Setting up Continuous Delivery Culture for a Large Scale Mobile AppNaresh Jain
Hike is a mobile-first, messaging platform that is used by 100 million users to exchange 40 billion messages/month. Hike app is available on Android, iOS and Windows phone. On the back-end, we’ve 100+ macro-services in Java, Python, Ruby, Go and Elixir. While setting up a Continuous Delivery pipeline, we ran into a series of technical challenges. However it was more important to address the organisational/behavioural challenges to ensure a sustainable culture shift in the company.
In this talk, I cover how we went about:
* Setup a trunk-based development model
* Decentralised our build & test environments using Docker and Jenkins
* Segregated and containerised our macro-services
* Refactored the mobile apps to be more container friendly
* Setup a mobile device farm using STF
* Improved the quality of code-reviews using PRBuilder & PRRiskAdvisor
* Created different kinds of automated tests to align with our CI Pipeline and get rapid feedback
* Finally how we used C3 to visualise the health of our code-base
Security Implications for a DevOps TransformationDeborah Schalm
If your organization is undergoing a DevOps transformation, you’re probably thinking about where security fits in. All too often, we tack on security testing at the end of the delivery process, which means significant problems go undetected until development is complete. As we adopt DevOps principles and practices, we enable a natural solution to this problem: ensure that security experts are involved throughout the delivery process.
In this webinar, DevOps.com and Puppet defined a reference implementation of DevOps from the ground up, by illustrating how the software delivery process evolves at a hypothetical startup. Once we've laid a technical foundation for DevOps, we discussed the implications for security. We also discussed:
Benefits for and challenges to security during a DevOps transformation
How to craft a DevOps-ready security practice
Refinements of a standard DevOps workflow to address security needs
Setting up Continuous Delivery Culture for a Large Scale Mobile AppNaresh Jain
Hike is a mobile-first, messaging platform that is used by 100 million users to exchange 40 billion messages/month. Hike app is available on Android, iOS and Windows phone. On the back-end, we’ve 100+ macro-services in Java, Python, Ruby, Go and Elixir. While setting up a Continuous Delivery pipeline, we ran into a series of technical challenges. However it was more important to address the organisational/behavioural challenges to ensure a sustainable culture shift in the company.
In this talk, I cover how we went about:
* Setup a trunk-based development model
* Decentralised our build & test environments using Docker and Jenkins
* Segregated and containerised our macro-services
* Refactored the mobile apps to be more container friendly
* Setup a mobile device farm using STF
* Improved the quality of code-reviews using PRBuilder & PRRiskAdvisor
* Created different kinds of automated tests to align with our CI Pipeline and get rapid feedback
* Finally how we used C3 to visualise the health of our code-base
Security Implications for a DevOps TransformationDeborah Schalm
If your organization is undergoing a DevOps transformation, you’re probably thinking about where security fits in. All too often, we tack on security testing at the end of the delivery process, which means significant problems go undetected until development is complete. As we adopt DevOps principles and practices, we enable a natural solution to this problem: ensure that security experts are involved throughout the delivery process.
In this webinar, DevOps.com and Puppet defined a reference implementation of DevOps from the ground up, by illustrating how the software delivery process evolves at a hypothetical startup. Once we've laid a technical foundation for DevOps, we discussed the implications for security. We also discussed:
Benefits for and challenges to security during a DevOps transformation
How to craft a DevOps-ready security practice
Refinements of a standard DevOps workflow to address security needs
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
Optimizing DevOps strategy in a large enterpriseEyal Edri
Large enterprises today are pacing a flood of multiple devops tools to choose from for their infrastructure. The problem intensifies when you have dozens of devops teams across the world, each with his own background of devops tools and knowledge and each with his own agenda of pushing to use his tools. How would you leverage this distributed, disconnected knowledge into a single working devops knowledge source, and common infrastructure to leverage the whole enterprise? Come and hear about Red Hat Global CI initiative to hear on one possible approach for taking on the battle.
Scaling Continuous Integration Practices to Teams with Parallel DevelopmentIBM UrbanCode Products
Slides from an Urbancode and Accurev joint webinar: http://www.accurev.com/webinar/20120119-Scaling-CI-Parallel-Development
Continuous integration is simple with a single development team. But when software projects grow to multiple teams and dependencies, continuous integration loses effectiveness due to parallel projects, varying release schedules, and differing cadences between teams. As a result, many teams unknowingly lose the benefits of continuous integration, and therefore suffer from a lack of feedback and poor quality.
