This document proposes the QDashboard project, which aims to develop a quality and health dashboard to monitor software projects. It would extract metrics from source code, issue trackers, and other project outputs to track quality and health over time. The dashboard would display metrics, rank projects, and suggest recommendations. It would reuse existing open source tools and provide views for various roles. The proposed architecture includes a web app, plugins/portlets for views, and an API for extracting metrics from data sources.
Abstract 2: "Advanced testing in action on a Java project"
In 2019 we're all used to writing automated tests in Java projects. It's now time to move up the chain and learn how to implement more complex type of testing.
This talk will demonstrate advanced testing practices used by the XWiki open source project (http://xwiki.org), and using Java, Maven, Docker and Jenkins and more:
* Testing for backward compatibility with Revapi and an associated strategy
* Testing for coverage with Jacoco and defining a viable strategy for slowing improving the situation
* Testing the quality of your tests with Descartes Mutation testing
* Automatically enriching your test suite with DSpot
* Testing various configurations with Docker containers and Jenkins
Talk for the Project Quality Day at Eclipse Conference Europe 2015. A presentation on how to perform risk based testing, using Jira, Jubula and Mylyn (and Spago4Q), appplied to a real-world use case, the SpagoWorld Shop
In this presentation we are going to summarize and share with you QA estimation approach that was developed and successfully applied on different projects at Testing Center of Excellence at Ciklum. We will consider factors and basis which should be considered while starting estimation process, QA Estimation approach for main and additional activities should be taken into account, try to compose estimation guide for Regression testing and find out how to adjust QA Estimation by risks/assumptions multipliers.
When looking at the current disruptive technologies in software engineering like Docker and other container virtualization technologies helping software developers to be more productive and having enabled the DevOps movement at all in the first place it might be obvious that the focus lied and still lies on the agile development part in DevOps first. Another objective of this movement is certainly to convince system operators to map infrastructure to code in an agile, test-driven and iterative manner. So it is no surprise that other use cases which do not involve the Dev part in DevOps so much are not really in focus until time being.
Everybody wants to invest in automated testing solution because it saves money and improves quality. But usually after the initial investment of time and resources in implementation and few months of happy running it starts breaking, then stops working completely, then it is abandoned. How do you prevent this from happening? How can you make it easier for developers and testers to keep it up?
I want to share my experience with creating automated testing solutions for eclipse based projects and describe what worked and what did not. This talk will include descriptions of several testing frameworks and why some of them failed. Testing frameworks discussed will include JUnit, Mockito, SWTBot, Window Tester, Jubula, Squish and some in-house frameworks. I also will describe how to take advantage of static analysis for testing.
I will share tips and tricks on how to design your code with testing in mind and how to create effective test cases and integrate testing into your development process in order to reduce the chance of automated testing abandonment.
Sattose17, Madrid.
Three our ongoing research works.
Building the theory of Bug Insertion, SLR of Credibility and Reproducibility of SZZ, New metrics computed from the bug introduction change.
Abstract 2: "Advanced testing in action on a Java project"
In 2019 we're all used to writing automated tests in Java projects. It's now time to move up the chain and learn how to implement more complex type of testing.
This talk will demonstrate advanced testing practices used by the XWiki open source project (http://xwiki.org), and using Java, Maven, Docker and Jenkins and more:
* Testing for backward compatibility with Revapi and an associated strategy
* Testing for coverage with Jacoco and defining a viable strategy for slowing improving the situation
* Testing the quality of your tests with Descartes Mutation testing
* Automatically enriching your test suite with DSpot
* Testing various configurations with Docker containers and Jenkins
Talk for the Project Quality Day at Eclipse Conference Europe 2015. A presentation on how to perform risk based testing, using Jira, Jubula and Mylyn (and Spago4Q), appplied to a real-world use case, the SpagoWorld Shop
In this presentation we are going to summarize and share with you QA estimation approach that was developed and successfully applied on different projects at Testing Center of Excellence at Ciklum. We will consider factors and basis which should be considered while starting estimation process, QA Estimation approach for main and additional activities should be taken into account, try to compose estimation guide for Regression testing and find out how to adjust QA Estimation by risks/assumptions multipliers.
