Based on the example of the XWiki Open Source project (http://xwiki.org) this session will describe a number of practices to improve the quality of a Java project. Also, it will show how to implement these practices so that they are automatically checked and enforced. Some examples include: *How to make sure your project does not break binary compatibility unintentionally and, more generally, how to successfully evolve an API without breaking your users; *How to manage the JAR hell and avoid duplication of classes in your application at runtime; *How to automatically control the test coverage and the associated policies; *How to automate functional testing of web applications and how to avoid false-positives that plague any project..
Ensuring OpenStack Version up Compatibility for CloudOpen Japan 2013-05-31Masayuki Igawa
These slides for CloudOpen Japan 2013 (05-31).
http://linuxconcloudopenjapan2013.sched.org/event/b0994396a7b878793f22cc4a0c5b27b7
And, you can download the same at http://events.linuxfoundation.jp/events/cloudopen-japan/program/presentations .
Testcontainers - Geekout EE 2017 presentationRichard North
Unit testing our code on the JVM is well catered for with a lot of great tools that are mature and reliable – things tend to just work. Integrated testing, however, is another matter. Any time we face a situation where we need to involve non-JVM elements in our tests, we’re faced with painful environment setup and repeatability issues. Testcontainers aims to make integrated tests a little less unpleasant, through the power of Docker. Databases, Web browsers – in fact anything available as a Docker image – can be made available as a component to use in our tests.
In this talk, we’ll go through the motivations for building Testcontainers, its features, as well as some examples of using it in practice for testing various types of components.
Internal training at [[XWiki SAS>>http://xwiki.com]] about the Development Practices used by the XWiki SAS product team in charge of developing the XWiki open source project (among other projects). Most of the practices detailed are those from the XWiki open source project, defined on the [[dev subwiki>>dev:Main.WebHome]]. However the slides also provide a glimpse of other development practices that are used to complement the open source practices, such as Roadmap preparation and Stakeholder meetings.
More details at http://www.xwiki.org/xwiki/bin/view/Blog/DevPracticesByXWikiSAS
Ensuring OpenStack Version up Compatibility for CloudOpen Japan 2013-05-31Masayuki Igawa
These slides for CloudOpen Japan 2013 (05-31).
http://linuxconcloudopenjapan2013.sched.org/event/b0994396a7b878793f22cc4a0c5b27b7
And, you can download the same at http://events.linuxfoundation.jp/events/cloudopen-japan/program/presentations .
Testcontainers - Geekout EE 2017 presentationRichard North
Unit testing our code on the JVM is well catered for with a lot of great tools that are mature and reliable – things tend to just work. Integrated testing, however, is another matter. Any time we face a situation where we need to involve non-JVM elements in our tests, we’re faced with painful environment setup and repeatability issues. Testcontainers aims to make integrated tests a little less unpleasant, through the power of Docker. Databases, Web browsers – in fact anything available as a Docker image – can be made available as a component to use in our tests.
In this talk, we’ll go through the motivations for building Testcontainers, its features, as well as some examples of using it in practice for testing various types of components.
Internal training at [[XWiki SAS>>http://xwiki.com]] about the Development Practices used by the XWiki SAS product team in charge of developing the XWiki open source project (among other projects). Most of the practices detailed are those from the XWiki open source project, defined on the [[dev subwiki>>dev:Main.WebHome]]. However the slides also provide a glimpse of other development practices that are used to complement the open source practices, such as Roadmap preparation and Stakeholder meetings.
More details at http://www.xwiki.org/xwiki/bin/view/Blog/DevPracticesByXWikiSAS
Take Control of your Integration Testing with TestContainersNaresha K
Slides from my demonstration titled "Take Control of your Integration Testing with TestContainers". Demonstrates using TestContainers for RDBMS and test driving S3 API with localstack.
San Francisco Java User Group presents Chris Bedford who talks about:
- How to write functional tests with Selenium (including explaining its IDE, architecture, RC, and alternatives like Canoo WebTest)
- How to set up Selenium testing for web apps in continuous integration using Maven, Ant, Cargo, etc.
