Cross-platform development with Pharo - The PharoLauncher caseESUG
First Name: Christophe
Last Name: Demarey
Email: christophe.demarey@inria.fr
Title: Cross-platform development with Pharo - The PharoLauncher case
Abstract: A lot of people are now building web applications with Pharo.
In this talk, I will show that it is possible to develop native applications for Pharo targeting the main used operating systems.
I will take the case of the Pharo Launcher development to give an insight of how to manage the complexity of cross-platform development.
Bio: Christophe Demarey is research engineer at the Inria, working in tight relation with the RMoD team.
Christophe also initiated Inria Continuous integration and is now leading its evolution.
Christophe participates in the Pharo community since 2012.
His most noticeable contributions in the past months are in the Pharo Launcher, building the next pharo package manager, and in the bootstrap process.
Pharo IoT Installation Improvements and Continuous IntegrationAllex Oliveira
Presented at Pharo Days 2019, Lille, France.
Now you can start with Pharo IoT runtime (PharoThings, TelePharo, ARM VM) in a Raspberry from scratch in less than 10 minutes or in less than 1 minute if your Raspberry Pi has Raspbian already installed. And in less than 1 minute you can run Pharo IoT IDE in your Linux, Window or Mac OSX.
How did we do this?? The answers are in this presentation :)
Take your Raspberry Pi and start now: get.pharoiot.org
The TheFatrat is an easy tool to generate backdoor’s with msfvenom (a part
from metasploit framework) and easy post exploitation attack. This tool
compiles a malware with popular payload and then the compiled malware can
be execute on android, windows, Linux. The malware that created with this tool
also have an ability to bypass most AV software protection. Bypassing the Anti-
Virus or Security Software will allow for a metasploit session between the
attacker and the target without Anti-Virus detecting the malicious payload and
flagging a warning back to the user.
The document discusses techniques for optimizing boot time on i.MX6 systems. It begins with an overview of the typical boot process and available measurement tools. Generic optimization techniques are then presented, such as reducing system size, stripping unnecessary features, and choosing faster storage. Specific optimizations for the bootloader, kernel, and root file system are also covered. The presentation concludes with demonstrations of solutions that achieved boot times under 1 second for critical applications on i.MX6 hardware.
Zhuo Ma, Tencent
USB is one of the most common interface supported on modern computer. Modern OSes offer tons of USB drivers to support frequently used USB device classes. For other 3rd party USB device, Microsoft provide automatic driver downloading and installation via Windows AutoUpdate Service. In this talk, we consider this as a novel attacking surface exposed by Windows.
We are trying to assess the vulnerability in those USB drivers provided via Windows AutoUpdate Service, which can be automatic installed and run after device plugged in. Obviously, these drivers are all designed for real USB device, which have to talk to device during running.
So, the biggest obstacle for assessing these drivers is we can not prepare real USB devices for all of these drivers. To overcome this, We developed a system to emulate these USB device, further, we are trying to fuzz these drivers against our emulated USB device. By using this system, we can fuzz device drivers without the real USB device. In further, we can also precisely fuzz every stage of driver loading. We can feed any custom data to the drivers to trigger vulnerabilities. Also, this system supports IO Control Code fuzz as well. And all in all, all of this progress can be done automatically.
We tested about 6000 drivers, yielded hundreds of crash by fuzzing. IO Control Fuzz also gave a reasonable result. We are going to divide our talk into three parts: the first part is about how we get the list of automatic installed USB drivers, and how to analyze these drivers in automatic ways; the second part is about the fuzzing system we designed, including the architecture of system, ways to emulating devices, key points for designing; the last part will show some vulnerabilities we found by this system.
The document discusses automating anti-virus scanning using MantaRay, a set of Python modules that automate forensic tools. It describes how MantaRay allows examiners to select multiple tools, set options, and run scans without needing to manually run each tool. The document then demonstrates how to add anti-virus scanning capabilities to MantaRay by integrating open-source anti-virus tools like ClamAV, Avast, F-Protect, and BitDefender. It shows how to download, configure, and run the scanners using a configuration file to specify the command line and output formatting for each tool. The results demonstrate MantaRay can recursively scan directories and identify infected files found by each integrated anti-virus scanner
This document provides resources for programming the ESP8266 microcontroller including hardware development boards, software tools like the ESP8266 SDK and RTOS SDK, and discussion forums. It recommends using an Lubuntu virtual machine and lists specific pages on the Espressif BBS for SDK information and setting up a development environment.
Cross-platform development with Pharo - The PharoLauncher caseESUG
First Name: Christophe
Last Name: Demarey
Email: christophe.demarey@inria.fr
Title: Cross-platform development with Pharo - The PharoLauncher case
Abstract: A lot of people are now building web applications with Pharo.
In this talk, I will show that it is possible to develop native applications for Pharo targeting the main used operating systems.
I will take the case of the Pharo Launcher development to give an insight of how to manage the complexity of cross-platform development.
Bio: Christophe Demarey is research engineer at the Inria, working in tight relation with the RMoD team.
Christophe also initiated Inria Continuous integration and is now leading its evolution.
Christophe participates in the Pharo community since 2012.
His most noticeable contributions in the past months are in the Pharo Launcher, building the next pharo package manager, and in the bootstrap process.
Pharo IoT Installation Improvements and Continuous IntegrationAllex Oliveira
Presented at Pharo Days 2019, Lille, France.
Now you can start with Pharo IoT runtime (PharoThings, TelePharo, ARM VM) in a Raspberry from scratch in less than 10 minutes or in less than 1 minute if your Raspberry Pi has Raspbian already installed. And in less than 1 minute you can run Pharo IoT IDE in your Linux, Window or Mac OSX.