In this webinar, UrbanCode’s Eric Minick and AccuRev’s Chris Lucca will explain how to:
- Scale continuous integration builds across multiple development teams working on parallel projects
- Share only code that has passed continuous integration from other teams to avoid broken builds and confusion
- Automate the configuration of your test environment to handle fluid projects done in parallel
Naresh and Shyam's experience report how teams and their interactions evolved at various large enterprise thru their agile transition in the last 5-6 years.
Intent of this tutorial is to provide the participants with a hands-on-experience of real world refactoring by taking an open source project and refactoring it.
Benefits
After attending this session, the participants should be able to:
Build a common vocabulary in the refactoring space
Identify code smells
Eliminate code smells by applying the simple refactoring techniques explained in Martin Fowler‘s “Refactoring”
Write better unit/functional tests for legacy code
Understand some of the techniques and pitfalls in refactoring legacy code in the absence of unit and functional tests [”Working effectively with legacy code “]
Take existing code and refactor it to standard design patterns [Refactoring to patterns]
Learn about the internals of the open source project chosen to refactor
Know where to look to continue learning the techniques of refactoring
This presentation describes Agile development practices as well as the requirements for building secure applications. It examines ways that teams can incorporate security into Agile development projects to successfully meet the goals of both.
Refactoring legacy code driven by tests - ITALuca Minudel
Are you working on code poorly designed or on legacy code that’s hard to test? And you cannot refactor it because there are no tests?
During this Coding Dojo you’ll be assigned a coding challenge in Java, C#, Ruby, JavaScript or Python. You will face the challenge of improving the design and refactoring existing code in order to make it testable and to write unit tests.
We will discuss SOLID principles, the relation between design and TDD, and how this applies to your solution.
Reading list:
Growing Object-Oriented Software, Guided by Tests; Steve Freeman, Nat Pryce
Test Driven Development: By Example; Kent Beck
Working Effectively with Legacy; Michael Feathers
Agile Software Development, Principles, Patterns, and Practices; Robert C. Martin (C++, Java)
Agile Principles, Patterns, and Practices in C#; Robert C. Martin (C#)
For a variety of reasons, modern, non-trivial software systems must evolve to cope with change, including alterations in stakeholder requirements, environments in which the software is deployed, and dependent technologies, e.g., frameworks. Unfortunately, evolution and maintenance is an expensive, time-consuming, and error-prone task, especially when the system in question is large and complex. Typically, a change to a single program element requires changes to related, and often seemingly unrelated, elements scattered throughout the source code.
To address this problem, approaches have emerged to mechanically assist developers with a wide range of software evolution and maintenance tasks, including migrating code to a new framework version, translating existing code to a new platform, and restructuring code to mirror an improved design. This assistance is typically provided in the form of extensions (plug-ins) to integrated development environments (IDEs) that afford (semi-) automated aid in carrying out these tasks, thus easing the burden associated with evolution and maintenance. In some approaches, the corresponding plug-in keeps track of the elements relevant to the change being implemented, with the IDE displaying only those elements. Other approaches attempt to automatically restructure code to improve such features as type safety while preserving semantics.
Although existing approaches are useful in alleviating some of the burden associated with software evolution and maintenance, there are a number of situations where developers are still required to complete evolution and maintenance tasks manually. These include but are not limited to upgrading legacy Java software to take advantage of many other available features of the modern Java language, replacing certain usages of Java collections with custom type hierarchies, and updating software composition specifications to cope with change. Automated approaches to assist developers with such cumbersome and error-prone tasks would be extremely useful in evolving and maintaining large, complex systems.
In this thesis, I explore and develop a number of new techniques that can be of great value to software developers in evolving code to accommodate change. The first of these is an automated refactoring which upgrades legacy Java code to use proper language enumeration (enum) types, a feature of the modern Java language. I have developed an approach that preserves semantics and that allows us to migrate legacy applications by automatically replacing a predominantly used pattern with suitable use of enums.