- How to use Hudson for build server (brief overview)
January 12, 2010 in San Francisco, CA
http://www.sfjava.org/calendar/11982857/
Hosted by SUPINFO International University
Sponsored by TEKsystems, Guidewire Software, Sun, O'Reilly, JetBrains, and Marakana.
Video by Max Walker
Organized by Marakana
A presentation that guides you through the stages of testing your Java enterprise application. Finally it shows you that Arquillian is the best tool for that
Arquillian (http://jboss.org/arquillian) is a test harness that simplifies integration testing using container managed resources.
ShrinkWrap (http://jboss.org/shrinkwrap) is a fluent Java API for dynamically generating deployable archives.
Jenkins is a unique piece of software, lots of people and enterprises use it to deploy and build their software and also their infrastructure. It has tons of plugins, and can do virtually anything. It is important for both devs and ops. This talk will be about how you can automate and test your Jenkins instances. In the past, the tooling around it was not so great, but it has changed. Tools like Jenkins Pipeline and Job DSL plugin has entered the game and are here to stay.
How to test-drive your Qt QML code. Overview on how you do simple testing, UI level testing, synchronous testing, data-driven testing.
These are the slides used on the Tampere MeeGo meetup on March 15, 2011 and text may not be super clear for those who didn't attend the meetup. You can still download the example and examine it.
Finally, easy integration testing with TestcontainersRudy De Busscher
Integration testing is always a difficult area. You need to make sure that all system are connected, data is correctly initialised for each run and test runs do not interfere with each other.
You can do integration testing today, but sometimes these tests are flaky for various reasons or they cannot cover all the cases that you would like to test.
With the Testcontainers project, this issue can be a thing of the past. It allows you to create reliable integration tests covering a wide range of scenarios like database usages, micro services interaction and GUI testing. One of the important factors for the success of this framework is the usage of Docker containers to create a reproducible environment for the test.
How to test-drive your Qt QML code. Overview on how you do simple testing, UI level testing, synchronous testing, data-driven testing.
These are the slides used in the Helsinki MeeGo meetup in 2012.
Selenium is the de facto standard framework for automating websites. This present goes through how to get started with Selenium.
We go through through:
* Setting up the test project using Maven
* Start up Firefox and close it when the test has finished.
* Browsing to a website.
* Find an element.
* Enter text in a textbox.
* Find and click on a link.
Real Java EE Testing with Arquillian and ShrinkWrapDan Allen
Recorded on 2010-04-30 at the Northern Virginia Software Symposium, a stop on the NFJS 2010 tour, this presentation introduces Arquillian, an extension for TestNG and JUnit that provides a component model for tests, making it simple to test real components inside a real container.
Take Control of your Integration Testing with TestContainersNaresha K
Slides from my demonstration titled "Take Control of your Integration Testing with TestContainers". Demonstrates using TestContainers for RDBMS and test driving S3 API with localstack.
San Francisco Java User Group presents Chris Bedford who talks about:
- How to write functional tests with Selenium (including explaining its IDE, architecture, RC, and alternatives like Canoo WebTest)
- How to set up Selenium testing for web apps in continuous integration using Maven, Ant, Cargo, etc.
- How to use Hudson for build server (brief overview)
January 12, 2010 in San Francisco, CA
http://www.sfjava.org/calendar/11982857/
Hosted by SUPINFO International University
Sponsored by TEKsystems, Guidewire Software, Sun, O'Reilly, JetBrains, and Marakana.
Video by Max Walker
Organized by Marakana
A presentation that guides you through the stages of testing your Java enterprise application. Finally it shows you that Arquillian is the best tool for that
Arquillian (http://jboss.org/arquillian) is a test harness that simplifies integration testing using container managed resources.
ShrinkWrap (http://jboss.org/shrinkwrap) is a fluent Java API for dynamically generating deployable archives.
Jenkins is a unique piece of software, lots of people and enterprises use it to deploy and build their software and also their infrastructure. It has tons of plugins, and can do virtually anything. It is important for both devs and ops. This talk will be about how you can automate and test your Jenkins instances. In the past, the tooling around it was not so great, but it has changed. Tools like Jenkins Pipeline and Job DSL plugin has entered the game and are here to stay.
How to test-drive your Qt QML code. Overview on how you do simple testing, UI level testing, synchronous testing, data-driven testing.