How did we do this?? The answers are in this presentation :)
Take your Raspberry Pi and start now: get.pharoiot.org
The TheFatrat is an easy tool to generate backdoor’s with msfvenom (a part
from metasploit framework) and easy post exploitation attack. This tool
compiles a malware with popular payload and then the compiled malware can
be execute on android, windows, Linux. The malware that created with this tool
also have an ability to bypass most AV software protection. Bypassing the Anti-
Virus or Security Software will allow for a metasploit session between the
attacker and the target without Anti-Virus detecting the malicious payload and
flagging a warning back to the user.
The document discusses techniques for optimizing boot time on i.MX6 systems. It begins with an overview of the typical boot process and available measurement tools. Generic optimization techniques are then presented, such as reducing system size, stripping unnecessary features, and choosing faster storage. Specific optimizations for the bootloader, kernel, and root file system are also covered. The presentation concludes with demonstrations of solutions that achieved boot times under 1 second for critical applications on i.MX6 hardware.
Zhuo Ma, Tencent
USB is one of the most common interface supported on modern computer. Modern OSes offer tons of USB drivers to support frequently used USB device classes. For other 3rd party USB device, Microsoft provide automatic driver downloading and installation via Windows AutoUpdate Service. In this talk, we consider this as a novel attacking surface exposed by Windows.
We are trying to assess the vulnerability in those USB drivers provided via Windows AutoUpdate Service, which can be automatic installed and run after device plugged in. Obviously, these drivers are all designed for real USB device, which have to talk to device during running.
So, the biggest obstacle for assessing these drivers is we can not prepare real USB devices for all of these drivers. To overcome this, We developed a system to emulate these USB device, further, we are trying to fuzz these drivers against our emulated USB device. By using this system, we can fuzz device drivers without the real USB device. In further, we can also precisely fuzz every stage of driver loading. We can feed any custom data to the drivers to trigger vulnerabilities. Also, this system supports IO Control Code fuzz as well. And all in all, all of this progress can be done automatically.
We tested about 6000 drivers, yielded hundreds of crash by fuzzing. IO Control Fuzz also gave a reasonable result. We are going to divide our talk into three parts: the first part is about how we get the list of automatic installed USB drivers, and how to analyze these drivers in automatic ways; the second part is about the fuzzing system we designed, including the architecture of system, ways to emulating devices, key points for designing; the last part will show some vulnerabilities we found by this system.
The document discusses automating anti-virus scanning using MantaRay, a set of Python modules that automate forensic tools. It describes how MantaRay allows examiners to select multiple tools, set options, and run scans without needing to manually run each tool. The document then demonstrates how to add anti-virus scanning capabilities to MantaRay by integrating open-source anti-virus tools like ClamAV, Avast, F-Protect, and BitDefender. It shows how to download, configure, and run the scanners using a configuration file to specify the command line and output formatting for each tool. The results demonstrate MantaRay can recursively scan directories and identify infected files found by each integrated anti-virus scanner
This document provides resources for programming the ESP8266 microcontroller including hardware development boards, software tools like the ESP8266 SDK and RTOS SDK, and discussion forums. It recommends using an Lubuntu virtual machine and lists specific pages on the Espressif BBS for SDK information and setting up a development environment.
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
This document discusses techniques for detecting and evading malware analysis sandboxes. It begins by outlining common sandbox detection methods like checking screen resolution, installed software, CPU/system information, and network settings. It then discusses challenges like simulating sleep functions and network connections. The document emphasizes that while evading analysis is possible, manual review remains difficult to defeat. It concludes by advising blue teams to thoroughly test sandboxes and customize them to their environment before purchasing.
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationStefan Esser
Exploiting the iOS Kernel
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled "Targeting the iOS Kernel" already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
Presentation made at DrupalGov Canberra 2014 where I talked about how the Heartbleed OpenSSL vulnerability affected our systems and the path we took to patching the vulnerability.
Snappy Ubuntu Core is the transactionally updated version of Ubuntu that is perfect for Internet of Things and other consumer oriented devices. Come and learn about Snappy, what makes it different and how it can work for you. Then build a demo Snappy application on your own computer and get well on your way to snapping up your own app and shipping in the Ubuntu store!
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IPStefan Esser
With the release of OS X El Capitan Apple has introduced a new protection to the OS X kernel called System Integrity Protection (SIP). The purpose of this new mitigation is to lock down the system from attackers who have already gained root access.
In the first part of this session we will elaborate what exactly SIP tries to protect against and how its features are implemented and integrated into the kernel. In the second part of this presentation we will then dive into obvious shortcomings of this implementation and discuss design weaknesses and actual bugs that allow to bypass it. All weaknesses will be demoed to the audience.
BKK16-406 Ubuntu Core - a snappy platform for Embedded, IoT and 96boards!Linaro
During first part of this session, Alexander will give a technology perspective on the motivation, features and possibilities that Ubuntu's latest rendition has to offer for developers and product makers of smart embedded and IoT devices.
Alexander will walk the audience through the building blocks and core ingredients that make up a snappy solution and will show how snappy unifies concepts found in traditional binary distribution with those observed in modern consumer grade Linux products to make a platform for building modern, smart IoT device products.
During the second half of this session Ricardo Mendoza, lead architect behind snappy Ubuntu Core, will showcase snappy Ubuntu Core running on the 96boards Dragonboard 410c. The showcase will include a bottom-to-top image creation demo taking building blocks from the Ubuntu Core online store in real time, followed by a deployment of the image on the Dragonboard hardware, then a demo of available snaps for the platform.
In his part of the presentation, Ricardo will illustrate how well aligned the concepts behind 96boards and snappy Ubuntu Core are, to show how hand in hand they can become a very versatile platform for all IoT and embedded device manufacturers to quickly bring their products to market and benefit from an expanding ecosystem of applications through the Ubuntu Store.