When looking at the current disruptive technologies in software engineering like Docker and other container virtualization technologies helping software developers to be more productive and having enabled the DevOps movement at all in the first place it might be obvious that the focus lied and still lies on the agile development part in DevOps first. Another objective of this movement is certainly to convince system operators to map infrastructure to code in an agile, test-driven and iterative manner. So it is no surprise that other use cases which do not involve the Dev part in DevOps so much are not really in focus until time being.
Everybody wants to invest in automated testing solution because it saves money and improves quality. But usually after the initial investment of time and resources in implementation and few months of happy running it starts breaking, then stops working completely, then it is abandoned. How do you prevent this from happening? How can you make it easier for developers and testers to keep it up?
I want to share my experience with creating automated testing solutions for eclipse based projects and describe what worked and what did not. This talk will include descriptions of several testing frameworks and why some of them failed. Testing frameworks discussed will include JUnit, Mockito, SWTBot, Window Tester, Jubula, Squish and some in-house frameworks. I also will describe how to take advantage of static analysis for testing.
I will share tips and tricks on how to design your code with testing in mind and how to create effective test cases and integrate testing into your development process in order to reduce the chance of automated testing abandonment.
Sattose17, Madrid.
Three our ongoing research works.
Building the theory of Bug Insertion, SLR of Credibility and Reproducibility of SZZ, New metrics computed from the bug introduction change.
[QE 2017] Dawid Pacia, Tomasz Janiszewski - SQA w erze TestOpsFuture Processing
Prezentacja z VI edycji Quality Excites. Tomasz i Dawid przedstawili ewolucję pracy testera, która w dzisiejszych czasach nierzadko wymaga umiejętności tworzenia i utrzymania odpowiednich środowisk do testów, do których stworzenia potrzebna jest wiedza na poziomie DevOpsa.
Celem wystąpienia było przestawienie przykładowego szkieletu takiego środowiska do testów oraz narzędzi, które powinny się znaleźć w przyborniku TestOpsa.
Cpp Testing Techniques Tips and Tricks - Cpp EuropeClare Macrae
Links from the talk are available at:
https://github.com/claremacrae/talks/blob/master/Cpp_Testing_Techniques_Tips_and_Tricks.md#top
An assortment of practical patterns and techniques to make it easier to write effective automated tests of C++ code, both old and new.
Clare will share some valuable techniques for easier handling of commonly troublesome testing scenarios. Whatever test framework you use, you will take away practical ideas to writer tests more easily and more effectively, to handle challenging automated test scenarios.
This talk is independent of test frameworks, and even covers a little for those creating Qt desktop applications.
Most of the companies starting using JIRA for Project Management. Requirements, Bugs and Development Tasks are already being tracked through it. Its time to use it for Test Cases also. This will improve transparency.
Writing code is fun, but deploying to production is not. Production releases are scary events that last all weekend, and you find yourself worrying about how it will go. Did we miss a configuration file? Is the database schema the same as the one in the test environment? Does the last minute hot fix we just applied break any other features? Did I forget to include an installation instruction for the system administrators?
Continuous Delivery is a collection of principles and practices aimed at addressing the problems teams typically face when releasing changes to production. By applying rigorous automation, testing and configuration management, teams are able to confidently and consistently deploy changes from version control to production without fear.
In this talk, Mike McGarr will provide listeners with an introduction into the world of Continuous Delivery. After an introduction into the concepts and principles of Continuous Delivery, he will discuss many of the techniques for implementing Continuous Delivery and recommend some tools that can be used on your development project.
Slides of our Webinar, held on March 20th 2018, where the main features of ElasTest, at the time being, were presented. This included our ability to launch docker and docker-compose SuTs, and tests, gathering logs and metrics, and inspecting resulst with out Log Analyzer. All these features, including ElasTest capabilities for manual testing, were showcased at the end in a demo conducted by out Project Coodinator. The webinar was recorded and it's available at: https://youtu.be/OL4yktND6Uo.