For the second technique, I explore and develop an automated approach to assist developers in maintaining pointcuts in evolving Aspect-Oriented (AO) programs. AO languages enable developers to better encapsulate crosscutting concern (CCC) implementations by allowing them to create an expression (a pointcut) which specifies well-defined points (join points) in a program's execution where code corresponding to a CCC (an aspect) should apply. However, changes to the underlying program (base-code) may invalidate pointcuts, leaving developers to manually update pointcuts to capture the intended join points. I have developed an approach that mechanically aids developers in suitably updating pointcuts upon changes to the base-code by analyzing arbitrarily deep structural commonalities between program elements associated with pointcuts in a particular software version. The extracted patterns are then applied to later versions to suggest additional join points that may require inclusion.
The third technique I explore in this thesis pertains to reasoning about the behavior of AO programs. As previously noted, AOP facilitates localized implementations of CCCs by allowing developers to encapsulate code realizing a CCC that would otherwise be scattered throughout many system modules and/or intertwined with code realizing the primary functionality of a module. Theref
How to go beyond traditional Scrum principles and scale to globally distributed teams with Continuous Delivery and Subversion. Presented by Andy Singleton of Assembla and Scott Rudenstein of WANdisco. Presented Nov. 15, 2012. 30 minutes.
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...Deborah Schalm
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
Optimizing DevOps strategy in a large enterpriseEyal Edri
Large enterprises today are pacing a flood of multiple devops tools to choose from for their infrastructure. The problem intensifies when you have dozens of devops teams across the world, each with his own background of devops tools and knowledge and each with his own agenda of pushing to use his tools. How would you leverage this distributed, disconnected knowledge into a single working devops knowledge source, and common infrastructure to leverage the whole enterprise? Come and hear about Red Hat Global CI initiative to hear on one possible approach for taking on the battle.
Scaling Continuous Integration Practices to Teams with Parallel DevelopmentIBM UrbanCode Products
Slides from an Urbancode and Accurev joint webinar: http://www.accurev.com/webinar/20120119-Scaling-CI-Parallel-Development
Continuous integration is simple with a single development team. But when software projects grow to multiple teams and dependencies, continuous integration loses effectiveness due to parallel projects, varying release schedules, and differing cadences between teams. As a result, many teams unknowingly lose the benefits of continuous integration, and therefore suffer from a lack of feedback and poor quality.
In this webinar, UrbanCode’s Eric Minick and AccuRev’s Chris Lucca will explain how to:
- Scale continuous integration builds across multiple development teams working on parallel projects
- Share only code that has passed continuous integration from other teams to avoid broken builds and confusion
- Automate the configuration of your test environment to handle fluid projects done in parallel
Naresh and Shyam's experience report how teams and their interactions evolved at various large enterprise thru their agile transition in the last 5-6 years.
Intent of this tutorial is to provide the participants with a hands-on-experience of real world refactoring by taking an open source project and refactoring it.
Benefits
After attending this session, the participants should be able to:
Build a common vocabulary in the refactoring space
Identify code smells
Eliminate code smells by applying the simple refactoring techniques explained in Martin Fowler‘s “Refactoring”
Write better unit/functional tests for legacy code
Understand some of the techniques and pitfalls in refactoring legacy code in the absence of unit and functional tests [”Working effectively with legacy code “]
Take existing code and refactor it to standard design patterns [Refactoring to patterns]
Learn about the internals of the open source project chosen to refactor
Know where to look to continue learning the techniques of refactoring
This presentation describes Agile development practices as well as the requirements for building secure applications. It examines ways that teams can incorporate security into Agile development projects to successfully meet the goals of both.
Refactoring legacy code driven by tests - ITALuca Minudel
Are you working on code poorly designed or on legacy code that’s hard to test? And you cannot refactor it because there are no tests?
During this Coding Dojo you’ll be assigned a coding challenge in Java, C#, Ruby, JavaScript or Python. You will face the challenge of improving the design and refactoring existing code in order to make it testable and to write unit tests.
We will discuss SOLID principles, the relation between design and TDD, and how this applies to your solution.