This document provides an overview and analysis of the Secure Enclave Processor (SEP) found in Apple devices such as the iPhone 5S. It discusses the SEP's hardware design including its dedicated ARM core and peripherals. It describes the SEP's boot process and how it communicates with the main application processor via a secure mailbox. The document outlines the SEPOS operating system used by the SEP which is based on the L4 microkernel. It analyzes aspects of the SEP's security including its memory protection mechanisms and bootloading format.
This presentation goes through an explanation of the architecture, new features and use cases behind Ubuntu Core 16, Ubuntu for IoT.
What you will learn:
★ Lessons learned by Ubuntu in IoT and the need for a new approach to security and software management
★ Choosing the right Operating System for your IoT devices, hardware choices and long-term maintainability
★ How Ubuntu Core is being used by various partners to build solutions across home gateways, industrial, building automation and digital signage
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTCodemotion
This talk is about my experience with the esp8266,low cost device, in an iot context. This device is capable of connect to or create a wireless network, with programmable pin. Topics: - introduction to esp8266 hardware and versions - software and hardware requirements - official firmware and the arduino connection - alternative firmwares - the nodemcu project: api and a sample script - share data with mosquitto - a web client to visualize data - sample project/demo: - sending accelerometer data through esp8266 by mosquitto - visualize realtime data on a web browser
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
This document discusses how drones could potentially be hacked through malware and network attacks. It describes how the Parrot AR.Drone 2.0 communicates over both radio frequency (RC) and WiFi networks and notes vulnerabilities in its protocols and software. Methods for infecting drones are proposed, such as modifying the Android control app to spread malware from a smart device to the drone or between drones when their networks overlap. The document provides technical details about the AR.Drone's hardware, software, and network configuration to support infecting it with malware.
Learn Evothings Studio along with ESP8266Hammad Tariq
The presentation is designed for anyone who want to self-learn Evothings Studio - a mobile app prototyping tool for IoT devices! The presentation also includes step-by-step tutorial to connect and control ESP8266 WiFi module with your iOS/Android mobile app.
Home automation-in-the-cloud-with-the-esp8266-and-adafruit-ioTran Minh Nhut
The document describes building a home automation system using ESP8266 WiFi modules and Adafruit IO cloud service. It involves creating two modules - a sensor module to measure temperature and humidity using a DHT sensor, and a lamp controller module to control a lamp. The modules are programmed using Arduino IDE and code from a GitHub repository. They connect to Adafruit IO to send sensor readings and receive commands to control the lamp remotely over the internet.
Tizen is an open source operating system for mobile and embedded devices. The document discusses security features in Tizen including access control using SMACK labeling, application isolation through privileges and features, and the Content Security Framework for security checks. While Tizen uses SMACK and a two-stage access control model to sandbox web applications, the document notes room for improvement in areas like ASLR and DEP for native applications to prevent vulnerabilities like buffer overflows.
Minha palestra no TDC-Porto Alegre sobre a utilização do Python como a linguagem de programação para o ESP8266, demonstrando desde o processo de gravação do firmware, conexão com o dispositivo e exemplos de programas.
Michele Dionisio & Pietro Lorefice - Developing and testing a device driver w...linuxlab_conf
The document discusses developing and testing a device driver without the physical device. It describes using QEMU to emulate a device and machine. It then discusses developing a Linux device driver for the emulated device, including creating a minimal Linux system and rootfs to test the driver. Various steps are outlined, such as developing a bare metal program for the emulated CPU, adding the emulated device to QEMU, and implementing driver functions like interrupt handling.
Claudio Scordino - Handling mixed criticality on embedded multi-core systemslinuxlab_conf
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
This document discusses using the ESP8266 microcontroller chip for Internet of Things (IoT) projects. It provides an overview of the ESP8266, describing its specifications, common development boards, and power consumption. It also covers how to program the ESP8266 using the Arduino IDE and NodeMCU firmware. The document demonstrates connecting the ESP8266 to WiFi and making HTTP requests. It discusses using the ESP8266 SDK for lower-level programming and FreeRTOS for an RTOS environment. Example code snippets are provided for WiFi, MQTT, and timer tasks.
Getting Started with Embedded Python: MicroPython and CircuitPythonAyan Pahwa
This document provides an introduction to MicroPython and CircuitPython, which allow Python programming on microcontrollers. MicroPython is a stripped-down version of Python 3 that runs directly on microcontrollers. It includes APIs for hardware modules like GPIOs, UART, PWM, etc. CircuitPython is a fork of MicroPython maintained by Adafruit for use on their educational boards. The document discusses supported boards, functions, libraries, and ways to interact with MicroPython boards through the serial REPL, web REPL, file system, emulation, and demos blinking an LED and measuring temperature/humidity.
Emanuele Faranda - Creating network overlays with IoT devices using N2Nlinuxlab_conf
When building a network of communicating IoT devices, it is compulsory to ensure that all the devices are reachable regardless of their IP address and location. This talk is about an open source software named n2n that enables secure communication over a lightweight and secure p2p network overlay.
When building a network of IoT devices, communication topology can be a problem as some of them might be behind a NAT, and some others might be reachable only from certain network nodes. Furthermore the advent of mobile and automotive computing with non persistent addressing will make all this even more challenging. To address all this, usually people use a centralised cloud-based topology that makes the network weak and not optimal, as all the devices have to communicate though this central point instead, when possible, to talk directly. However the cloud does not address privacy and security, in particular when IoT devices are used and developers and not fully aware of security issues: this can be addressed by a network overlay that tackles this problem at network instead that at application level This talk is about an open source, lightweight network overlay software named n2n ( https://github.com/ntop/n2n ) [available for Linux, BSD, MacOS, Windows] developed by the authors, that enables the creation of a persistent network that promotes secure communications even on environments where security is an option, or some communications are prevented by NATs or firewall devices.
