Last active
August 27, 2019 03:59
-
-
Save Un1Gfn/8f467d3df6364563bec064b489fadce9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
COSCUP2019.txt | |
bit.ly/BoF2019 | |
議程 | |
專案 | |
www.ospn.jp | |
ELF | |
Section Header Table | |
Program Header Table | |
readelf -h /bin/ls | |
Program Header | |
Type | |
Operation | |
Memory address | |
Caliberation | |
ELF Section Header | |
ltrace library call | |
gcc -o hello hello.c | |
ltrace ./hello | |
compiler avoids printf() | |
set breakpoints w/ ptrace() | |
Global Offset Table | |
waste of time | |
動態連結 PLT | |
code->PLT->GOT->PLT | |
code->PLT->GOT->code | |
static compiling kills ltrace | |
strip | |
.debug_xxx | |
.symtab | |
.strtab | |
MODULE_LICENSE | |
malicious edit of GOT data | |
malicious execution before executable locates printf() | |
defend w/ RELRO or partial RELRO (RO=ReadOnly) | |
readelf verifies BFD w/o calling BFD library | |
Book: Linker and Loader | |
objdump | |
--- | |
Learn to test and then test to learn | |
automated tests | |
End-to-end Testing | |
from start to end | |
Pitfalls | |
learning curve | |
hard to build & maintain | |
difficult to identify defects | |
slow feedback | |
Realistic enough | |
Worthy? | |
poor readability of test code | |
Example: Report System - web form page create report | |
tedious work of enumerating all cases | |
build storage for test environment time consuming | |
Underestimating the amount of effort it takes to maintain automated testing | |
Test Pyramid | |
Manual Exploratory Testing | |
Automated e2e tests | |
... | |
Automated Component Tests | |
Automated Unit Tests (py unittest framework) TDD | |
NG Manual Regression Testing | |
NG icecream-cone anti-pattern | |
reason: code is not unitestable | |
Why should I know A when I test B? | |
Mocking in Unit Testing | |
Mock External SDKs/APIs | |
Don't Mock Types You Don't Own | |
Effective testing x maintainable test code | |
--- | |
Yoshinori Matsumoto | |
Capy Inc. | |
cloud CAPTCHA services | |
puzzle NG | |
The Cyber Range | |
CSIRT | |
cyber security team increases w/ the increasing incidents | |
but number of security expert is limited | |
education | |
active learning (experiencing incidents) | |
hackernoon | |
Cyber Range | |
InfoSec | |
MINI Hardening project since 2015 Japan | |
1 harden cryptocurrency/web form/stock web service | |
2 attack | |
SLA | |
Hardening project | |
1 month Prepare, Meeting | |
8 hour contest | |
1 day feedback | |
BLUE | |
Check Network Hardening | |
Incident Response Customer Support | |
Send Report | |
RED | |
HAcking | |
界王拳 | |
Problems | |
install complex network system for every single blue team | |
long time to prepare servers | |
(HashiCorp)Packer+Terraform+Ansible+AWS auto deploy | |
packer | |
FOSS golden image creater | |
Extract servers for all teams then set up | |
Ansible | |
Server settings defined as roles | |
deploy servers w/ manual command line NG | |
HUMAN ERRORS | |
miss operations | |
power outage | |
臺灣駭客年會 | |
極度堅固化 | |
--- | |
榎真治(えのきしんじ) | |
CJK issues | |
A function of CJK is broken | |
A bug occurs only w/ the CJK environment | |
To suppor tthe preservation of mother tongue | |
Many employees are European | |
hard to notice unless the user is CJK | |
Typical CJK functions in LibreOffice | |
Text Layout | |
Vertical writing | |
Phonetic guides (ruby) | |
Line composition | |
Multibyte character | |
https://www.w3.org/TR/clreq | |
https://www.w3.org/TR/jlreq | |
https://www.w3.org/TR/klreq | |
Vertical text box | |
Line breaking rules/禁則処理 | |
hanging punctuation | |
External character & Kanji variants | |
same meaning but different shape | |
Typical CJK issues | |
#110994 Alignment ignored when text grid bug | |
#111967 Vertical text in table formatted incorrectly (crash) | |
#96091 Noto Sans CJK fonts export to PDF wrong paragraph decoration location | |
#113481 IdeographicVariationSequence/IVS using case bug UCS+VS(字型選択子/じけいせんたくし) | |
depend on #83066 CJK meta issue | |
Not all CJK bugs can be tracked | |
#113193 TC | |
#113194 SC | |
#113195 JP | |
#113196 KR | |
Mark Hung | |
When changing the LibreOffice code | |
New features/bug fixes | |
Regression | |
Occurs in certain environments | |
some case only the OS or other specific environments | |
If environment changes, product will need a fix | |
#113481 (prev) | |
developer need to understand unicode | |
hard to | |
Current status of testing | |
not well tested for CJK bugs | |
Many do not report | |
Language barrier | |
General users of office suites are not used to OSS bug reports | |
Bug hunting session | |
released every 6 months | |
a day for bug hunting 2-3 times before release | |
Manual testing out of management | |
Create test cases from existing CJK bug reports | |
Create test cases from common CJK bugs of other software | |
Risk analysis, create tests for high-risk functions | |
Quality feedback from users is important | |
Bug triage | |
Support vendors receive feedback | |
It's important that people who understand CJK languages test and report | |
--- | |
FREENAS | |
FreeBSD + OpenZFS | |
WebGUI一番洗練 | |
iXsystems | |
XIGMANAS | |
--- | |
搜尋文獻 | |
外文能力 | |
學術搜尋能力 | |
耐心 時間 | |
評價文獻品質 | |
還是外文能力 | |
還是學術搜尋能力 | |
還是耐心 時間 | |
拆解重組成爲文章 | |
魔王関 | |
會用維基百科編輯器 | |
廣告 假新聞 | |
維基百科上的醫學内容簡直一團糟 | |
喔,那其實你可以自己寫 | |
Cochrane Library | |
新論文->社群更新 | |
離綫維基百科 | |
維基醫學期刊 | |
臺灣醫學社群工作模式 | |
英文維基->協作平臺->維基百科 | |
Doctor Shopping | |
--- | |
維基導游 | |
網路旅游指南手冊 | |
維基導游講求原創敘述 | |
維基百科要求文獻資料 | |
飲食景點交通夜生活學習 衣食住行娛樂 | |
2004維客旅行 | |
2006商業分離 | |
2012 | |
wikivoyage.org | |
條目類型 | |
旅游路綫 | |
合作 | |
OSM | |
維基數據 | |
維基共享資源 | |
https://en.wikivoyage.org/wiki/Hong_Kong/Southern_District | |
https://en.wikivoyage.org/wiki/Hong_Kong#By_Mass_Transit_Railway |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment