Michel Aubizzierre INFILTRATE Jan 12th 2012
|
|
- Tamsin Boyd
- 5 years ago
- Views:
Transcription
1 Michel Aubizzierre INFILTRATE Jan 12th 2012
2
3
4 Seagulls are the security researchers of the sea
5 Unearthing the world s greatest bugs
6
7
8
9
10
11
12
13
14
15
16
17 When I say: Automated testing <div id= box style= width: 1000px; padding-left: 337px; > </div> I want: document.getelementbyid( box ).offsetwidth == 1337px; PASS / FAIL
18 Merging master release security patch
19 WebKit It s different everywhere: Browsers, applications, embedded devices Architectures: x86, x64, ARM, MIPS Features: SVG, AudioContext, CSS Regions Heap allocator Performance: set-top-box, phone, laptop
20 WebKit had about 300 security bugs in 2011 Enough data for meaningful machine learning exercise
21 Also see How Open Should Open Source Be? TechRpts/2011/EECS pdf They used libsvm on Firefox version control and: committer invisible bug
22
23 Bug halflife Mean time between fix published in trunk and stable browser released: Chrome: 22 days Safari: 92 Days ios: 107 days Blackberry: Unknown, slower than ios itunes: Similar to ios and Safari webkitgtk: depends on vendor Other platforms don t have a half-life
24 Fastest fix chrome: 1 day (pwn2own), 7 days for regular bugs safari: 16 days ios: 34 days
25 Bugs remaining
26 Exploit TCO Shellcode Minimized Crash Get PC Stage 2./win { today we are optimizing this Not to scale
27 Is that browser vulnerable to this? Is there a stable browser out there vulnerable to this bug? Does Safari have the vulnerable code? Is it reachable in Safari? Is it exploitable in build 5.1A123 of Safari?
28 Is that browser vulnerable to this? For Chrome and Safari, there is some data available Relevant data is not present in version control This method will therefore not find it
29
30 Artificial Intelligence What is beauty? SMT solvers on a moonlit beach
31 Machine Learning If 1,1,0 1 and 1,0,1 1 and 0,1,1 0 1,0,0? one
32 Plan 0x00 Tell machine learning software what to do 0x04 Execute magical machine learning 0x08 Check results 0x0c Improve inputs 0x10 jmp 0x04
33 SVM Support Vector Machines you can consider it a black box expects inputs to be lists of numbers gives back numbers (almost) no parameters
34 SVM My question: Is commit security related? Expected answer: 1 (or 0) Commit must be modeled as list of numbers
35 Features Single attribute of an entity: References invisible bug? Message contains the word crash?
36 Enumerations Committer is Committer is Committer is Split into three attributes, is inferno, is cevans, is abarth [1, 0, 0], [0, 1, 0], [0, 0, 1] Expressed as sparse matrix: Only list attributes which aren t 0, e.g. 2:1
37 Training data Known correct answers Both positive and negative Commits 123, 456 are security fixes Commits abc, def are not security fixes
38 Cross validation Split training data n-ways For every set of (n-1) groups, do they correctly predict the remaining n
39 Cross validation Training data: A B C D E F Does A B C D predict E F Does A B E F predict C D Does C D E F predict A B
40 Features of security related commits Authored by member of the security team Reviewed by member of the security team Mentions a member of the security team Mentions a restricted bug The patch contains the word crash
41 Features of security related commits 2 Merged to a branch Merged by a member of the security team Merge reviewed by a member of the security team Message mentions keyword: crash, CVE, out of bounds, use after free, security
42 Features of boring commits Mentions keyword: build, flakiness, rebaseline, unreviewed, rolling out, null
43 Restricted bugs There are about bugs Curl them all Check for /You are not authorized/ Takes about a day
44 Going through the repo Git Master branch available on WebKit git Chromium branches through git-svn see
45 Going through the repo Grit ruby gem by GitHub Monkey patched: def by_security_team? WebKit::SECURITY_TEAM.include?(committer.to_s) end def reviewed_by_security_team?!!(review=~message) end
46 JSONize it { } "svn_rev":"95749", "committer":"andersca@apple.com", "by_security_team":false, "reviewed_by_security_team":false, "mentions_security_team":false, "restricted_bug":false, "keywords":["origin","crash","broke"], "crash_in_patch":true, "bug":68570