This document discusses using Pharo on Raspberry Pi devices. It provides information on running Pharo's ArmVM on Raspberry Pi, libraries for interacting with low-level GPIO pins, and tools for remote development of Pharo images running on Raspberry Pi from another Pharo image. The Pharo IoT project aims to provide higher-level abstractions and tools for remotely programming and debugging physical devices connected to Raspberry Pi boards.
PHARO IoT: Installation Improvements and Continuous IntegrationPharo
1. The document discusses improvements made to the installation process and continuous integration of Pharo IoT.
2. Previously, installing Pharo IoT manually took many steps and was difficult for newcomers. The process has been simplified to take less than 10 minutes with pre-packaged files.
3. Continuous integration was added using Travis CI to automatically build documentation, load libraries, and release packaged files with each code change. This makes the process transparent and easy to contribute to.
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
This document discusses techniques for detecting and evading malware analysis sandboxes. It begins by outlining common sandbox detection methods like checking screen resolution, installed software, CPU/system information, and network settings. It then discusses challenges like simulating sleep functions and network connections. The document emphasizes that while evading analysis is possible, manual review remains difficult to defeat. It concludes by advising blue teams to thoroughly test sandboxes and customize them to their environment before purchasing.
BlackHat USA 2011 - Stefan Esser - iOS Kernel ExploitationStefan Esser
Exploiting the iOS Kernel
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled "Targeting the iOS Kernel" already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
Presentation made at DrupalGov Canberra 2014 where I talked about how the Heartbleed OpenSSL vulnerability affected our systems and the path we took to patching the vulnerability.
Snappy Ubuntu Core is the transactionally updated version of Ubuntu that is perfect for Internet of Things and other consumer oriented devices. Come and learn about Snappy, what makes it different and how it can work for you. Then build a demo Snappy application on your own computer and get well on your way to snapping up your own app and shipping in the Ubuntu store!
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IPStefan Esser
With the release of OS X El Capitan Apple has introduced a new protection to the OS X kernel called System Integrity Protection (SIP). The purpose of this new mitigation is to lock down the system from attackers who have already gained root access.
In the first part of this session we will elaborate what exactly SIP tries to protect against and how its features are implemented and integrated into the kernel. In the second part of this presentation we will then dive into obvious shortcomings of this implementation and discuss design weaknesses and actual bugs that allow to bypass it. All weaknesses will be demoed to the audience.
BKK16-406 Ubuntu Core - a snappy platform for Embedded, IoT and 96boards!Linaro
During first part of this session, Alexander will give a technology perspective on the motivation, features and possibilities that Ubuntu's latest rendition has to offer for developers and product makers of smart embedded and IoT devices.
Alexander will walk the audience through the building blocks and core ingredients that make up a snappy solution and will show how snappy unifies concepts found in traditional binary distribution with those observed in modern consumer grade Linux products to make a platform for building modern, smart IoT device products.
During the second half of this session Ricardo Mendoza, lead architect behind snappy Ubuntu Core, will showcase snappy Ubuntu Core running on the 96boards Dragonboard 410c. The showcase will include a bottom-to-top image creation demo taking building blocks from the Ubuntu Core online store in real time, followed by a deployment of the image on the Dragonboard hardware, then a demo of available snaps for the platform.
In his part of the presentation, Ricardo will illustrate how well aligned the concepts behind 96boards and snappy Ubuntu Core are, to show how hand in hand they can become a very versatile platform for all IoT and embedded device manufacturers to quickly bring their products to market and benefit from an expanding ecosystem of applications through the Ubuntu Store.
This document provides an overview and analysis of the Secure Enclave Processor (SEP) found in Apple devices such as the iPhone 5S. It discusses the SEP's hardware design including its dedicated ARM core and peripherals. It describes the SEP's boot process and how it communicates with the main application processor via a secure mailbox. The document outlines the SEPOS operating system used by the SEP which is based on the L4 microkernel. It analyzes aspects of the SEP's security including its memory protection mechanisms and bootloading format.
This presentation goes through an explanation of the architecture, new features and use cases behind Ubuntu Core 16, Ubuntu for IoT.
What you will learn:
★ Lessons learned by Ubuntu in IoT and the need for a new approach to security and software management
★ Choosing the right Operating System for your IoT devices, hardware choices and long-term maintainability
★ How Ubuntu Core is being used by various partners to build solutions across home gateways, industrial, building automation and digital signage
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTCodemotion
This talk is about my experience with the esp8266,low cost device, in an iot context. This device is capable of connect to or create a wireless network, with programmable pin. Topics: - introduction to esp8266 hardware and versions - software and hardware requirements - official firmware and the arduino connection - alternative firmwares - the nodemcu project: api and a sample script - share data with mosquitto - a web client to visualize data - sample project/demo: - sending accelerometer data through esp8266 by mosquitto - visualize realtime data on a web browser
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
This document discusses how drones could potentially be hacked through malware and network attacks. It describes how the Parrot AR.Drone 2.0 communicates over both radio frequency (RC) and WiFi networks and notes vulnerabilities in its protocols and software. Methods for infecting drones are proposed, such as modifying the Android control app to spread malware from a smart device to the drone or between drones when their networks overlap. The document provides technical details about the AR.Drone's hardware, software, and network configuration to support infecting it with malware.
Learn Evothings Studio along with ESP8266Hammad Tariq
The presentation is designed for anyone who want to self-learn Evothings Studio - a mobile app prototyping tool for IoT devices! The presentation also includes step-by-step tutorial to connect and control ESP8266 WiFi module with your iOS/Android mobile app.