Achieving Full Stack DevOps at Colonial Life DevOps.com
In an ever more competitive marketplace, organizations have turned to Agile and DevOps practices to deliver software innovations to market more quickly and with high quality. Across industries, companies are making heavy investments in tools and process improvements around automated build, test, continuous integration and delivery, and release automation and orchestration. However, despite these investments, many organizations are still struggling to bring the necessary speed and quality to their software delivery. In many cases, this is because Agile and DevOps improvements have not been applied to the entire software stack and are often limited to application code delivery.
This webinar will explore the transformation that Colonial Life made in bringing DevOps to the entire software stack. Specifically, beyond automating and accelerating the validation and delivery of application code, this webinar will focus on the critical role that data and the database play in modern software delivery and the tools and processes that can bring the same automation to database code.
After this webinar, you will understand:
* What holds organizations back despite an Agile application development process
* The benefits of automating the validation and deployment of database changes
* A template for bringing DevOps to the entire software stack
Quality Tech is an outsourcing company specializing in software testing. We use a specially developed testing methodology designed by our QA Manager. Our purpose is to increase the efficiency of your products and services by providing you high quality testing services.
ElasTest presentation at the Software Testing Forum, held in Milano in June 2018. The event was organized by the Italian chapter of the Software Testing Qualifications Board.
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersAndrey Karpov
Our company develops two code analyzers to check C/C++ projects: PVS-Studio and CppCat. In this article, we are going to tell you about the functional differences between these two tools.
[QE 2017] Dawid Pacia, Tomasz Janiszewski - SQA w erze TestOpsFuture Processing
Prezentacja z VI edycji Quality Excites. Tomasz i Dawid przedstawili ewolucję pracy testera, która w dzisiejszych czasach nierzadko wymaga umiejętności tworzenia i utrzymania odpowiednich środowisk do testów, do których stworzenia potrzebna jest wiedza na poziomie DevOpsa.
Celem wystąpienia było przestawienie przykładowego szkieletu takiego środowiska do testów oraz narzędzi, które powinny się znaleźć w przyborniku TestOpsa.
Cpp Testing Techniques Tips and Tricks - Cpp EuropeClare Macrae
Links from the talk are available at:
https://github.com/claremacrae/talks/blob/master/Cpp_Testing_Techniques_Tips_and_Tricks.md#top
An assortment of practical patterns and techniques to make it easier to write effective automated tests of C++ code, both old and new.
Clare will share some valuable techniques for easier handling of commonly troublesome testing scenarios. Whatever test framework you use, you will take away practical ideas to writer tests more easily and more effectively, to handle challenging automated test scenarios.
This talk is independent of test frameworks, and even covers a little for those creating Qt desktop applications.
Most of the companies starting using JIRA for Project Management. Requirements, Bugs and Development Tasks are already being tracked through it. Its time to use it for Test Cases also. This will improve transparency.
Writing code is fun, but deploying to production is not. Production releases are scary events that last all weekend, and you find yourself worrying about how it will go. Did we miss a configuration file? Is the database schema the same as the one in the test environment? Does the last minute hot fix we just applied break any other features? Did I forget to include an installation instruction for the system administrators?
Continuous Delivery is a collection of principles and practices aimed at addressing the problems teams typically face when releasing changes to production. By applying rigorous automation, testing and configuration management, teams are able to confidently and consistently deploy changes from version control to production without fear.
In this talk, Mike McGarr will provide listeners with an introduction into the world of Continuous Delivery. After an introduction into the concepts and principles of Continuous Delivery, he will discuss many of the techniques for implementing Continuous Delivery and recommend some tools that can be used on your development project.
Slides of our Webinar, held on March 20th 2018, where the main features of ElasTest, at the time being, were presented. This included our ability to launch docker and docker-compose SuTs, and tests, gathering logs and metrics, and inspecting resulst with out Log Analyzer. All these features, including ElasTest capabilities for manual testing, were showcased at the end in a demo conducted by out Project Coodinator. The webinar was recorded and it's available at: https://youtu.be/OL4yktND6Uo.