47 libsvmize it 1 1:1 2:0 3:0 4:1 5:0 6:1 7:1 8:0 18:1 71:1 #94857 merged 0 1:0 2:0 3:0 4:1 5:1 6:1 7:1 8:0 17:1 71:1 72:1 80:1 #94864 crash merged 1 1:0 2:0 3:0 4:1 5:1 6:1 7:1 8:0 17:1 71:1 72:1 79:1 80:1 #94905 crash, build merged -1 1:0 2:0 3:0 4:0 5:1 6:0 7:0 8:0 64:1 80:1 #94955 crash -1 1:0 2:0 3:0 4:0 5:1 6:1 7:0 8:0 17:1 73:1 80:1 #94982 crash merged 1 1:0 2:0 3:0 4:1 5:0 6:1 7:0 8:0 65:1 66:1 88:1 #95010 out-of-bounds merged -1 1:0 2:0 3:0 4:0 5:1 6:0 7:0 8:0 17:1 80:1 #95017 crash -1 1:0 2:0 3:0 4:0 5:0 6:0 7:0 8:0 39:1 94:1 #95785 unreviewed -1 1:0 2:0 3:0 4:0 5:0 6:0 7:0 8:0 60:1 # :0 2:0 3:0 4:0 5:0 6:0 7:0 8:0 42:1 94:1 #95787 unreviewed
48 ??? despite the name, libsvm is a set of command line tools for me:./svm-train -c 64 -nu inf.t &&./svm-predict inf inf.model inf.out && paste inf inf.out grep -v "\-1$"
49 Check results 0 1:0 2:0 3:0 4:1 5:1 6:1 7:1 8:0 17:1 67:1 71:1 80:1 95:1 #95791 use after free, crash merged 1 0 1:0 2:0 3:0 4:0 5:1 6:0 7:0 8:0 26:1 80:1 86:1 #95673 origin, crash 1 0 1:0 2:0 3:0 4:1 5:0 6:0 7:0 8:0 20:1 89:1 #95679 policy 1 0 1:0 2:0 3:0 4:1 5:1 6:1 7:1 8:0 17:1 71:1 #95689 merged 1 0 1:0 2:0 3:0 4:1 5:1 6:0 7:0 8:0 20:1 85:1 94:1 #95690 unreviewed, null 1 0 1:0 2:0 3:0 4:1 5:1 6:1 7:1 8:0 17:1 71:1 #95728 merged 1 0 1:0 2:0 3:0 4:0 5:1 6:0 7:0 8:0 86:1 #95729 origin 1 0 1:0 2:0 3:0 4:1 5:0 6:0 7:0 8:0 20:1 # :0 2:0 3:0 4:0 5:1 6:0 7:0 8:0 86:1 92:1 #95845 origin, security 1 0 1:1 2:0 3:0 4:1 5:0 6:1 7:1 8:0 18:1 71:1 #95857 merged 1 0 1:0 2:0 3:0 4:1 5:0 6:0 7:0 8:0 17:1 92:1 #95880 security 1 0 1:0 2:0 3:0 4:0 5:0 6:1 7:1 8:0 71:1 #95924 merged 1 0 1:0 2:0 3:0 4:0 5:0 6:1 7:1 8:0 71:1 #95959 merged 1 0 1:0 2:0 3:0 4:0 5:0 6:1 7:0 8:0 67:1 #96020 merged 1
50 It works improving the training set improves results commit message of false negatives & false positives give hints for new keyword features 80-90% success rate during cross validation
51 Bugs found through fuzzing source code review insider expertise
52 Types of bugs JIT bugs crypto bugs policy errors memory corruption
53
54 Photo thanks CC attribution / /
55 Thank
WEB DEVELOPER BLUEPRINT
WEB DEVELOPER BLUEPRINT HAVE A QUESTION? ASK! Read up on all the ways you can get help. CONFUSION IS GOOD :) Seriously, it s scientific fact. Read all about it! REMEMBER, YOU ARE NOT ALONE! Join your Skillcrush
More informationMobile Web Appplications Development with HTML5
Mobile Web Appplications Development with HTML5 Lab 1: The Challenge Claudio Riva Aalto University - Fall 2012 1 / 36 THE CHALLENGE OVERVIEW OF THE ASSIGNMENT WAY OF WORKING TEAMS DEVEVELOPMENT ENVIRONMENT
More informationCSE484/CSE584 BLACK BOX TESTING AND FUZZING. Dr. Benjamin Livshits
CSE484/CSE584 BLACK BOX TESTING AND FUZZING Dr. Benjamin Livshits Approaches to Finding Security Bugs 2 Runtime Monitoring Black-box Testing Static Analysis Fuzzing Basics 3 A form of vulnerability analysis
More informationConfiguration Management
Configuration Management VIMIMA11 Design and integration of embedded systems Budapest University of Technology and Economics Department of Measurement and Information Systems BME-MIT 2017 Configuration
More informationGit Branching for Agile Teams
Git Branching for Agile Teams Why use Git + agile? Git helps agile teams unleash their potential How? Developer First, let s review two pillars of agile 1 Build in narrow vertical slices Waterfall: can
More informationBuilding Page Layouts
Building Page Layouts HTML & CSS From Scratch Slides 3.1 Topics Display Box Model Box Aesthetics Float Positioning Element Display working example at: h9ps://;nker.io/3a2bf Source: unknown. Please contact
More informationIntroduction into browser hacking. Andrey Kovalev
Introduction into browser hacking Andrey Kovalev (@L1kvID) Who am I Security Engineer at Yandex Browser security enthusiast Public speaker (every ZeroNights since 2015) Author of @br0wsec channel (https://t.me/br0wsec)!3
More information1. Which of these Git client commands creates a copy of the repository and a working directory in the client s workspace. (Choose one.