Home automation-in-the-cloud-with-the-esp8266-and-adafruit-ioTran Minh Nhut
The document describes building a home automation system using ESP8266 WiFi modules and Adafruit IO cloud service. It involves creating two modules - a sensor module to measure temperature and humidity using a DHT sensor, and a lamp controller module to control a lamp. The modules are programmed using Arduino IDE and code from a GitHub repository. They connect to Adafruit IO to send sensor readings and receive commands to control the lamp remotely over the internet.
Tizen is an open source operating system for mobile and embedded devices. The document discusses security features in Tizen including access control using SMACK labeling, application isolation through privileges and features, and the Content Security Framework for security checks. While Tizen uses SMACK and a two-stage access control model to sandbox web applications, the document notes room for improvement in areas like ASLR and DEP for native applications to prevent vulnerabilities like buffer overflows.
Minha palestra no TDC-Porto Alegre sobre a utilização do Python como a linguagem de programação para o ESP8266, demonstrando desde o processo de gravação do firmware, conexão com o dispositivo e exemplos de programas.
Michele Dionisio & Pietro Lorefice - Developing and testing a device driver w...linuxlab_conf
The document discusses developing and testing a device driver without the physical device. It describes using QEMU to emulate a device and machine. It then discusses developing a Linux device driver for the emulated device, including creating a minimal Linux system and rootfs to test the driver. Various steps are outlined, such as developing a bare metal program for the emulated CPU, adding the emulated device to QEMU, and implementing driver functions like interrupt handling.
Claudio Scordino - Handling mixed criticality on embedded multi-core systemslinuxlab_conf
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
This document discusses using the ESP8266 microcontroller chip for Internet of Things (IoT) projects. It provides an overview of the ESP8266, describing its specifications, common development boards, and power consumption. It also covers how to program the ESP8266 using the Arduino IDE and NodeMCU firmware. The document demonstrates connecting the ESP8266 to WiFi and making HTTP requests. It discusses using the ESP8266 SDK for lower-level programming and FreeRTOS for an RTOS environment. Example code snippets are provided for WiFi, MQTT, and timer tasks.
Getting Started with Embedded Python: MicroPython and CircuitPythonAyan Pahwa
This document provides an introduction to MicroPython and CircuitPython, which allow Python programming on microcontrollers. MicroPython is a stripped-down version of Python 3 that runs directly on microcontrollers. It includes APIs for hardware modules like GPIOs, UART, PWM, etc. CircuitPython is a fork of MicroPython maintained by Adafruit for use on their educational boards. The document discusses supported boards, functions, libraries, and ways to interact with MicroPython boards through the serial REPL, web REPL, file system, emulation, and demos blinking an LED and measuring temperature/humidity.
Emanuele Faranda - Creating network overlays with IoT devices using N2Nlinuxlab_conf
When building a network of communicating IoT devices, it is compulsory to ensure that all the devices are reachable regardless of their IP address and location. This talk is about an open source software named n2n that enables secure communication over a lightweight and secure p2p network overlay.
When building a network of IoT devices, communication topology can be a problem as some of them might be behind a NAT, and some others might be reachable only from certain network nodes. Furthermore the advent of mobile and automotive computing with non persistent addressing will make all this even more challenging. To address all this, usually people use a centralised cloud-based topology that makes the network weak and not optimal, as all the devices have to communicate though this central point instead, when possible, to talk directly. However the cloud does not address privacy and security, in particular when IoT devices are used and developers and not fully aware of security issues: this can be addressed by a network overlay that tackles this problem at network instead that at application level This talk is about an open source, lightweight network overlay software named n2n ( https://github.com/ntop/n2n ) [available for Linux, BSD, MacOS, Windows] developed by the authors, that enables the creation of a persistent network that promotes secure communications even on environments where security is an option, or some communications are prevented by NATs or firewall devices.
This document discusses using Pharo on Raspberry Pi devices. It provides information on running Pharo's ArmVM on Raspberry Pi, libraries for interacting with low-level GPIO pins, and tools for remote development of Pharo images running on Raspberry Pi from another Pharo image. The Pharo IoT project aims to provide higher-level abstractions and tools for remotely programming and debugging physical devices connected to Raspberry Pi boards.
PHARO IoT: Installation Improvements and Continuous IntegrationPharo
1. The document discusses improvements made to the installation process and continuous integration of Pharo IoT.
2. Previously, installing Pharo IoT manually took many steps and was difficult for newcomers. The process has been simplified to take less than 10 minutes with pre-packaged files.
3. Continuous integration was added using Travis CI to automatically build documentation, load libraries, and release packaged files with each code change. This makes the process transparent and easy to contribute to.
Pharo IoT is a framework that allows running Pharo on IoT devices and controlling hardware through libraries like PharoThings. It includes a remote IDE, inspector, and playground to interact with devices over the network. Recent improvements have focused on easy installation, code improvements, and supporting new sensors. Current and future work involves collaborative development, example projects, documentation, and tools to facilitate IoT development with Pharo.
This document discusses how to create a smart home system using Android and open source software. It describes OpenRemote (OR) software which can be used to control devices over different protocols from a phone app. The Itach WF2IR hardware allows sending infrared signals to devices from an Android device. The document provides steps to set up the OR controller and app, configure the WF2IR, integrate commands, and troubleshoot issues. It also discusses using the Android Open Accessory Development Kit to control robots with an Android device.
Republic of IoT 2018 - ESPectro32 and NB-IoT WorkshopAlwin Arrasyid
This document discusses NB-IoT and an ESPectro32 workshop. It introduces NB-IoT as a low power wide area network technology for IoT. It describes the ESPectro32 board and how to set up a development environment. It also discusses connecting the ESPectro32 to an NB-IoT backpack module to send telemetry data via NB-IoT networks. Code examples are provided for sending AT commands and communicating with an NB-IoT network using HTTP and MQTT protocols.