Achieving Full Stack DevOps at Colonial Life DevOps.com
In an ever more competitive marketplace, organizations have turned to Agile and DevOps practices to deliver software innovations to market more quickly and with high quality. Across industries, companies are making heavy investments in tools and process improvements around automated build, test, continuous integration and delivery, and release automation and orchestration. However, despite these investments, many organizations are still struggling to bring the necessary speed and quality to their software delivery. In many cases, this is because Agile and DevOps improvements have not been applied to the entire software stack and are often limited to application code delivery.
This webinar will explore the transformation that Colonial Life made in bringing DevOps to the entire software stack. Specifically, beyond automating and accelerating the validation and delivery of application code, this webinar will focus on the critical role that data and the database play in modern software delivery and the tools and processes that can bring the same automation to database code.
After this webinar, you will understand:
* What holds organizations back despite an Agile application development process
* The benefits of automating the validation and deployment of database changes
* A template for bringing DevOps to the entire software stack
Quality Tech is an outsourcing company specializing in software testing. We use a specially developed testing methodology designed by our QA Manager. Our purpose is to increase the efficiency of your products and services by providing you high quality testing services.
ElasTest presentation at the Software Testing Forum, held in Milano in June 2018. The event was organized by the Italian chapter of the Software Testing Qualifications Board.
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersAndrey Karpov
Our company develops two code analyzers to check C/C++ projects: PVS-Studio and CppCat. In this article, we are going to tell you about the functional differences between these two tools.
Learnings from Developing a New B2B SaaS Product (Suryaveer Lodha (Sunny) Pro...IT Arena
Lviv IT Arena is a conference specially designed for programmers, designers, developers, top managers, inverstors, entrepreneurs and startuppers. Annually it takes place at the beginning of October in Lviv at Arena Lviv stadium. In 2016 the conference gathered more than 1800 participants and over 100 speakers from companies like Microsoft, Philips, Twitter, UBER and IBM. More details about the conference at itarena.lviv.ua.
Spiral model : System analysis and designMitul Desai
This presentation is about the one of the system development life cycle i.e Spiral model including its phases, advantages, disadvantages and implementation
Verification at scale: Fitting static code analysis into continuous integrationRogue Wave Software
Static code analysis (SCA) is a decades-proven software verification method that’s become essential for many development teams. With the growing adoption of DevOps processes and CI tools, it’s even more important that those familiar with and new to SCA understand how it fits into modern processes to maximize its benefits.
This talk describes three different ways of approaching static code analysis and explains the advantages and disadvantages of each, including test coverage, performance, and standards compliance. Starting with older server-based and desktop-based analysis, followed by the latest continuous static analysis for CI, you will walk away with an understanding of the different types of SCA and how to choose the best option that fits your team’s processes, environment, and release schedules.
Know Software Engineering very well and see the difference between the Software Programming & Software Engineering. Including other concepts as well as where you will know how this Software engineering is different for the building the software compared to do only the programming.
The Importance of Performance Testing Theory and Practice - QueBIT Consulting...QueBIT Consulting
Why is good testing so hard to do? Not Enough Time. Not Enough Testers. Inconsistent or Incomplete Test Scripts. Lack of Performance Metrics. Difficult to Summarize Results
In this presentation, it will cover different software development methodologies. These include the common types of SDM, and the pros and cons.
A software development methodology involves several steps. These include planning, structuring, and performance tracking.
In some instances, it may also include extreme programming. The objective is to streamline the process when developing software or any product.
Almost all software development methodologies are non-technical. This means they do not deal with the technical aspects of software design and development. They focus more on the internal operations, and other processes involved in the project.
Take note that each has its specific features. Gauge your options, and choose the best one that suits your needs.
En tant que développeur, qu'il est bon d'être capable de débugguer sur sa machine un problème survenant en production, dans une configuration spécifique ! C'est ce que permet le framework TestContainers. Il permet de piloter Docker directement depuis ses tests JUnit et donc d'avoir un mécanisme extrêmement efficace pour déployer ses tests fonctionnels dans un environnement donné.