Reading list:
Growing Object-Oriented Software, Guided by Tests; Steve Freeman, Nat Pryce
Test Driven Development: By Example; Kent Beck
Working Effectively with Legacy; Michael Feathers
Agile Software Development, Principles, Patterns, and Practices; Robert C. Martin (C++, Java)
Agile Principles, Patterns, and Practices in C#; Robert C. Martin (C#)
For a variety of reasons, modern, non-trivial software systems must evolve to cope with change, including alterations in stakeholder requirements, environments in which the software is deployed, and dependent technologies, e.g., frameworks. Unfortunately, evolution and maintenance is an expensive, time-consuming, and error-prone task, especially when the system in question is large and complex. Typically, a change to a single program element requires changes to related, and often seemingly unrelated, elements scattered throughout the source code.
To address this problem, approaches have emerged to mechanically assist developers with a wide range of software evolution and maintenance tasks, including migrating code to a new framework version, translating existing code to a new platform, and restructuring code to mirror an improved design. This assistance is typically provided in the form of extensions (plug-ins) to integrated development environments (IDEs) that afford (semi-) automated aid in carrying out these tasks, thus easing the burden associated with evolution and maintenance. In some approaches, the corresponding plug-in keeps track of the elements relevant to the change being implemented, with the IDE displaying only those elements. Other approaches attempt to automatically restructure code to improve such features as type safety while preserving semantics.
Although existing approaches are useful in alleviating some of the burden associated with software evolution and maintenance, there are a number of situations where developers are still required to complete evolution and maintenance tasks manually. These include but are not limited to upgrading legacy Java software to take advantage of many other available features of the modern Java language, replacing certain usages of Java collections with custom type hierarchies, and updating software composition specifications to cope with change. Automated approaches to assist developers with such cumbersome and error-prone tasks would be extremely useful in evolving and maintaining large, complex systems.
In this thesis, I explore and develop a number of new techniques that can be of great value to software developers in evolving code to accommodate change. The first of these is an automated refactoring which upgrades legacy Java code to use proper language enumeration (enum) types, a feature of the modern Java language. I have developed an approach that preserves semantics and that allows us to migrate legacy applications by automatically replacing a predominantly used pattern with suitable use of enums.
For the second technique, I explore and develop an automated approach to assist developers in maintaining pointcuts in evolving Aspect-Oriented (AO) programs. AO languages enable developers to better encapsulate crosscutting concern (CCC) implementations by allowing them to create an expression (a pointcut) which specifies well-defined points (join points) in a program's execution where code corresponding to a CCC (an aspect) should apply. However, changes to the underlying program (base-code) may invalidate pointcuts, leaving developers to manually update pointcuts to capture the intended join points. I have developed an approach that mechanically aids developers in suitably updating pointcuts upon changes to the base-code by analyzing arbitrarily deep structural commonalities between program elements associated with pointcuts in a particular software version. The extracted patterns are then applied to later versions to suggest additional join points that may require inclusion.
The third technique I explore in this thesis pertains to reasoning about the behavior of AO programs. As previously noted, AOP facilitates localized implementations of CCCs by allowing developers to encapsulate code realizing a CCC that would otherwise be scattered throughout many system modules and/or intertwined with code realizing the primary functionality of a module. Theref
How to go beyond traditional Scrum principles and scale to globally distributed teams with Continuous Delivery and Subversion. Presented by Andy Singleton of Assembla and Scott Rudenstein of WANdisco. Presented Nov. 15, 2012. 30 minutes.
Releasing fast code - The DevOps approachMichael Kopp
Agile makes you Develop faster, DevOps also makes you Deploy faster but how do you make your Application faster?
Many currently used Performance Management practices don’t work anymore as they are too time consuming. It takes a new approach to track performance in Continuous Integration, get more value out of Load Testing and leverage production data for performance optimization.
We will show you real world examples on how the new DevOps approach can work.
Continuous Delivery refers to the process of releasing high quality software quickly and with confidence through the use of build, test and deployment automation. By applying Lean techniques to the development, test and deployment of software, waste is reduced and staff are freed up to work on more important tasks. By following a continuous delivery model, release cycles shift from a matter of months to weeks or days.
In this presentation, we will look at the key tools and processes involved in transitioning from a manual culture to one that embraces automation. We will look at real world examples, including the tools and architectural components. We will discuss organizational impacts, including the dramatic improvements in morale as team delivery commitments are met more easily through automation.
Troubleshoot Virtualization in All Its Guises: Server, Desktop and SDN.