These are the slides used on the Tampere MeeGo meetup on March 15, 2011 and text may not be super clear for those who didn't attend the meetup. You can still download the example and examine it.
Finally, easy integration testing with TestcontainersRudy De Busscher
Integration testing is always a difficult area. You need to make sure that all system are connected, data is correctly initialised for each run and test runs do not interfere with each other.
You can do integration testing today, but sometimes these tests are flaky for various reasons or they cannot cover all the cases that you would like to test.
With the Testcontainers project, this issue can be a thing of the past. It allows you to create reliable integration tests covering a wide range of scenarios like database usages, micro services interaction and GUI testing. One of the important factors for the success of this framework is the usage of Docker containers to create a reproducible environment for the test.
How to test-drive your Qt QML code. Overview on how you do simple testing, UI level testing, synchronous testing, data-driven testing.
These are the slides used in the Helsinki MeeGo meetup in 2012.
Selenium is the de facto standard framework for automating websites. This present goes through how to get started with Selenium.
We go through through:
* Setting up the test project using Maven
* Start up Firefox and close it when the test has finished.
* Browsing to a website.
* Find an element.
* Enter text in a textbox.
* Find and click on a link.
Real Java EE Testing with Arquillian and ShrinkWrapDan Allen
Recorded on 2010-04-30 at the Northern Virginia Software Symposium, a stop on the NFJS 2010 tour, this presentation introduces Arquillian, an extension for TestNG and JUnit that provides a component model for tests, making it simple to test real components inside a real container.
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
В ходе доклада мы обсудим такие виды тестирования как:
- юнит тестирование,
- тестирование верстки,
- e2e-тестирование,
- тестирование производительности для FE
Также мы коснемся таких фундаментальных вещей, как:
- Что такое F.I.R.S.T
- Где заканчивается ответственность разработчика и начинает - ответственность QA инженера
- Как договариваться с бэкенд разработчиками
- И конечно, почему тесты нужны.
In this session, you will enter the world of mutation testing. By generating mutants, that is, faulty versions of your code, you can measure how well your tests can detect bugs. You will learn about mutation tools, how they work, and how to get started, as well as when you should consider mutation testing. Want better code that is well tested? Come to this session!
Video and slides synchronized, mp3 and slide download available at http://bit.ly/YUUZug.
Graham Lee discusses strategies and tools for testing iOS apps with a view to uncovering hidden security and usability issues. Filmed at qconlondon.com.
Graham Lee is a security consultant and contract developer, specializing in iOS and Mac OS X application development. He is the author of "Professional Cocoa Application Security", published by Wiley in 2010 and described as a "must read" by someone who isn't even related to him. Graham lives and works in Oxford, UK. Twitter: @iamleeg
Abstract 2: "Advanced testing in action on a Java project"
In 2019 we're all used to writing automated tests in Java projects. It's now time to move up the chain and learn how to implement more complex type of testing.
This talk will demonstrate advanced testing practices used by the XWiki open source project (http://xwiki.org), and using Java, Maven, Docker and Jenkins and more:
* Testing for backward compatibility with Revapi and an associated strategy
* Testing for coverage with Jacoco and defining a viable strategy for slowing improving the situation
* Testing the quality of your tests with Descartes Mutation testing
* Automatically enriching your test suite with DSpot
* Testing various configurations with Docker containers and Jenkins
AOTB2014: Agile Testing on the Java PlatformPeter Pilgrim
Creative Commons 2.0 License
Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales (CC BY-NC-SA 2.0 UK)
https://creativecommons.org/licenses/by-nc-sa/2.0/uk/
Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
This talk about the following:
* TDD
** Is TDD Dead?
** David Heinemeier-Hanson and the controversy
* Java Technology
** If only JUnit tests were this simple
** Java has a some great static analysis tools
** Unfortunatley, these do not work too well in Scala platform
** Guidelines to write tests
* Creative Development in Principle
** Design is a balance
** Inventing your own style
** Avoid lock-in with TDD, use it instead as a design tool
* Scala Technology
** Scala Option
** Function objects
** Pattern matching
** Avoid if and then else and null pointers
* Legacy
** Final advice
This talk was given by Peter Pilgrim, invited speaker to the Agile On The Beach conference on the 5th September, 2014 at Penryn Campus, University of Exeter, Cornwall
Video at https://www.youtube.com/watch?v=nD1eFbql8jg
This talk will demonstrate advanced testing practices used by the XWiki open source project, and using Java, Maven, Docker and Jenkins:
* Testing for backward compatibility with Revapi and an associated strategy
* Testing for coverage with Jacoco and defining a viable strategy for slowing improving the situation
* Testing the quality of your tests with Descartes Mutation testing
Automatically enriching your test suite with DSpot
* Testing various configurations with Docker containers and Jenkins
Slides done for the talk on CodeCeption given during the April London Yii Meetup.
The full screencast of the talk can be viewed here: https://www.youtube.com/watch?v=FclV9ML7bH4
Similar to Implementing quality in Java projects (20)
En tant que développeur, qu'il est bon d'être capable de débugguer sur sa machine un problème survenant en production, dans une configuration spécifique ! C'est ce que permet le framework TestContainers. Il permet de piloter Docker directement depuis ses tests JUnit et donc d'avoir un mécanisme extrêmement efficace pour déployer ses tests fonctionnels dans un environnement donné.
Cette session présentera TestContainers, appliqué à un cas réel avec une démonstration de comment l'utiliser pour effectuer des tests impliquant une base de données, un moteur de Servlet et plus. Au programme: Intégration JUnit5, création d'images Docker custom, enregistrement automatique de vidéos des tests, intégration avec un job Jenkins pipeline pour itérer sur les différentes configurations à tester.
Configuration Testing with Docker & TestContainersVincent Massol
Testing different configuration of your software on the developer machine, directly from your IDE.
Presented at Devoxx FR 2019
Video at https://youtu.be/0TvWv4L_IJM
This talk demonstrates advanced testing practices coming from the STAMP research project and applied to the XWiki open source project:
- Testing for coverage with Jacoco and defining a viable strategy for slowly improving the situation
- Testing the quality of your tests with Descartes Mutation testing
- Automatically enriching your test suite with DSpot
- Testing various configurations with Docker containers and Jenkins
- Generating tests automatically from production stack traces
Creating your own project's Quality DashboardVincent Massol
Presentation held at Softshake 2017.
Shows how to use the XWiki open source project (http://xwiki.org) to develop a quality portal web site for your development projects. We'll start from a clean XWiki instance and configure it and write scripts to have the following features:
* Documentation for your project
* Display JIRA issues
* Display Sonar metrics
* Display Jenkins statuses
* Display Git statistics of your project
* Have an application to perform releases (checklist, release notes)
* Send alerts (mail, IRC, etc) when quality metric thresholds are reached
And more!
Presentation held at Softshake 2017.
When developing a web application, the traditional way is to develop the application from scratch using a general purpose language such as PHP, Grails, Play, Java/JSP, etc.
This presentation shows that a next generation wiki (examples based on XWiki: http://xwiki.org) can be used as a web development platform to develop applications on top of it, providing a strong infrastructure scaffolding to building web applications.
The advantages are similar to those of using an application sever. However whereas an application server offers technical services only, a wiki platform offers higher level services such as content management, rendering, storage, WYSIWYGeditor, user management, and a lot more.
Not only are these services offered, you can develop using them in your traditional IDE or in the runtime, directly in wiki pages. This allows developing web applications extremely quickly, collaboratively and with a fast turnaround time, which is perfect for adhoc web application development.
Leading a Community-Driven Open Source ProjectVincent Massol
Talk presented at Voxxed Luxembourg 2017.
This talk is a return of experience of 20 years developing open source software at the Apache Software Foundation (Jakarta Cactus, Apache Maven), at Codehaus (Cargo) and on the XWiki open source project (last 10 years).
Through the example of the XWiki open source project, the talk will tackle best practices and governance rules for running community-driven open source projects and it'll also tackle the difficult topic of how to run such a project when there are companies making money from the open source project behind the scene.
Examples of topics that will be covered:
* Committership
* Development best practices
* Roadmap definitions
* Fully automating software releases
* Handling companies
* Tracking who's using your project
XWiki SAS est une société qui sponsorise le développement du logiciel open source XWiki (http://xwiki.org).
