The document discusses approaches for developing perfect programs, including maintainable, efficient, and correct code. It advocates for testing programs through assertions, random testing, symbolic execution, and using types. Specific tools mentioned for random testing include QuickCheck, FsCheck, and ScalaCheck. The document also discusses using constraint solvers like Z3 and dynamic symbolic execution tools like Pex to generate more comprehensive test cases. It notes limitations in testing nondeterministic code, concurrency, and constraint solver capabilities. Overall the document evaluates different testing strategies for developing correct programs.
Introducing OpenWhisk GitHubSlack Bot:
https://github.com/openwhisk/openwhisk-GitHubSlackBot
Blog article is at:
https://medium.com/openwhisk/openwhisk-drinking-our-own-champagne-c29a0dd04bee#.jccnv9rd1
Topics in intermediate/early-advaned Jasmine testing for client-side JavaScript web applications.
Source code, test specs, and harnesses available here:
https://github.com/jbellsey/dbc-jasmine
Introducing OpenWhisk GitHubSlack Bot:
https://github.com/openwhisk/openwhisk-GitHubSlackBot
Blog article is at:
https://medium.com/openwhisk/openwhisk-drinking-our-own-champagne-c29a0dd04bee#.jccnv9rd1
Topics in intermediate/early-advaned Jasmine testing for client-side JavaScript web applications.
Source code, test specs, and harnesses available here:
https://github.com/jbellsey/dbc-jasmine
Mutiny on the JVM: Taming Complexity in the Heart of Reactive JavaJeremy Davis
Reactive Programming has fascinated (and confounded) developers since Microsoft’s Cloud Programmability Team released the first version of Reactive Extensions for .NET.
RxJava enables Netflix to deliver at massive scale, is a fixture in Android development, and is frequently used in combination with RxJS for web development.
Reactive toolkits like Eclipse Vert.x and Lightbend’s Akka have powered distributed, high volume applications from the edge to the cloud.
Spring’s Reactor project renamed many of the RxJava constructs, but did little to help ease of use or flatten the substantial learning curve.
Java 8 embraced reactive programming with the introduction of Streams, Lambdas, CompletionStage, and CompletableFuture. Unfortunately Java 8 also delivered a substantial learning curve.
Mutiny to the rescue! SmallRye Mutiny is a reactive library that distills Reactive Programming into 2 simple concepts: Multi and Uni.
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...Puppet
Continuously Deliver Your Puppet Code with Jenkins, r10k and Git (Intermediate) - Toni Schmidbauer, IT Solutions at Spardat GmbH given at Puppet Camp Düsseldorf 2014
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneDavid Glick
Using real issues encountered in the wild, this session will help beginning integrators gain confidence in knowing what to do when Plone fails to behave as expected. Learn how to solve common problems like "My changes aren't taking effect" and "My Zope instance won't start," as well as how to use pdb to investigate more complex Python errors.
This talk is targeted at integrators who have some experience with Plone, but who are not confident in troubleshooting errors and other unexpected behavior. Knowledge of Python is not required, though at least a cursory familiarity with some programming language will make the talk more digestible.
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
We go through the current APIs for creating offline capable web apps such as LocalStorage, App Cache and a bit of IndexedDB. We also take a look at the work going behind the new solution "ServiceWorker" and how it may change the game.
Demo to support the presentation is here: https://github.com/nrooney/offlineanime
Brighton SEO 2021 - A Deep Dive into the Depths of DevToolsChrisJohnson792
Brighton SEO 2021 - A Deep Dive into the Depths of DevTools
Resources for all the code snippets and more from this talk can be found here: https://defaced.dev/talks/brightonseo-depths-of-devtools/
A very gentle introduction to Elm, based on personal experience. Includes steps to create a small tic-tac-toe on Elm that you publish on GitHub pages. Accompanying source on GitHub.
Bugs found in GCC with the help of PVS-StudioPVS-Studio
I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked. Unquestionably, GCC is a very qualitative and well-tested project, that's why it's already a great achievement for a tool to find any errors in it. Fortunately, PVS-Studio coped with this task. No one is immune to typos or carelessness. This is why the PVS-Studio can become an additional line of defense for you, on the front of the endless war against bugs.
This is the deck presented at the Test Fanatics Meetup in San Francisco. Most of the presentation was live demo -- so, if you'd like to see that, I'm always happy to give one. :) Or head over to GhostInspetor.com and try it yourself.
