping Intent end
8. Usually we see (reinstall)
E/DDD (29199): Dumping Intent start
[android.intent.extra.REMOVED_FOR_ALL_USERS=false]
[android.intent.extra.UID=10089]
[android.intent.extra.DATA_REMOVED=false]
[android.intent.extra.REPLACING=true]
[android.intent.extra.user_handle=0]
E/DDD (29199): Dumping Intent end
9. Usually we see (uninstall)
E/DDD (29199): Dumping Intent start
[android.intent.extra.REMOVED_FOR_ALL_USERS=true]
[android.intent.extra.UID=10089]
[android.intent.extra.DATA_REMOVED=true]
[android.intent.extra.user_handle=0]
E/DDD (29199): Dumping Intent end
10. Let’s uninstall our app
and there’s nothing ….
Why ?
OS unregisters listener during removal
11. What Opera does?
It does not listen for package removal
it does some magic ;-)
… not in Java code
26. am command
part of Android system
/system/bin/am
A way to start apps, intents and
whatnot
27. more details
$ ps
USER PID PPID
u0_a91 24318 20265 246900 27716 ffffffff b6edf5cc S
com.opera.max
u0_a91 24337 24318 856 336 c00e4944 b6f72158 S
/data/app-lib/com.opera.max-2/libuo.so
28. The scenario
1. Fork the native process
2. Inside the child process use inotify to watch
a file
3. Watcher is woken up on file deletion. Start
another native process
4. The last process run the ‘am’
(ActivityManager) command to run intent.
30. local.properties
# Location of the SDK. This is only used by Gradle.
# For customization when using a Version Control System,
please read the
sdk.dir=/Users/alek/android-sdk
ndk.dir=/Users/alek/android-ndk-r10e
39. inotify on Linux
int main( int argc, char **argv) {
int length, i = 0;
int fd;
int wd;
char buffer[BUF_LEN];
fd = inotify_init();
printf("fd=%dn", fd);
}
40. inotify on Linux
int main( int argc, char **argv)
{
[...]
wd = inotify_add_watch(fd, "/var/tmp",
IN_MODIFY | IN_CREATE | IN_DELETE);
length = read( fd, buffer, BUF_LEN );
printf("length=%dn", length);
if (length < 0) {
perror("read");
}
41. inotify on Linux
while (i < length) {
struct inotify_event *event = (struct inotify_event*)&buffer[ i];
printf("Event len %dn", event->len);
if (event->len) {
if (event->mask & IN_DELETE) {
if (event->mask & IN_ISDIR) {
printf( "The directory %s was deleted.n", event->name );
} else {
printf( "The file %s was deleted.n", event->name );
44. second attempt, with thread
void
Java_pl_pelotasplus_actionafteruninstall_MainActivity_observer
(JNIEnv* env, jobject thiz)
{
pthread_attr_init(&attr);
pthread_create(&thread, &attr, &observer_thread, NULL);
}
App not blocked but native code stopped when stopping app for
uninstalling
45. third attempt, with fork
void
Java_pl_pelotasplus_actionafteruninstall_MainActivity_observer(JNIEnv* env, jobject thiz)
{
pid_t pid;
pid = fork();
if (pid == 0) {
__android_log_print(ANDROID_LOG_INFO, TAG, "Fork childn");
observer();
}
}
46. start intent, another fork
void startIntent(void) {
pid_t p = fork();
if (p == 0) {
__android_log_print(ANDROID_LOG_INFO, TAG, "startIntent %d", getpid());
system("/system/bin/am start --user 0 -a
android.intent.action.VIEW -d http://droidcon.de");
}
}
49. Moral
> What happens when I call fork() in JNI code? Will this totally break the
> Activity lifecycle model in Android?
Don't do this. Just don't.
--
Dianne Hackborn
Android framework engineer
hack...@android.com
http://markmail.org/message/ruqp2t6gvhnhv654