De plus le développement du logiciel est communautaire et suit les règles de développement de la fondation Apache.
Vincent Massol, directeur technique de XWiki SAS présentera comme la société est organisée de l’intérieur, ses sources de revenus, comment se font les recrutements et quels sont les liens avec le projet open source et les tensions inhérentes entre une société à but commercial et un projet open source communautaire.
XWiki: A web dev runtime for writing web apps @ FOSDEM 2014Vincent Massol
When developing a web application, the traditional way is to develop the application from scratch using a general purpose language such as PHP, Grails, Play, Java/JSP, etc.
This presentation will show that a next generation wiki (examples based on XWiki: http://xwiki.org) can be used as a web development platform to develop applications on top of it, providing a strong infrastructure scaffolding to building web applications.
The advantages are similar to those of using an application sever. However whereas an application server offers technical services only, a wiki platform offers higher level services such as content management, rendering, storage, WYSIWYGeditor, user management, and a lot more.
Not only are these services offered, you can develop using them in your traditional IDE or in the runtime, directly in wiki pages. This allows developing web applications extremely quickly, collaboratively and with a fast turnaround time, which is perfect for adhoc web application development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
1. Implementing Quality
on Java projects
Vincent Massol
Committer XWiki
CTO XWiki SAS
@vmassol
Saturday, April 20, 13
2. Vincent Massol
• Speaker Bio
•CTO XWiki SAS
• Your Projects
•XWiki (community-driven open source project)
•Past: Maven, Apache Cargo, Apache Cactus, Pattern
Testing
• Other Credentials:
•LesCastCodeurs podcast
•Creator of OSSGTP open source group in Paris
Saturday, April 20, 13
4. The XWiki project in summary
• 9 years old
• 28 active
committers
• 7 committers
do 80% of
work
• 700K
NCLOC
• 11 commits/
day
Saturday, April 20, 13
5. Examples of Quality actions
• Coding rules (Checkstyle, ...)
• Test coverage
• Track bugs
• Don’t use Commons Lang 2.x
• Use SLF4J and don’t draw
Log4J/JCL in dependencies
• Automated build
• Automated unit tests
• Stable automated functional
tests
• Ensure API stability
• Code reviews
• License header checks
• Release with Java 6
• Ensure javadoc exist
• Prevent JAR hell
• Release often (every 2 weeks)
• Collaborative design
• Test on supported
environments (DB & Browsers)
Saturday, April 20, 13
13. API Stability - Young APIs
/**
* ...
* @since 5.0M1
*/
@Unstable(<optional explanation>)
public EntityReference createEntityReference(String name,...)
{
...
}
+ max duration for keeping the annotation!
Saturday, April 20, 13
14. API Stability - Next steps
• Annotation or package for SPI?
• Better define when to use the @Unstable
annotation
• Not possible to add a new method to an existing
Interface without breaking compatibility
•Java 8 and Virtual Extension/Defender methods
interface TestInterface {
public void testMe();
public void newMethod() default {
System.out.println("Default from interface"); }
Saturday, April 20, 13
18. Surprising results...
• Commons Beanutils bundles some classes from Commons
Collections, apparently to avoid drawing a dependency to it...
• Xalan bundles a lot of other projects (org/apache/xml/**, org/
apache/bcel/**, JLex/**, java_cup/**, org/apache/regexp/**). In
addition, it even has these jars in its source tree without any
indication about their versions...
• stax-api, geronimo-stax-api_1.0_spec and xml-apis all draw
javax.xml.stream.* classes
• xmlbeans and xml-apis draw incompatible versions of
org.w3c.dom.* classes
14 exceptions in total!
Saturday, April 20, 13
19. Maven: dependency version issue
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>0.9.9</version>
<!-- Depends on org.slf4j:slf4j-api:1.5.0 -->
</dependency>
</dependencies>
Will run logback 0.9.9
with slf4J-api 1.4.0
instead of 1.5.0!