Monoids, Store, and Dependency Injection - Abstractions for Spark Streaming JobsRyan Weald
Talk I gave at a Spark Meetup on 01/16/2014
Abstract:
One of the most difficult aspects of deploying spark streaming as part of your technology stack is maintaining all the job associated with stream processing jobs. In this talk I will discuss the the tools and techniques that Sharethrough has found most useful for maintaining a large number of spark streaming jobs. We will look in detail at the way Monoids and Twitter's Algebrid library can be used to create generic aggregations. As well as the way we can create generic interfaces for writing the results of streaming jobs to multiple data stores. Finally we will look at the way dependency injection can be used to tie all the pieces together, enabling raping development of new streaming jobs.
Mutiny on the JVM: Taming Complexity in the Heart of Reactive JavaJeremy Davis
Reactive Programming has fascinated (and confounded) developers since Microsoft’s Cloud Programmability Team released the first version of Reactive Extensions for .NET.
RxJava enables Netflix to deliver at massive scale, is a fixture in Android development, and is frequently used in combination with RxJS for web development.
Reactive toolkits like Eclipse Vert.x and Lightbend’s Akka have powered distributed, high volume applications from the edge to the cloud.
Spring’s Reactor project renamed many of the RxJava constructs, but did little to help ease of use or flatten the substantial learning curve.
Java 8 embraced reactive programming with the introduction of Streams, Lambdas, CompletionStage, and CompletableFuture. Unfortunately Java 8 also delivered a substantial learning curve.
Mutiny to the rescue! SmallRye Mutiny is a reactive library that distills Reactive Programming into 2 simple concepts: Multi and Uni.
Puppet Camp Düsseldorf 2014: Continuously Deliver Your Puppet Code with Jenki...Puppet
Continuously Deliver Your Puppet Code with Jenkins, r10k and Git (Intermediate) - Toni Schmidbauer, IT Solutions at Spardat GmbH given at Puppet Camp Düsseldorf 2014
When Good Code Goes Bad: Tools and Techniques for Troubleshooting PloneDavid Glick
Using real issues encountered in the wild, this session will help beginning integrators gain confidence in knowing what to do when Plone fails to behave as expected. Learn how to solve common problems like "My changes aren't taking effect" and "My Zope instance won't start," as well as how to use pdb to investigate more complex Python errors.
This talk is targeted at integrators who have some experience with Plone, but who are not confident in troubleshooting errors and other unexpected behavior. Knowledge of Python is not required, though at least a cursory familiarity with some programming language will make the talk more digestible.
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
We go through the current APIs for creating offline capable web apps such as LocalStorage, App Cache and a bit of IndexedDB. We also take a look at the work going behind the new solution "ServiceWorker" and how it may change the game.
Demo to support the presentation is here: https://github.com/nrooney/offlineanime
Brighton SEO 2021 - A Deep Dive into the Depths of DevToolsChrisJohnson792
Brighton SEO 2021 - A Deep Dive into the Depths of DevTools
Resources for all the code snippets and more from this talk can be found here: https://defaced.dev/talks/brightonseo-depths-of-devtools/
A very gentle introduction to Elm, based on personal experience. Includes steps to create a small tic-tac-toe on Elm that you publish on GitHub pages. Accompanying source on GitHub.
Bugs found in GCC with the help of PVS-StudioPVS-Studio
I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked. Unquestionably, GCC is a very qualitative and well-tested project, that's why it's already a great achievement for a tool to find any errors in it. Fortunately, PVS-Studio coped with this task. No one is immune to typos or carelessness. This is why the PVS-Studio can become an additional line of defense for you, on the front of the endless war against bugs.
This is the deck presented at the Test Fanatics Meetup in San Francisco. Most of the presentation was live demo -- so, if you'd like to see that, I'm always happy to give one. :) Or head over to GhostInspetor.com and try it yourself.
Monoids, Store, and Dependency Injection - Abstractions for Spark Streaming JobsRyan Weald
Talk I gave at a Spark Meetup on 01/16/2014
Abstract:
One of the most difficult aspects of deploying spark streaming as part of your technology stack is maintaining all the job associated with stream processing jobs. In this talk I will discuss the the tools and techniques that Sharethrough has found most useful for maintaining a large number of spark streaming jobs. We will look in detail at the way Monoids and Twitter's Algebrid library can be used to create generic aggregations. As well as the way we can create generic interfaces for writing the results of streaming jobs to multiple data stores. Finally we will look at the way dependency injection can be used to tie all the pieces together, enabling raping development of new streaming jobs.
An introduction to the kafka stream processing platform. The presentation gives a small introduction into stream processing and furthermore explains how kafka streams and kafka connect are used together to implement realtime stream processing flows.