Cette session présentera TestContainers, appliqué à un cas réel avec une démonstration de comment l'utiliser pour effectuer des tests impliquant une base de données, un moteur de Servlet et plus. Au programme: Intégration JUnit5, création d'images Docker custom, enregistrement automatique de vidéos des tests, intégration avec un job Jenkins pipeline pour itérer sur les différentes configurations à tester.
Configuration Testing with Docker & TestContainersVincent Massol
Testing different configuration of your software on the developer machine, directly from your IDE.
Presented at Devoxx FR 2019
Video at https://youtu.be/0TvWv4L_IJM
This talk demonstrates advanced testing practices coming from the STAMP research project and applied to the XWiki open source project:
- Testing for coverage with Jacoco and defining a viable strategy for slowly improving the situation
- Testing the quality of your tests with Descartes Mutation testing
- Automatically enriching your test suite with DSpot
- Testing various configurations with Docker containers and Jenkins
- Generating tests automatically from production stack traces
Video at https://www.youtube.com/watch?v=nD1eFbql8jg
This talk will demonstrate advanced testing practices used by the XWiki open source project, and using Java, Maven, Docker and Jenkins:
* Testing for backward compatibility with Revapi and an associated strategy
* Testing for coverage with Jacoco and defining a viable strategy for slowing improving the situation
* Testing the quality of your tests with Descartes Mutation testing
Automatically enriching your test suite with DSpot
* Testing various configurations with Docker containers and Jenkins
Creating your own project's Quality DashboardVincent Massol
Presentation held at Softshake 2017.
Shows how to use the XWiki open source project (http://xwiki.org) to develop a quality portal web site for your development projects. We'll start from a clean XWiki instance and configure it and write scripts to have the following features:
* Documentation for your project
* Display JIRA issues
* Display Sonar metrics
* Display Jenkins statuses
* Display Git statistics of your project
* Have an application to perform releases (checklist, release notes)
* Send alerts (mail, IRC, etc) when quality metric thresholds are reached
And more!
Presentation held at Softshake 2017.
When developing a web application, the traditional way is to develop the application from scratch using a general purpose language such as PHP, Grails, Play, Java/JSP, etc.
This presentation shows that a next generation wiki (examples based on XWiki: http://xwiki.org) can be used as a web development platform to develop applications on top of it, providing a strong infrastructure scaffolding to building web applications.
The advantages are similar to those of using an application sever. However whereas an application server offers technical services only, a wiki platform offers higher level services such as content management, rendering, storage, WYSIWYGeditor, user management, and a lot more.
Not only are these services offered, you can develop using them in your traditional IDE or in the runtime, directly in wiki pages. This allows developing web applications extremely quickly, collaboratively and with a fast turnaround time, which is perfect for adhoc web application development.
Leading a Community-Driven Open Source ProjectVincent Massol
Talk presented at Voxxed Luxembourg 2017.
This talk is a return of experience of 20 years developing open source software at the Apache Software Foundation (Jakarta Cactus, Apache Maven), at Codehaus (Cargo) and on the XWiki open source project (last 10 years).
Through the example of the XWiki open source project, the talk will tackle best practices and governance rules for running community-driven open source projects and it'll also tackle the difficult topic of how to run such a project when there are companies making money from the open source project behind the scene.
Examples of topics that will be covered:
* Committership
* Development best practices
* Roadmap definitions
* Fully automating software releases
* Handling companies
* Tracking who's using your project
Internal training at [[XWiki SAS>>http://xwiki.com]] about the Development Practices used by the XWiki SAS product team in charge of developing the XWiki open source project (among other projects). Most of the practices detailed are those from the XWiki open source project, defined on the [[dev subwiki>>dev:Main.WebHome]]. However the slides also provide a glimpse of other development practices that are used to complement the open source practices, such as Roadmap preparation and Stakeholder meetings.
