Un1Gfn/COSCUP2019.txt

## COSCUP2019.txt
COSCUP2019.txt

bit.ly/BoF2019

議程
專案
www.ospn.jp

ELF
Section Header Table
Program Header Table
readelf -h /bin/ls

Program Header
Type
Operation
Memory address
Caliberation

ELF Section Header

ltrace library call
gcc -o hello hello.c
ltrace ./hello
compiler avoids printf()

set breakpoints w/ ptrace()

Global Offset Table
waste of time

動態連結 PLT
code->PLT->GOT->PLT
code->PLT->GOT->code
static compiling kills ltrace

strip
.debug_xxx
.symtab
.strtab

MODULE_LICENSE

malicious edit of GOT data
malicious execution before executable locates printf()
defend w/ RELRO or partial RELRO (RO=ReadOnly)

readelf verifies BFD w/o calling BFD library

Book: Linker and Loader

objdump

---

Learn to test and then test to learn
automated tests

End-to-end Testing
from start to end

Pitfalls
learning curve
hard to build & maintain
difficult to identify defects
slow feedback
Realistic enough
Worthy?

poor readability of test code

Example: Report System - web form page create report
tedious work of enumerating all cases
build storage for test environment time consuming

Underestimating the amount of effort it takes to maintain automated testing

Test Pyramid
Manual Exploratory Testing
Automated e2e tests
...
Automated Component Tests
Automated Unit Tests (py unittest framework) TDD
NG Manual Regression Testing
NG icecream-cone anti-pattern

reason: code is not unitestable

Why should I know A when I test B?

Mocking in Unit Testing
Mock External SDKs/APIs

Don't Mock Types You Don't Own

Effective testing x maintainable test code

---

Yoshinori Matsumoto
Capy Inc.
cloud CAPTCHA services

puzzle NG

The Cyber Range

CSIRT
cyber security team increases w/ the increasing incidents
but number of security expert is limited
education
active learning (experiencing incidents)

hackernoon
Cyber Range
InfoSec
MINI Hardening project since 2015 Japan

1 harden cryptocurrency/web form/stock web service
2 attack

SLA

Hardening project
1 month Prepare, Meeting
8 hour contest
1 day feedback

BLUE
Check Network Hardening
Incident Response Customer Support
Send Report

RED
HAcking
界王拳

Problems
install complex network system for every single blue team
long time to prepare servers
(HashiCorp)Packer+Terraform+Ansible+AWS auto deploy

packer
FOSS golden image creater
Extract servers for all teams then set up

Ansible
Server settings defined as roles

deploy servers w/ manual command line NG

HUMAN ERRORS
miss operations
power outage
臺灣駭客年會
極度堅固化

---

榎真治(えのきしんじ)

CJK issues
A function of CJK is broken
A bug occurs only w/ the CJK environment

To suppor tthe preservation of mother tongue
Many employees are European
hard to notice unless the user is CJK

Typical CJK functions in LibreOffice
Text Layout
  Vertical writing
  Phonetic guides (ruby)
  Line composition
Multibyte character

https://www.w3.org/TR/clreq
https://www.w3.org/TR/jlreq
https://www.w3.org/TR/klreq

Vertical text box

Line breaking rules/禁則処理
hanging punctuation
External character & Kanji variants
same meaning but different shape

Typical CJK issues
#110994 Alignment ignored when text grid bug

#111967 Vertical text in table formatted incorrectly (crash)
#96091 Noto Sans CJK fonts export to PDF wrong paragraph decoration location
#113481 IdeographicVariationSequence/IVS using case bug UCS+VS(字型選択子/じけいせんたくし)

depend on #83066 CJK meta issue
Not all CJK bugs can be tracked
#113193 TC
#113194 SC
#113195 JP
#113196 KR

Mark Hung

When changing the LibreOffice code
New features/bug fixes
Regression

Occurs in certain environments
some case only the OS or other specific environments
If environment changes, product will need a fix