The benefits of virtualization are well-known and widely accepted, from cost savings and efficiency, to disaster recovery and flexibility. But it’s probably not until you are firmly on the path to virtualization that you start to think about the operational aspects.
Virtualization comes in many guises; the most common is server virtualization. Virtual desktop infrastructure (VDI) – including products such as Citrix XenDesktop/XenApp or VMware View – is a close second. Software-defined networking (SDN), although in its nascence, is also under heavy scrutiny.
Each of these virtualization technologies has one thing in common: they are incredibly difficult to monitor and troubleshoot. In this slide show you will learn how Riverbed Cascade 10.0 provides a single, unified interface to monitor and troubleshoot these many virtualization guises. To learn more please visit: www.riverbed.com/cascade
Why it is profitable to use static analysis, how can it solves problems for developers, testing, security researches and quality managers.
This session gives overview of static analysis - what is it for, what problems it solves, overview of commercial and free tools available as eclipse plugins (for JDT and CDT), how to adapt it for the organization to help developers.
Effective Strategies for Distributed TestingAnand Bagmar
Thoughts, experiences and case studies on how to convert Testing principles into practices. We focus on the practices of making testing effective on distributed teams by keeping things simple, yet effective.
http://testing.thoughtworks.com/events/effective-strategies-distributed-testing
Agile Australia Conference 2011 - Devops live accounts- continuous delivery_stNish Mahanty
Presentation at Agile Australia 2011 http://www.agileaustralia.com.au/2011/topics-day-one.html#liveaccounts-devops
Nish Mahanty - Software Delivery Manager, MYOB
» Lawrence Song - Technical Architect, MYOB
Live Accounts is an online accounting application. It was a 10 year-old legacy system with complex architecture and no test or build scripts. The manual deployment was quite complex, involving deploying one Java application and three DotNet applications to three windows servers.
Over the past six months, MYOB has progressed incrementally from manual build and deploy processes based on Perforce, to CI and semi-automated deployments (using Perforce, Hudson, Maven,) to fully automated delivery (using Go, Git, Rake). This talk summarises that journey, and explores the technical challenges and lessons-learned.
MYOB has measured the increase in number of deployments, decrease in deployment issues, and decrease in deployment time over the six months. Developers were working closely with Ops to understand the pain points and automated the deployment process as much as possible to make their lives easier.
This talk explains the business problem and how to begin the incremental, iterative, adaptive journey to Continuous Delivery for a complex legacy system, illustrated with data and technical tips.
Attendees will discover:
» The value argument for Continuous Delivery
» Clear steps on how to integrate DevOps and progress on the automation journey
» Insights into a common set of tools, with the opportunity for a technical in-depth pros and cons discussion
Similar to Stop Writing Assertions! Efficient Verification Methodology (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. Todays Talk
An Overview of Methodology Creation
Methodology as User Interface
Making ESL work as a Hardware Design Flow
Evolution of a Interface Definition Language
Transaction Level Assertions
Transaction Level Debug
NVIDIA Confidential
3. A HW Development Flow
Big Paper Spec
ISS Model
Verification Coverage
Debug
Design
Testbench Checkers Tests
RTL Synthesis
Clocks, Resets C Model Directed
Assertions
BFMs, Assertions Random
TLMs Scoreboard Formal
NVIDIA Confidential
4. User Model for Running Tests
Build Run
Testbench Predictor
* Generate Compare
Test Behaviors
Run
DUT
NVIDIA Confidential
6. Purpose of a Flow
Conceptual Framework
Where do things live?
How do things work?
Keep out of the way
Don’t make life difficult for people
Define Metaphors
Subtly influence future directions
Anchor for Variation
Give people something to complain about
NVIDIA Confidential
7. Two Philosophies
Conformity
Emphasize Standardization
Diversity
Emphasize Innovation
Synergy or Conflict?
NVIDIA Confidential
8. Understanding Variation
To understand what to standardize:
you need to understand what not to standardize
Personal Preferences
Technical Aspects of the Designs
Supporting Legacy
Seeking the Next Big Thing
NVIDIA Confidential
10. Personal Preferences
Choice of editor doesn’t affect others
At least, not much
Choice of scripting language has greater impact
But is encapsulated
A script’s users don’t see the implementation language
Choice of HVL affects whole team
Can’t write “E” tests for a “Vera” testbench!