Saturday, April 20, 13
22. The Problem
More bugs reported, overall
quality goes down and harder to
debug software
Saturday, April 20, 13
23. Use Jacoco to fail the build
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution><id>jacoco-prepare</id>
<goals><goal>prepare-agent</goal></goals>
</execution>
<execution><id>jacoco-check</id>
<goals><goal>check</goal></goals>
</execution>
</executions>
<configuration>
<check>
<instructionRatio>${xwiki.jacoco.instructionRatio}</...>
</check>}
Saturday, April 20, 13
24. Strategy
• When devs add code (and thus
tests), increase the TPC percentage
• Put the Jacoco check in “Quality”
Maven Profile
• Have a CI job to execute that
profile regularly
•About 15% overhead compared to build
without checks
• “Cheat mode”: Add easier-to-write
test
Saturday, April 20, 13
25. Quizz Time!
[INFO] --- jacoco-maven-plugin:0.6.2.201302030002:check (jacoco-check)
[INFO] All coverage checks have been met.
[INFO] --- jacoco-maven-plugin:0.6.2.201302030002:check (jacoco-check)
[WARNING] Insufficient code coverage for INSTRUCTION: 75.52% < 75.53%
Step 1: Building on my local machine gives the following:
Step 2: Building on the CI machine gave:
Non determinism! Why?
Saturday, April 20, 13
26. Quizz Answer
private Map componentEntries = new ConcurrentHashMap();
...
for (Map.Entry entry : componentEntries.entrySet())
{
if (entry.getValue().instance == component) {
key = entry.getKey();
oldDescriptor = entry.getValue().descriptor;
break;
}
}
... because the JVM is non deterministic!
Saturday, April 20, 13
28. The Problem
Too many false positives
leading to developers not
paying attention to CI emails
anymore... leading to failing
software
Saturday, April 20, 13
29. False positives examples
• The JVM has crashed
• VNC is down (we run Selenium tests)
• Browser crash (we run Selenium tests)
• Git connection issue
• Machine slowness (if XWiki cannot start under 2 minutes
then it means the machine has some problems)
• Nexus is down (we deploy our artifacts to a Nexus
repository)
• Connection issue (Read time out)
Saturday, April 20, 13
30. Step 1: Groovy PostBuild Plugin (1/2)
def messages = [
[".*A fatal error has been detected by the Java Runtime Environment.*",
"JVM Crash", "A JVM crash happened!"],
[".*Error: cannot open display: :1.0.*",
"VNC not running", "VNC connection issue!"],
...
]
def shouldSendEmail = true
messages.each { message ->
if (manager.logContains(message.get(0))) {
manager.addWarningBadge(message.get(1))
manager.createSummary("warning.gif").appendText(...)
manager.buildUnstable()
shouldSendEmail = false
}
}
Saturday, April 20, 13
31. Step 1: Groovy PostBuild Plugin (2/2)
... continued from previous slide...
if (!shouldSendEmail) {
def pa = new ParametersAction([
new BooleanParameterValue("noEmail", true)
])
manager.build.addAction(pa)
}
Saturday, April 20, 13
32. Step 2: Mail Ext Plugin
import hudson.model.*
build.actions.each { action ->
if (action instanceof ParametersAction) {
if (action.getParameter("noEmail")) {
cancel = true
}
}
}
Pre-send Script
Saturday, April 20, 13
33. Results
+ use the Scriptler plugin to automate configuration for all jobs
Saturday, April 20, 13
35. The Problem
Bugs increasing, even
simple to fix
ones, devs focusing too much on
new features (i.e. scope creep)
vs fixing what exists
Bugs created vs closed
Saturday, April 20, 13
36. Bug Fixing Day
• Every Thursday
• Goal is to close the max number of bugs
• Triaging: Can be closed with Won’t fix,
Duplicate, Cannot Reproduce, etc
• Close low hanging fruits in priority
• Started with last 365 days then with last 547
days and currently with last 730 days (we
need to catch up with 6 bugs!)
Saturday, April 20, 13
39. Parting words
• Slowly add new quality check over time
• Everyone must be on board
• Favor Active Quality (i.e. make the build fail) over
Passive checks
• Be ready to adapt/remove checks if found not useful
enough
• Quality brings some risks:
•Potentially less committers for your project (especially open
source)
Saturday, April 20, 13
40. Be proud of your Quality!
“I have offended God and
mankind because my work
didn't reach the quality it should
have.”
Leonardo da Vinci, on his death bed
Saturday, April 20, 13