#113481 (prev)
developer need to understand unicode
hard to

Current status of testing
not well tested for CJK bugs
Many do not report
  Language barrier
General users of office suites are not used to OSS bug reports

Bug hunting session
  released every 6 months
  a day for bug hunting 2-3 times before release

Manual testing out of management

Create test cases from existing CJK bug reports
Create test cases from common CJK bugs of other software
Risk analysis, create tests for high-risk functions

Quality feedback from users is important
Bug triage
Support vendors receive feedback

It's important that people who understand CJK languages test and report

---

FREENAS
FreeBSD + OpenZFS
WebGUI一番洗練
iXsystems

XIGMANAS

---

搜尋文獻
外文能力
學術搜尋能力
耐心 時間

評價文獻品質
還是外文能力
還是學術搜尋能力
還是耐心 時間

拆解重組成爲文章

魔王関
會用維基百科編輯器

廣告 假新聞
維基百科上的醫學内容簡直一團糟
喔，那其實你可以自己寫

Cochrane Library
新論文->社群更新
離綫維基百科
維基醫學期刊

臺灣醫學社群工作模式
英文維基->協作平臺->維基百科

Doctor Shopping

---

維基導游
網路旅游指南手冊
維基導游講求原創敘述
維基百科要求文獻資料

飲食景點交通夜生活學習 衣食住行娛樂

2004維客旅行
2006商業分離
2012

wikivoyage.org

條目類型
旅游路綫

合作
OSM
維基數據
維基共享資源

https://en.wikivoyage.org/wiki/Hong_Kong/Southern_District
https://en.wikivoyage.org/wiki/Hong_Kong#By_Mass_Transit_Railway
	COSCUP2019.txt

	bit.ly/BoF2019

	議程
	專案
	www.ospn.jp

	ELF
	Section Header Table
	Program Header Table
	readelf -h /bin/ls

	Program Header
	Type
	Operation
	Memory address
	Caliberation

	ELF Section Header

	ltrace library call
	gcc -o hello hello.c
	ltrace ./hello
	compiler avoids printf()

	set breakpoints w/ ptrace()

	Global Offset Table
	waste of time

	動態連結 PLT
	code->PLT->GOT->PLT
	code->PLT->GOT->code
	static compiling kills ltrace

	strip
	.debug_xxx
	.symtab
	.strtab

	MODULE_LICENSE

	malicious edit of GOT data
	malicious execution before executable locates printf()
	defend w/ RELRO or partial RELRO (RO=ReadOnly)

	readelf verifies BFD w/o calling BFD library

	Book: Linker and Loader

	objdump

	---

	Learn to test and then test to learn
	automated tests

	End-to-end Testing
	from start to end

	Pitfalls
	learning curve
	hard to build & maintain
	difficult to identify defects
	slow feedback
	Realistic enough
	Worthy?

	poor readability of test code

	Example: Report System - web form page create report
	tedious work of enumerating all cases
	build storage for test environment time consuming

	Underestimating the amount of effort it takes to maintain automated testing

	Test Pyramid
	Manual Exploratory Testing
	Automated e2e tests
	...
	Automated Component Tests
	Automated Unit Tests (py unittest framework) TDD
	NG Manual Regression Testing
	NG icecream-cone anti-pattern

	reason: code is not unitestable

	Why should I know A when I test B?