But a unit testbench isn’t seen by other units
A good flow will allow encapsulation of preferences
I can go to any unit and build & run its tests
Enables rapid localization of infrastructure issues
NVIDIA Confidential
12. Technical Characteristics
P Graphics Pipe
C
I Frame
E Video
Buffer
Off-chip Memory
NVIDIA Confidential
13. Reuse Vs Stagnation
Reuse considered Good
Avoid reinventing the wheel
Build on the shoulders of giants
Reuse invites Inertia
Reuse can propagate dependencies
Dependencies make things harder to change
Resistance to change is known as inertia
Inertia can lead to Stagnation
Improper reuse accumulates dependencies
Reused code that is not understood will bit-rot
To avoid stagnation, inject agitation
NVIDIA Confidential
14. Are Single Paradigm Projects Possible?
Paradigm 1 Unit A
Unit B Unit B Unit B
Paradigm 2
Unit C Unit C
Paradigm 3 Unit D
time
Project 1 Project 2 Project 3
NVIDIA Confidential
15. Watch some Real Users
NVIDIA Confidential Image courtesy of DAZ Productions
16. How to “Watch” Users
Meetings and Discussions
Coffee-Break Grousing
Bug Reports
Keep Track of Support Requests
create FAQs
VNC (Remote Desktop)
Instrumentation
NVIDIA Confidential
17. Build Time Distribution: 10,000 per sample
100%
90%
80% > 1 hour
< 1 hour
70%
< 30 min
60% < 15 min
< 10 min
50%
< 5 min
40% < 2 min
< 1 min
30%
< 30 sec
20% < 20 sec
10%
0%
NVIDIA Confidential
18. Build Time Distribution: 1000 per sample
100%
90%
80% > 1 hour
< 1 hour
70%
< 30 min
60% < 15 min
< 10 min
50%
< 5 min
40% < 2 min
< 1 min
30%
< 30 sec
20% < 20 sec
10%
0%
NVIDIA Confidential
20. A HW Development Flow (BAD)
Big Paper Spec
ISS Model
Verification Coverage
Debug
Design
Testbench Checkers Tests
RTL Synthesis
Clocks, Resets C Model
Assertions Directed
BFMs, Assertions
Randoms
TLMs Scoreboard
NVIDIA Confidential
21. A HW Development Flow (BAD)
Big Paper Spec
ISS Model
Verification Coverage
Debug
Design
Testbench Checkers Tests
RTL Synthesis
Clocks, Resets C Model
Assertions Directed
BFMs, Assertions
Randoms
TLMs Scoreboard
NVIDIA Confidential
22. A HW Development Flow (Better)
Small Paper Spec
Coverage
Triage
ISS Model ESL
Verification
C Model Debug
Interfaces Testbench Randoms
Validation Design
Assertions
TLMs RTL Scoreboards
Directed Tests BFMs Assertions
Clocks, Resets
Synthesis
NVIDIA Confidential
23. Who Writes Assertions?
Designers
Bottom Up Assumptions
Verification Engineers
Top-down Intent
NVIDIA Confidential
24. Who Writes Assertions?
Designers
Bottom Up Assumptions
Verification Engineers
Top-down Intent
Architects
The Specification
Top Down Assumptions
Bottom Up Intent
NVIDIA Confidential
25. Where to Write Assertions
The RTL
Inline
Bound
The Testbench
Scoreboard
Environment
E.g. Post Process Log file
NVIDIA Confidential
26. Where to Write Assertions
The RTL
Inline
Bound
The Testbench
Scoreboard
Environment
Post Process Log files
The Specification
C Models (?)