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
From the internet of things to the web of things courseDominique Guinard
This document provides an overview and introduction to the Web of Things (WoT). It begins with definitions of key IoT concepts like embedded devices, sensors and actuators. It then covers networking protocols for IoT including LPWAN. The main part of the document focuses on the WoT, including its key aspects of the Access, Find, Share and Compose layers. It provides examples of using APIs and semantic models to represent IoT devices on the web. Labs are suggested to experiment with programming IoT devices and creating mashups using tools like Node-RED and IFTTT. Overall the document serves as a high-level tutorial introducing important WoT concepts and technologies.
This document discusses securing the Internet of Things (IoT). It notes that IoT devices differ from traditional devices in ways that impact security, such as limited ability to update firmware. It recommends not relying on security through obscurity and discusses practical crypto implementations for small devices. The document also covers securing communication protocols like MQTT, CoAP and DTLS, as well as approaches like OAuth2 for authentication without passwords on devices. It describes a demonstration of using OAuth2 with MQTT to limit a device's access to an API by giving it a revocable token rather than a static password.
The document provides an overview of Internet of Things (IoT) technologies including hardware platforms, communication protocols, and programming languages that can be used to develop IoT solutions. It discusses common hardware devices like Arduino, Raspberry Pi, and Intel Edison. It also covers the LoRa wireless communication protocol and how it can be used with sensors. Finally, it gives examples of IoT applications and envisions future advancements in areas like battery life, networking, and data analytics.
The document provides an overview of Internet of Things (IoT) technologies including hardware platforms, communication protocols, and programming languages that can be used to develop IoT solutions. It discusses common hardware devices like Arduino, Raspberry Pi, and Intel Edison. It also covers the LoRa wireless protocol for long range communication and provides examples of using Java and Node.js on Raspberry Pi for IoT. Finally, it discusses potential business applications of IoT and envisions continued improvements in areas like batteries, networks, sensors, and data analytics.
This document provides an overview of setting up an Intel IoT Developer Kit including the hardware components, installing software, and running sample codes. It discusses the Galileo and Edison boards, microSD cards, IDEs, MRAA and UPM libraries, and connecting devices. It also demonstrates how to set up environments for C/C++ with Eclipse, JavaScript with XDK, and Arduino, and describes where to find documentation and sample codes for getting started with the kits and sensors.
The document discusses Mozilla's Firefox OS and open hardware initiatives. It describes Firefox OS running on various devices including smartphones, smart home devices, and single-board computers. It provides details on Mozilla's CHIRIMEN open hardware board, including its specifications and software features. CHIRIMEN allows controlling devices via web technologies and its APIs. Mozilla's goals are to develop methods for controlling hardware via web and apply open source software ideas to hardware. It aims to spread these ideas through education and demonstrations.
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
Srikanth Pilli has over 6 years of experience in embedded software development. He has expertise in C/C++, Python, Linux kernel driver development, video streaming, and networking. He has worked on projects involving home automation, surveillance systems, and embedded device development. His skills include embedded Linux systems, microcontroller programming, real-time protocols, and tools like Git. He holds an M.Tech in embedded systems and postgraduate diplomas in embedded systems and electronics.
West is a command line tool that manages Zephyr projects. It initializes workspaces, updates repositories, and provides commands for common development tasks like building, flashing, and debugging. West separates the core tool functionality from Zephyr-specific extensions, allowing it to manage multiple projects. When initializing a workspace, West clones the main Zephyr repository and any dependencies, creating a reproducible development environment.
Workshop: Identifying concept inventories in agile programmingESUG
This document discusses the development of a concept inventory to identify common misconceptions in agile programming and object-oriented development. The project aims to strengthen collaboration between INRIA/Lille and ÉTS/UQAM by creating a concept inventory that can be used to improve teaching of agile development with object-oriented languages like TypeScript, JavaScript, and Pharo. The methodology involves identifying misconceptions, proposing a concept inventory, and validating it in courses by measuring understanding before and after instruction. A workshop will help identify initial misconceptions in Smalltalk/Pharo by capturing them in a collaborative tool.
This document proposes integrating documentation into the Pharo language metamodel and environment to improve documentation support. It suggests making documentation first-class citizens in Pharo by providing built-in support and a minimal API, which would allow tight integration with development tools and future extensions without requiring grammar changes or large efforts. This could improve documentation quality by enabling direct references between code and documentation and automatic logging of documentation usage.
The Pharo Debugger and Debugging tools: Advances and RoadmapESUG
This document outlines advances and the roadmap for debugging tools in Pharo. It discusses recent improvements to the debugging infrastructure, including architectural changes and new debugging commands. It also describes upcoming work, such as additional infrastructure improvements, an emergency debugger, support for meta-object protocols, a redesigned user experience, a remote debugger, and improved documentation. The document concludes by inviting participants to help evaluate new debugging experiments.
The document describes Sequence, a pipeline modeling and discrete event simulation framework developed in Pharo Smalltalk. Sequence allows describing system resources, building blocks that use those resources, assembling scenarios from blocks, collecting information during simulated runs, and interactively exploring system traces. The framework implements a discrete event simulation engine with event streams that model periodic processes and resources. Sequence provides tools for evaluating system performance through simulation before complete hardware is available.
Migration process from monolithic to micro frontend architecture in mobile ap...ESUG
This document discusses migrating a monolithic mobile application called CARL Touch to a micro frontend architecture. It presents a migration process involving three steps: 1) analysis of the monolithic codebase, 2) identification of potential micro frontends, and 3) transformation of the codebase to implement the identified micro frontends. Previous experiments at Berger-Levrault involving two teams migrating CARL Touch provided insights. The proposed process uses static and dynamic analysis, code visualization and clustering techniques to help identify optimal micro frontends and transform the codebase in a semi-automated manner.