More details at http://www.xwiki.org/xwiki/bin/view/Blog/DevPracticesByXWikiSAS
XWiki SAS est une société qui sponsorise le développement du logiciel open source XWiki (http://xwiki.org).
De plus le développement du logiciel est communautaire et suit les règles de développement de la fondation Apache.
Vincent Massol, directeur technique de XWiki SAS présentera comme la société est organisée de l’intérieur, ses sources de revenus, comment se font les recrutements et quels sont les liens avec le projet open source et les tensions inhérentes entre une société à but commercial et un projet open source communautaire.
XWiki: A web dev runtime for writing web apps @ FOSDEM 2014Vincent Massol
When developing a web application, the traditional way is to develop the application from scratch using a general purpose language such as PHP, Grails, Play, Java/JSP, etc.
This presentation will show that a next generation wiki (examples based on XWiki: http://xwiki.org) can be used as a web development platform to develop applications on top of it, providing a strong infrastructure scaffolding to building web applications.
The advantages are similar to those of using an application sever. However whereas an application server offers technical services only, a wiki platform offers higher level services such as content management, rendering, storage, WYSIWYGeditor, user management, and a lot more.
Not only are these services offered, you can develop using them in your traditional IDE or in the runtime, directly in wiki pages. This allows developing web applications extremely quickly, collaboratively and with a fast turnaround time, which is perfect for adhoc web application development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
QDashboard 1.2
1. Copyright 2006 Vincent Massol, all rights reserved
QDashboard
Proposal v 1.2
Vincent Massol, 9 Oct. 2006
TODO:
Find a better name!
2. Copyright 2006 Vincent Massol, all rights reserved
The Need
■ Projects are not controlled in term of quality
It’s a best effort which results most often in poor quality and high maintenance
costs
There’s no tool to help monitor the quality over the duration of the project
■ Project health is also not controlled
Results in delays to deliver and cost overrun
Again there’s no tool to help monitor a project’s health over its course
■ Quality and Health are currently monitored manually (when they are
monitored at all)
Lots of guessing
Manual and tedious work
Inaccurate because based on people’s perception of how good and how finished
a project is
■ QDashboard is about extracting tangible information from the project’s
outputs (source code, artifacts, issue tracker, etc)
3. Copyright 2006 Vincent Massol, all rights reserved
General goals
■ Develop a Quality and Health Check Dashboard to track quality and
health of development projects
■ 3 main features
Display metrics (historical and by committer)
■ For quality and project health
Rank the projects
■ On quality and health criteria
Suggest recommendations
■ To improve quality and health
■ Reuses existing open source tools for gathering metrics
Checkstyle, PMD, findbugs, Xradar, JavaNCSS, JUnit, Xref, Cobertura, etc
■ Aggregate the results, store them over time, generate trends, generate
reports, set alarm thresholds, correlate them together
4. Copyright 2006 Vincent Massol, all rights reserved
Target Audience
■ Project Managers
How is my project doing?
■ Project Directors
How are my different projects doing?
■ Developers
How am I doing in my team?
■ QA Managers/Teams
How are all the projects doing, compared with each
other?