Multiple-Choice Questions: 1. Which of these Git client commands creates a copy of the repository and a working directory in the client s workspace. (Choose one.) a. update b. checkout c. clone d. import
More informationb. Developing multiple versions of a software project in parallel
Multiple-Choice Questions: 1. Which of these terms best describes Git? a. Integrated Development Environment b. Distributed Version Control System c. Issue Tracking System d. Web-Based Repository Hosting
More informationGit Workflows. Sylvain Bouveret, Grégory Mounié, Matthieu Moy
s Sylvain Bouveret, Grégory Mounié, Matthieu Moy 2017 [first].[last]@imag.fr http://recherche.noiraudes.net/resources/git/git-workflow-slides.pdf 1 / 16 Goals of the presentation Global history: multiple
More informationCSC309 Winter Lecture 2. Larry Zhang
CSC309 Winter 2016 Lecture 2 Larry Zhang 1 Announcements Assignment 1 is out, due Jan 25, 10pm. Start Early! Work in groups of 2, make groups on MarkUs. Make sure you can login to MarkUs, if not let me
More informationBLACKBERRY PWNAGE THE BLUEJAY STRIKES
BLACKBERRY PWNAGE THE BLUEJAY STRIKES Federico Muttis Core Security Technologies Session ID: HTA-T19 Session Classification: Advanced INFO @ THE MEDIA http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
More informationA pixel is not a pixel. Peter-Paul Koch BlackBerry Jam, 6 February 2012
A pixel is not a pixel Peter-Paul Koch http://quirksmode.org http://twitter.com/ppk BlackBerry Jam, 6 February 2012 I. Pixels Pixels according to W3C The reference pixel is the visual angle of one pixel
More informationCPSC 491. Lecture 19 & 20: Source Code Version Control. VCS = Version Control Software SCM = Source Code Management
CPSC 491 Lecture 19 & 20: Source Code Version Control VCS = Version Control Software SCM = Source Code Management Exercise: Source Code (Version) Control 1. Pretend like you don t have a version control
More informationIdentifying Memory Corruption Bugs with Compiler Instrumentations. 이병영 ( 조지아공과대학교
Identifying Memory Corruption Bugs with Compiler Instrumentations 이병영 ( 조지아공과대학교 ) blee@gatech.edu @POC2014 How to find bugs Source code auditing Fuzzing Source Code Auditing Focusing on specific vulnerability
More informationETOOMANYCATS. How we produce OpenStack
ETOOMANYCATS How we produce OpenStack OpenStack is large & growing 90+ code repositories.6+ MLOC (+30 %) Stats by OpenStack is complex 9 integrated projects Each project is a framework OpenStack is painful
More informationAnalysis of MS Multiple Excel Vulnerabilities
Analysis of MS-07-036 Multiple Excel Vulnerabilities I. Introduction This research was conducted using the Office 2003 Excel Viewer application and the corresponding security patch for MS-07-036 - Vulnerabilities
More informationINET
INET Framework@GitHub Proposal: How to Collaborate on Model Development Andras Varga, Rudolf Hornig INET: Current Stand Several branches in private repositories i Several extensions various web sites Patches,
More informationIntroduction to Git and Github Repositories
Introduction to Git and Github Repositories Benjamin Audren École Polytechnique Fédérale de Lausanne 29/10/2014 Benjamin Audren (EPFL) CLASS/MP MP runs 29/10/2014 1 / 16 Version Control survey Survey Who
More informationBypassing Mitigations by Attacking JIT Server in Microsoft Edge
Bypassing Mitigations by Attacking JIT Server in Microsoft Edge Ivan Fratric Infiltrate 2018 About me Security researcher at Google Project Zero Previously: Google Security Team, Academia (UNIZG) Doing
More informationOracle JDeveloper/Oracle ADF 11g Production Project Experience
Oracle JDeveloper/Oracle ADF 11g Production Project Experience Andrejus Baranovskis Independent Oracle Consultant Red Samurai Consulting Oracle ACE Director Outline Project Reference Sample Development
More informationViewports. Peter-Paul Koch CSS Day, 4 June 2014
Viewports Peter-Paul Koch http://quirksmode.org http://twitter.com/ppk CSS Day, 4 June 2014 or: Why responsive design works Peter-Paul Koch http://quirksmode.org http://twitter.com/ppk CSS Day, 4 June