Analyzing Dart Language with Pharo: Report and early resultsESUG
This document summarizes an analysis of the Dart programming language using tools in the Pharo environment. It describes generating a parser for Dart using SmaCC, which produces an AST. It also details defining a Famix meta-model for Dart and the Chartreuse-D importer that creates a FamixDart model from the AST. Future work is outlined, including improving SmaCCDart, continuing to develop the FamixDart meta-model, and handling dynamic types when importing associations. The goal is to analyze Dart and explore modeling Flutter applications.
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6ESUG
This document summarizes research on transpiling Pharo classes to JavaScript using ECMAScript 5 versus ECMAScript 6. It finds that transpiling to ES6 provides benefits like significantly faster load times, improved benchmark performance up to 43%, and more idiomatic code compared to ES5. However, fully emulating Smalltalk semantics like metaclass inheritance remains challenging when targeting JavaScript.
The document presents an approach for automated test generation from software models and execution traces. Key aspects of the approach include using metamodels to represent the codebase, values, and desired unit test structure. Models are built from the codebase and traces, then transformations are applied to generate unit tests conforming to the test metamodel. Abstract syntax trees are used to export the generated tests to code. The approach aims to generate tests that are relevant, readable and maintainable without relying on existing tests. An example demonstrates generating a JUnit test from an application class.
Genetic programming is used to generate unit tests by evolving test code via genetic algorithms to maximize coverage. Tests are represented as chromosomes of object and message statements. The genetic algorithm selects tests based on coverage, combines tests through crossover, and replaces tests in the population over generations to find optimal test sequences. Future work includes improving path exploration and comparing with other test generation tools.
Threaded-Execution and CPS Provide Smooth Switching Between Execution ModesESUG
Threaded execution and continuation-passing style (CPS) allow for smooth switching between execution modes in Zag Smalltalk. Threaded execution interprets code as a sequence of addresses like bytecode but is 2.3-4.7 times faster, while CPS passes continuations explicitly like in functional languages and is 3-5 times faster than bytecode. Both approaches allow fallback to debugging. The implementation shares context and stack between modes to easily switch with proper object structures.
Exploring GitHub Actions through EGAD: An Experience ReportESUG
This document summarizes an experience report on exploring GitHub Actions through EGAD, a tool for GitHub Action analysis. It discusses three key lessons learned: 1) Composing a story by documenting tasks and linking documentation to code, 2) Navigating custom views to conduct research, and 3) Supporting onboarding of researchers by assigning mentors, scheduling meetings, and encouraging use of resources. EGAD takes workflow YAML files, wraps them in a domain model to provide context, and allows inspecting examples to fully explore the GitHub Actions domain model.
Pharo: a reflective language A first systematic analysis of reflective APIsESUG
This document analyzes the reflective features and APIs in Pharo, a reflective programming language. It presents a catalog of Pharo's reflective APIs and analyzes how they relate to metaobjects. The analysis highlights areas for potential improvement, such as providing solutions for intercession on state reads/writes and addressing constraints when changing an object's class. The document contributes to understanding Pharo's reflective design and its evolution over time.
The document discusses garbage collector tuning for applications with pathological allocation patterns. It begins by explaining the motivation and issues caused by pathological patterns, such as applications taking over an hour and a half to run. It then provides an overview of garbage collection and how allocation patterns can impact performance. The document dives into two specific tuning techniques - increasing the full GC threshold to prevent premature full GCs from being triggered, and increasing the tenuring threshold to avoid large objects residing in the remembered set and slowing down scavenges. These tunings resulted in significant performance improvements for the sample DataFrame application, reducing the run time from over an hour and a half to around seven minutes.
Improving Performance Through Object Lifetime Profiling: the DataFrame CaseESUG
This document discusses improving garbage collection performance in Pharo through object lifetime profiling. It presents Illimani, a lifetime profiler developed for Pharo. Illimani was used to profile the lifetimes of objects created when loading a large DataFrame. The profiling revealed that most objects had short lifetimes, suggesting the garbage collector could be tuned. Tuning the garbage collector parameters based on the lifetime profiles improved the performance of loading the DataFrame.
This document discusses the past, present, and future of Pharo DataFrames. It began as a student project but has evolved into a mature project with dedicated engineers, improving performance and adding functionality. Future plans include further performance enhancements, adding more functionality, better integration with other Pharo projects, and support for big data. Evaluation of DataFrames is also planned.
This document discusses issues with thisContext in the Pharo debugger not correctly representing the execution context and being the DoIt context instead. This was fixed in Pharo12 by making thisContext a variable object that is wrapped in a DoItVariable, so the debugger context is used. When inspecting or doing DoIt, the doIt Variable is pushed and read to provide the proper execution context.
This document proposes using websockets to display fencing scores and a chronometer from an arena server to mobile phones over the internet in real-time. It includes links to video examples of a chronometer display and photos from fencing competitions.
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScriptESUG
This document discusses PharoJS, which allows developers to develop applications in Pharo and then export them to run as JavaScript applications. PharoJS enables 100% of Pharo code to be executed during development, and then 100% of that same code is exported to JavaScript to be executed in production. The document also briefly mentions deployment options for exported PharoJS applications like GitHub Pages and GitHub Actions.
The document contains testimonials from participants of the Pharo MOOC praising its effectiveness at teaching object-oriented design. It also announces an upcoming advanced design MOOC that will have over 60 lectures, slides, videos and an exercise booklet. Finally, it provides links to the course websites and encourages people to stay tuned for the new MOOC.