5. Copyright 2006 Vincent Massol, all rights reserved
Business value
■ Improve project quality
Less bugs
Easier maintenance
■ Improve respect of deadlines
■ Project audits
Ex: Outsourced projects
■ Healthy comparison between different projects
Leads to emulation and quality/productivity increase (if done right)
■ Increase developer’s responsibility
By providing visibility on his work
■ Reward team members
Factual recognition of work done
Good developers can now be rewarded
6. Copyright 2006 Vincent Massol, all rights reserved
Features
The features are presented
in no particular order
7. Copyright 2006 Vincent Massol, all rights reserved
Recommendations & Rankings
■ Ranker to rank the different projects according to metrics
Ranking in quality and in health
Ability to compare projects
Only rank common metrics. Take common metrics between
project for ranking, i.e. ranking against Metric Set
■ Recommendation engine
Adapted for different types of projects
■ ex.: OSS projects, Prototype (build and throw away), Core IS project
(ex: banking project that must last 10 years), etc
Configurable
Well known Recommendation sets
8. Copyright 2006 Vincent Massol, all rights reserved
Features (1)
■ Add project from a SCM URL
Points to a Maven POM
Manual by entering information such as location of
sources, tests, etc
■ With automatic detection as much as possible
■ See http://blogs.codehaus.org/people/vmassol/archives/
001369_intellib.html
9. Copyright 2006 Vincent Massol, all rights reserved
Features (2)
■ Execute coding rules on project
Checkstyle
JavaNCSS
Findbugs
PMD
CPD
…
Only select rules that everyone agree on by default
10. Copyright 2006 Vincent Massol, all rights reserved
Features (3)
■ Measure project activity
# Commits per day/week/month/developer
Release frequency
Nb active committers
■ Count number of tests
■ Measure Test coverage
Need runtime model (see after) or integrate
with a build/CI
11. Copyright 2006 Vincent Massol, all rights reserved
Features (4)
■ Automatically discover the build used by the
project and display it
Ant, Maven1, Maven2, etc
Give a negative point to project if no build
■ Provide an instance of QDashboard for open
source projects
Automatically discover M2 projects on ibiblio and
generate dashboard for them
To make advertisement for QDashboard
12. Copyright 2006 Vincent Massol, all rights reserved
Features (5)
■ Provide individual stats by committer
For example, how many rules John Doe has violated
in his last commit?
All reports (checkstyle, PMD, CPD, etc) should allow
an individual view
Goal: every developer must be aware of what he’s
doing and be sensitive to quality. By emulation
developers should automatically work towards
improving their code quality
13. Copyright 2006 Vincent Massol, all rights reserved
Features (6)
■ Display # of documentation pages (and quantity) modified
by users
So that not only code lines is made visible but also
documentation
Support xdoc, APT, FML, confluence, etc
■ Display individual statistics on:
Modified code – main sources (src/main)
Modified code – test sources (src/test)
Modified documentation (see above) (src/site + wiki)
Modified build files (pom.xml, profiles.xml)
Other
14. Copyright 2006 Vincent Massol, all rights reserved
Features (7)
■ Subscribe an Agent to the project mailing lists to measure
project member activity
In order to see who helps with questions and who communicates
in general
Nb answers per day/week/month on the list
■ Run Clirr on releases project versions
To measure how much importance is given to binary compatibility.
Need to take into account non-stable API
■ Must be marked manually by someone
Need to take into account deprecations so that a removed
deprecations does not trigger a bad point
■ Note: Project need to decide how long a deprecation should stay
15. Copyright 2006 Vincent Massol, all rights reserved
Features (8)
■ JIRA integration
How long issues are opened on average
Who closes issues
■ Crucible integration
Reviewed code %, % of code not reviewed
Reviews in progress, when was last review done (if too long raise warning), etc
■ Top projects view
List the project will the less violations
■ Need to ensure we compare apples with apples
And worse projects!
Good for the open source instance to list the top 50 projects for example.
Provide emulation. Nobody wants to see his project in the worse category…
Users will be more tempted to use a good quality and healthy project
Provide the same view for internal project portofoli management
16. Copyright 2006 Vincent Massol, all rights reserved
Features (9)
■ Indicator: # of mails on the mailing lists
Per day/week/month
Helps evaluate project’s activity and health
Note: need to support forums too for projects not using
mailing lists
■ Offer threshold warnings
Ex: If # of PMD errors goes beyond N
Ex: If no release done in N months
Notify by Mail, IRC, IM
17. Copyright 2006 Vincent Massol, all rights reserved
Features (10)
■ Allow projects to compare with each other
Metric by metric
Globally (need some ranking system – Not easy)
■ Integrate with bug tracker to measure # bugs /
release
Warning: more testers will lead to more bugs up to a
level. Thus it’s not the projects with the most
discovered bugs which are less good on quality! Need
to be correlated with # of tests
18. Copyright 2006 Vincent Massol, all rights reserved
Features (11)
■ Recommendations: Offer quick wins advice
Provide suggestions to improve score
Does this by comparing current project with other existing projects (open source
ones for example) and find the top few metrics where the project is off the most
Examples
■ If committer repeatedly increase # of checkstyle violations during last 5 commits then
recommend fixing it and raise highlight
■ If no release in past 1 month then recommend release
■ If bug tracker issues pending for more than 1 month raise warning
Use groovy for writing rules by offering Java objects to wrap around. This allows
easy edition of rules and creating new ones by users.