NVIDIA Confidential
27. Where To Write Specification Assertions
Functionality
Model
RTL
Design
Performance
Model
NVIDIA Confidential
28. Where To Write Specification Assertions
ISS Model
Transaction
Model
Correlation RTL
Model Design
Performance
Model
Debug/Triage
Model
NVIDIA Confidential
29. Where To Write Specification Assertions
Transaction
Model
Structural RTL
Model Design
Performance
Model
NVIDIA Confidential
30. Interfaces Vs State
Two approaches to comparing models:
Compare “Architectural State”
Registers/flops within the design whose existence is
required by the specification
Compare externally visible behavior
Compare interface traffic
B. F. Skinner?
NVIDIA Confidential
31. Birth of an IDL
Interface Description Language
Initially, a language just to define signals
Interface a2b
clock clk
down U valid 1
up U busy 1
down U cmd 24
down U data 32
NVIDIA Confidential
32. Evolution of an IDL
Quickly added flow-control protocol abstraction
Interface a2b
clock clk
flow valid_busy
down U cmd 24
down U data 32
From this we can generate:
Testbench components (BFMs: producers, consumers)
Protocol Assertions
…
NVIDIA Confidential
33. Continued Evolution of an IDL
Separation of packet structure from interface
group SOP
down U cmd 24
group MOP
down U data 32
group EOP
down U checksum 32
Interface a2b
clock clk
flow valid_busy
packet SOP, MOP, EOP
NVIDIA Confidential
40. Multi-Unit Assemblies
A B C D E F G
a2b b2c c2d d2e e2f f2g
A simple pipeline
NVIDIA Confidential
41. Multi-Unit Assemblies
a2b b2c c2d
A B C D
d2e E F G
e2f f2g
Simple rearrangement
NVIDIA Confidential
42. Multi-Unit Assemblies
a2b b2c c2d
A B C D
d2e E F G
e2f f2g
Identify units with similar behaviors
NVIDIA Confidential
43. Multi-Unit Assemblies
d2be cf2d
D
B be2cf C
a2be E F
A cf2g
G
Extract common behavior into unified components
be2cf === b2c + e2f
NVIDIA Confidential
44. Reusing Interface Definitions
A B C D E F G
D
B C
E F
A G
How to maximize reuse between these two architectures?
NVIDIA Confidential
45. Packets as Traffic Streams
group b2c
down U data 32
group e2f
down U data 32
Interface be2cf
clock clk
flow valid_credit
packet b2c, e2f
NVIDIA Confidential
46. Time Units of Temporal Expressions
Group b2c
down U value 4
assert value != past( value )
Group e2f
down U value 4
assert ( value == 0 ) => ( past( value ) != 0 )
Interface be2cf
packet b2c, e2f
assert b2c => ( b2c.value != past( b2c.value :sample(b2c) ) )
assert past( e2f && e2f.value == 0 ) => (b2c && b2c.value != 0)
NVIDIA Confidential
48. The Traffic
group mem_write
down U address 16
down U data 1
group sync
down U shape 2
enum SQUARE, CIRCLE, TRIANGE, BLANK
down U radius 3
NVIDIA Confidential
49. Accumulate Memory State
group mem_write
down U address 16
down U data 1
assign mem[ x = 0 .. 15 ][ y = 0 .. 15 ]
= past( data :sample( address == {x,y} ))
NVIDIA Confidential
55. Summary
Architects should write assertions
Validated assertions are input to Verification
Assertions must be directly reusable across models
Manual recoding invites errors
Explicitly model the structure that is common to
architectural models and to design
Tie assertions to these common points
NVIDIA Confidential
56. Threading Models
Thread Follows Resource
Traditional SystemC approach
Thread Follows Transaction
Think “Multithreaded ISS”
Cycle-based Model
The “Old” way of doing things
A non-threaded version of “thread follows resource”
Different models are convenient at various times
But SystemC forces you to commit early to one approach
Therefore need extra code for transaction level debug
NVIDIA Confidential
57. 70%
70% of schedule is Verification
What is correct figure
0%
synthesize architectural models, constraints
Correct by construction!
100%
synthesize verification models, constraints
no design needed!
NVIDIA Confidential
58. Transactions Vs Cycles
Data min_val (Addr a1, Addr a2)
Pipelined Bus
{
Data d1 = mem_read(a1);
Data d2 = mem_read(a2); t2 t3 t4
t1 t5 t6
if (d1 < d2) Address a1 a2
return d1;
else Data d1 d2
return d2;
}
NVIDIA Confidential
59. Unit Level System Testing
Graphics Pipeline (Transaction Model)
Stage Stage Stage
N-1 N N+1
RTL
DIFF
Unit
NVIDIA Confidential
60. Avoiding Stagnation
New Challenges
New Tools
New Platforms
New People
New Ideas
Refactoring
Testability
D.R.Y.
NVIDIA Confidential