A New Architecture Reconciling Refactorings and TransformationsESUG
This document discusses reconciling refactorings and transformations in software engineering. It proposes a new architecture where refactorings decorate transformations by checking preconditions and composing multiple transformations. Refactorings ensure transformations are applied safely while transformations focus on model changes. Open questions remain around precondition handling and composition semantics. The goals are to reduce duplication, support custom refactorings/transformations, and provide a modern driver-based user interface.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. SUMMARY
1 – OVERVIEW
2 – INSTALLATION
3 – PLAYING
4 – PERSONAL WEATHER STATION
5 – THE FUTURE
4. 1 - OVERVIEW
• Created by Rmod Team, a research team
from INRIA (France)
• Written by Denis Kudriashov in 2016/17
dionisiydk@gmail.com
• In 2018, Allex Oliveira joined the Rmod Team
to continue the project
5. 1 - OVERVIEW
What is PharoThings?
• A Pharo image running on IoT device (ARM VM)
• A Pharo image controlling remote IoT device
• A Pharo library running on Raspberry Pi to control
GPIOs through an object board model (using Wiring Pi)
• A Pharo library to control Arduino Devices (using
Firmata)
• An advanced board model inspector
• Remote IDE (TelePharo)
9. 1 - OVERVIEW
Board Inspector
• Provides a scheme of pins
similar to physical position
• A live tool which represents
the current pins state
• Digital pins are shown with
green/red icons which
represent high/low (1/0)
values
10. 1 - OVERVIEW
With PharoThings you can to develop tools to
lively program, explore and debug remote boards.
• It is part of TelePharo project
• With remotePharo instance you can open:
remote playground
remote system browser or
remote process browser
14. 2 - INSTALLATION
How to run Pharo on ARM architecture?
• Metacello new
baseline: 'PharoThings';
repository: 'github://pharo-iot/PharoThings/src';
load: #(RemoteDevServer Raspberry).
• Metacello new
baseline: 'PharoThings';
repository: 'github://pharo-iot/PharoThings/src';
load: 'RemoteDev'
18. 3 - PLAYING
Playing with LEDs and Buttons
• 1 Raspberry Pi (any model) connected to your
network (wired or wireless)
• 1 Breadboard
• 2 LEDs
• 2 Buttons
• 2 Resistors (330ohms)
• Jumper wires
21. 3 - PLAYING
Playing with Sensors (I2C)
1 Raspberry Pi (any model) connected to your netw
ork (wired or wireless)
• 1 Breadboard
• 1 BME280 sensor
(Temperature, pressure and humidity)
• 1 MCP9808 sensor (Temperature)
• 1 ADXL345 sensor (Acelerometer, axis X, Y and Z)
• Jumper wires
23. 3 - PLAYING
Playing with Sensors (I2C)
• Add the follow line in /boot/config.txt
dtparam=i2c1=on
• Add the ‘pi’ user to I2C group and restart the Raspberry
sudo adduser pi i2c
• Code:
a:= board installDevice: PotBME280Device new.
a readParameters.
b := board installDevice: PotMCP9808Device new.
b readTemperature.
c := board installDevice: PotADXL345Device new.
c readCoordinates.
25. 3 - PLAYING
Playing with LCD Display
1 Raspberry Pi (any model) connected to your netw
ork (wired or wireless)
• 1 Breadboard
• 1 LCD 1602
• Jumper wires
27. 3 - PLAYING
Playing with LCD Display
lcd := board installDevice: PotLCD1602Device new.
lcd message: 'Hello everybody!Pharo is cool!'.
lcd clear.
28. 4 - PERSONAL WEATHER STATION
Taking the sensor data with Pharo, showing in LCD
display and sending to a remote server
29. 4 - PERSONAL WEATHER STATION
• We will run PharoThings in a Raspberry Pi
• To collect the sensor data (BME280)
temperature, humidity and pressure
• Show this data in a LCD
• Send the data to a remote server
30. 4 - PERSONAL WEATHER STATION
• Created class to instantiate the LCD and Sensor
• Created subclass to create process:
print information on LCD each 1 second
send data to a webserver in cloud each 1 minute
31. 4 - PERSONAL WEATHER STATION
• Started Pharo on Raspberry boot with arguments to
start the 2 process (DisplayLCD and PostData)
/etc/init.d/pharo.sh
/home/pi/pharo-iot/start.st
33. 5 - THE FUTURE
Projects and news
• Beaglebone models
• Zeroconf for armVM + PharoThings
• Remote refactoring
• Security
34. 5 - THE FUTURE
Automatic detection of running images in network
(TeleRadar using SSDP protocol)
35. 5 - THE FUTURE
Middleware to manage the devices
36. 5 - THE FUTURE
Website official with many lessons and tutorials
Draft: http://pharothings.allexoliveira.com.br
and more…
37. WITH PHAROTHINGS YOU CAN
• Dynamically update your running board
• Interact remotely with pins and boards
• Modify the system while it is running (create new
board, change code)
• Make your changes persistent
Easy, powerful.
THANKS!
Any questions?
marcus.denker@inria.fr
allex.oliveira@msn.com
38. PRESENTATION INFORMATION
This slides was presented at ESUG 2018, in Cagliari, ITALY
•Title: Pharo IoT
•Presenters:
Marcus Denker - marcusdenker.de / zweidenker.de
Allex Oliveira - linkedin.com/in/allex-oliveira
ESUG conferences
http://www.esug.org/wiki/pier/Conferences
INRIA
https://www.inria.fr/
RMOD TEAM
https://rmod.inria.fr/web
PHARO PROJECT
https://github.com/pharo-project/pharo
PHAROTHINGS PROJECT
https://github.com/pharo-iot/PharoThings