■ Allow comments for each metric on all projects
So that users/developers of project can provide feedback/explain the value in
some metrics.
Provide way for users to provide feedback on something not working
■ Automatically generate a JIRA issue for QDashboard for exemple (as is done by IntelliJ
IDEA)
This is one killer feature.
TODO: List 40 good
recommendations rules
19. Copyright 2006 Vincent Massol, all rights reserved
Features (12)
■ Scheduler
Take snapshot of dashboard every day/week (+ on demand for releases)
for example for historical trends
■ Display graphs for each metric
■ Support for subprojects
Example: M2 modules
■ Display project versions milestones in metric graphs
■ Ability to create Parsers/Analyzers/Metrics directly from the webapp
Including generic parser, etc
■ Create an online repository of Dashlets
That can also be accessed and discovered from QDashboard directly
21. Copyright 2006 Vincent Massol, all rights reserved
System Architecture
Dashboard
Server
Web Browser
IDE plugins
Mail, IRC, IM
Bug Trackers
Mailing lists
Build/CI tools
SCMs
View results Data sources
Crucible/FishEye
22. Copyright 2006 Vincent Massol, all rights reserved
Webapp (Dashweb)
Product stack
Plugins & JSR-168 Portlets (Dashlets)
Java API (Dashrock)
■ Dashlet = Portlet displaying a metric
■ + REST-type API for getting data from dashlets
23. Copyright 2006 Vincent Massol, all rights reserved
Dashrock
■ 100% Java, strongly typed API
■ Ability for users to add their own Parser,
Analyzer and Metric
■ Stateless architecture (i.e. users of
Dashrock have to instantiate instances of
Parser, Analyzer and Metric)
24. Copyright 2006 Vincent Massol, all rights reserved
Dashlets
■ A Dashlet is a plugin for Dashweb
In the form of a JAR
■ A Dashlet provides a JSR-168 compatible
view that can display metrics computed by
Dashrock
■ Allows embedding Dashrock Portlets in
any JSR-88 Portlet container
25. Copyright 2006 Vincent Massol, all rights reserved
Technical Architecture
■ (Could be built on top of XWiki/Exo)
■ Generic webapp and platform
Metrics, Dashlets, Analyzers, Parsers, Recos can be added from repositories
• Metrics
• Parsers
• Dashlets
Remote repo
Local
repo
Dashlet 1 Dashlet 2 Dashlet N
Dashweb
Scheduler
Project Mgr
Renderer
Ranker
Reco. Engine
Dashrock
26. Copyright 2006 Vincent Massol, all rights reserved
Database
Parser
JUnit
Parser
Checkstyle
Parser
Parse and
persist data
Analyzer
Importer
Metric
Monthly
Aggregator
Test Coverage
/LOCRead parsed
data and write
analyzed data
Nb of JUnit
tests
Test
Coverage %
Create project
Retrieve metric
Dashrock Architecture
Persistence API
Create composite
metric from
several parsed
information
27. Copyright 2006 Vincent Massol, all rights reserved
Open questions
■ Do we execute the quality tools within
QDashboard?
For example do we execute Checkstyle?
■ In which case we need a Project object and need to
be able to build a project. Could be done by
embedding M2 for example.
Or do we only parse the results of an
execution
■ In which case we need to integrate with build tools
28. Copyright 2006 Vincent Massol, all rights reserved
Appendix A: Competitors
■ CAST
http://www.castsoftware.com/Products/Index.html
■ JetBrain’s TeamCity
Especially with inspections and code coverage
■ Mergere
■ Atlassian