	Mocking in Unit Testing
	Mock External SDKs/APIs

	Don't Mock Types You Don't Own

	Effective testing x maintainable test code

	---

	Yoshinori Matsumoto
	Capy Inc.
	cloud CAPTCHA services

	puzzle NG

	The Cyber Range

	CSIRT
	cyber security team increases w/ the increasing incidents
	but number of security expert is limited
	education
	active learning (experiencing incidents)

	hackernoon
	Cyber Range
	InfoSec
	MINI Hardening project since 2015 Japan

	1 harden cryptocurrency/web form/stock web service
	2 attack

	SLA

	Hardening project
	1 month Prepare, Meeting
	8 hour contest
	1 day feedback

	BLUE
	Check Network Hardening
	Incident Response Customer Support
	Send Report

	RED
	HAcking
	界王拳

	Problems
	install complex network system for every single blue team
	long time to prepare servers
	(HashiCorp)Packer+Terraform+Ansible+AWS auto deploy

	packer
	FOSS golden image creater
	Extract servers for all teams then set up

	Ansible
	Server settings defined as roles

	deploy servers w/ manual command line NG

	HUMAN ERRORS
	miss operations
	power outage
	臺灣駭客年會
	極度堅固化

	---

	榎真治(えのきしんじ)

	CJK issues
	A function of CJK is broken
	A bug occurs only w/ the CJK environment

	To suppor tthe preservation of mother tongue
	Many employees are European
	hard to notice unless the user is CJK

	Typical CJK functions in LibreOffice
	Text Layout
	Vertical writing
	Phonetic guides (ruby)
	Line composition
	Multibyte character

	https://www.w3.org/TR/clreq
	https://www.w3.org/TR/jlreq
	https://www.w3.org/TR/klreq

	Vertical text box

	Line breaking rules/禁則処理
	hanging punctuation
	External character & Kanji variants
	same meaning but different shape

	Typical CJK issues
	#110994 Alignment ignored when text grid bug

	#111967 Vertical text in table formatted incorrectly (crash)
	#96091 Noto Sans CJK fonts export to PDF wrong paragraph decoration location
	#113481 IdeographicVariationSequence/IVS using case bug UCS+VS(字型選択子/じけいせんたくし)

	depend on #83066 CJK meta issue
	Not all CJK bugs can be tracked
	#113193 TC
	#113194 SC
	#113195 JP
	#113196 KR

	Mark Hung

	When changing the LibreOffice code
	New features/bug fixes
	Regression

	Occurs in certain environments
	some case only the OS or other specific environments
	If environment changes, product will need a fix

	#113481 (prev)
	developer need to understand unicode
	hard to

	Current status of testing
	not well tested for CJK bugs
	Many do not report
	Language barrier
	General users of office suites are not used to OSS bug reports

	Bug hunting session
	released every 6 months
	a day for bug hunting 2-3 times before release

	Manual testing out of management

	Create test cases from existing CJK bug reports
	Create test cases from common CJK bugs of other software
	Risk analysis, create tests for high-risk functions

	Quality feedback from users is important
	Bug triage
	Support vendors receive feedback

	It's important that people who understand CJK languages test and report

	---

	FREENAS
	FreeBSD + OpenZFS
	WebGUI一番洗練
	iXsystems

	XIGMANAS

	---

	搜尋文獻
	外文能力
	學術搜尋能力
	耐心時間

	評價文獻品質
	還是外文能力
	還是學術搜尋能力
	還是耐心時間

	拆解重組成爲文章

	魔王関
	會用維基百科編輯器

	廣告假新聞
	維基百科上的醫學内容簡直一團糟
	喔，那其實你可以自己寫

	Cochrane Library
	新論文->社群更新
	離綫維基百科
	維基醫學期刊

	臺灣醫學社群工作模式
	英文維基->協作平臺->維基百科

	Doctor Shopping

	---

	維基導游
	網路旅游指南手冊
	維基導游講求原創敘述
	維基百科要求文獻資料

	飲食景點交通夜生活學習衣食住行娛樂

	2004維客旅行
	2006商業分離
	2012

	wikivoyage.org

	條目類型
	旅游路綫

	合作
	OSM
	維基數據
	維基共享資源

	https://en.wikivoyage.org/wiki/Hong_Kong/Southern_District
	https://en.wikivoyage.org/wiki/Hong_Kong#By_Mass_Transit_Railway