(video of these slides available here http://fsharpforfunandprofit.com/fppatterns/)
In object-oriented development, we are all familiar with design patterns such as the Strategy pattern and Decorator pattern, and design principles such as SOLID.
The functional programming community has design patterns and principles as well.
This talk will provide an overview of some of these, and present some demonstrations of FP design in practice.
Pressentaion by Roelof Temmingh at blackhat USA in 2005.
This presentation is about the methodology behind the bidiblah tool. A tool developed by Roelof Temmingh which automates the foot-printing and discovery process.
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
Goals of this Presentation:
- Outline and provide an actionable methodology for effectively and efficiently testing for, and finding security vulnerabilities in web applications
- Cover common vulnerability classes/types/categories from a high level
- Provide useful tools and processes that you can take right out into the world to immediately improve your own bug hunting abilities
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program. The presentation covers types of fuzzers and describes how they work. We will write and run a real fuzzer. Also it shows how fuzzers can guess correct CRC checksums, help with regression testing and find logical bugs in programs. Finally, it summarizes fuzzing usage at Google.
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioAndrey Karpov
The Microsoft company has recently made a present to all programmers eager to dig into some interesting stuff: they revealed the source codes of MS-DOS v 1.1, v 2.0 and Word for Windows 1.1a. The MS-DOS operating system is written in assembler, so the analyzer cannot be applied to it. But Word is written in C. Word 1.1a's source codes are almost 25 years old, but we still managed to analyze it. There's no practical use of it, of course. Just for fun.
There are lots of talks about testing: they talk about syntax, methodologies, tools. But there is usually a missing point: Why it is important to do a test? What is important to test? What is not important to test? How to do testing?
There lots of examples in plnker just to see each step, and many surprises.
This talk is good for beginners, but also for some seasoned people that just want to light up some of the ideas that they might have been hatching.
Spoiler alert: testing will save you development time.
Can you go faster with less weight? In 45 minutes, I build a web server with an address book with tests firsts and no frameworks. What can you do if you really understand what's going on?
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
Derbycon 2011
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
7. WELL, NOT THAT FAST
Dear <…>
…
We see XYZException!!!.............!
where n = enough for you to feel miserable
n times
8. OK, LET’S TEST IT
1. Choose your favourite library
(good chances it’s .*Unit)
2. Write some tests
aand
3. XYZException has gone
9. THE PROBLEM, PART 1
But…
- they only check what you think a
program should do, not what it
actually should do
- ... on what you think is all possible
inputs
10. RANDOMIZE IT
Throw the thousands of inputs into
your program with
- QuickCheck (Haskell)
- FsCheck (F#)
- ScalaCheck (Scala)
- or something else
15. I WILL BUILD MY OWN
TEST GENERATOR
let f x y =
if x < 10 then x
else if x = 42 then
failwith “42”
else 1 / y
x < 10 or x >= 10
x = 42 or x <> 42
y = 0 or y <> 0
17. THE PROBLEM, PART 3
But it’s too complicated to do by
hands:
- too many cases,
- lots of overlapping paths,
- difficult to solve when the number
of variables grows,
- not everything is a quotation…
18. IDEA: USE A
CONSTRAINT SOLVER
- Check out Z3 homepage
- Try Z3 in your browser
- LINQ to Z3 (ch9 video and a post by
Bart de Smet)
Specially for fsharpers:
- Z3Fs on github
19. THERE’S A TOOL FOR
THAT – MEET PEX
- Dynamic symbolic execution
- Analyses .NET instructions
- Uses constraint solver to find the
inputs
20. PEX REFERENCES
- Project homepage
- Pex for fun in your browser
- Code Digger, addin for VS
- Code Hunt website
- Documentation, videos
and more
22. TEST GENERATION
Static:
- Conditional
statements
- Check the
formulas
satisfiability
Dynamic:
- Collect the
information during
the program
execution
- Unknown
environments
- Enhanced values
generation
- Better Performance
23. DYNAMIC EXECUTION
EXAMPLE
int obscure(int x, int y) {
if (x == hash(y)) return -1; // error
return 0;
}
“Compositional Dynamic Test Generation”,
Patrice Godefroid (paper)
24. THE PROBLEM, PART 4
Limitations:
- Nondeterministic cases (e.g. native
code)
- Concurrency
- Constraint solver limitations
25. MORE AND LESS
TYPES WITH F*
F* - an ML-like verification-oriented
language
- F* project homepage
- GitHub repo
- Try F* in your browser
27. THE PROBLEM, PART 5
- currently under development
- issues on mono
- in more complex cases, the errors
become quite cryptic
- you still need to come up with a
way to define the requirements, at
the type level