More informationTutorial 5 Working with Tables and Columns. HTML and CSS 6 TH EDITION
Tutorial 5 Working with Tables and Columns HTML and CSS 6 TH EDITION Objectives Explore the structure of a Web table Create headings and cells in a table Create cells that span multiple rows and columns
More informationThe plural of Chromium is Chromia. Peter-Paul Koch Mobilism, 27 March 2015
The plural of Chromium is Chromia Peter-Paul Koch http://quirksmode.org http://twitter.com/ppk Mobilism, 27 March 2015 First of all Chrome on ios is not Chrome Chrome on ios Apple doesn t allow the installation
More informationMalware and Vulnerability Check Point. 1. Find Problems 2. Tell Vendors 3. Share with Community
Malware and Vulnerability Research @ Check Point 1. Find Problems 2. Tell Vendors 3. Share with Community TR-069 quick tour / DEF CON recap Motivation The TR-069 Census 2014 Research Highlights Mass Pwnage
More informationRevision control systems (RCS) and. Subversion
Revision control systems (RCS) and Subversion Problem area Software projects with multiple developers need to coordinate and synchronize the source code Approaches to version control Work on same computer
More informationIntroduction to Git and GitHub. Tools for collaboratively managing your source code.
Introduction to Git and GitHub Tools for collaboratively managing your source code. This Is Not a Tutorial About Git There are many tutorials online. What is Git? Git is a collaborative, distributed version
More informationUsing Git For Development. Shantanu Pavgi, UAB IT Research Computing
Using Git For Development Shantanu Pavgi, pavgi@uab.edu UAB IT Research Computing Outline Version control system Git Branching and Merging Workflows Advantages Version Control System (VCS) Recording changes
More informationCommits and Commit Messages
Commits and Commit Messages What is a commit? Small set of modifications to a code base Each commit should contain one (atomic) change Commits should be standalone (independent of other commits) Open Source
More informationGetting the files for the first time...2. Making Changes, Commiting them and Pull Requests:...5. Update your repository from the upstream master...
Table of Contents Getting the files for the first time...2 Making Changes, Commiting them and Pull Requests:...5 Update your repository from the upstream master...8 Making a new branch (for leads, do this
More informationA Dozen Years of Shellphish. Journey to the Cyber Grand Challenge
A Dozen Years of Shellphish Journey to the Cyber Grand Challenge 1 Zardus rhelmot 2 HEX on the beach 3 4 5 19 17 4 1 1 :-( 6 # of Shellphish players (cumulative) 40 30 20 10 0 23 29 2015 7 # of Defcons
More informationThwarting unknown bugs: hardening features in the mainline Linux kernel
Thwarting unknown bugs: hardening features in the mainline Linux kernel Mark Rutland ARM Ltd Embedded Linux Conference Europe 2016 October 11, 2016 ARM 2016 2 ARM 2016 What s the
More informationExercise 1: Understand the CSS box model
Concordia University SOEN 287: Web Programming 1 Winter 2016 Assignment 2 Due Date: By 11:55pm Sunday February 14, 2016 Evaluation: 4% of final mark Late Submission: none accepted Type: Individual Assignment
More informationBuild & Launch Tools (BLT) Automating best practices for enterprise sites
Build & Launch Tools (BLT) Automating best practices for enterprise sites Who are you? Matthew Grasmick @grasmash on Drupal.org, twitter, etc. Acquia Professional Services, 4yrs Drupalist, 9yrs Maintainer
More informationWeek 5. CS 400 Programming III
Exam Conflicts are due this week: 1. Put all course meetings, quizzes, and exams in your calendar 2. Report any conflicts with cs400 exams by Friday of this week 3. Report complete information via the
More informationCMSC 414 Computer and Network Security
CMSC 414 Computer and Network Security Buffer Overflows Dr. Michael Marsh August 30, 2017 Trust and Trustworthiness You read: Reflections on Trusting Trust (Ken Thompson), 1984 Smashing the Stack for Fun
More informationThe plural of Chromium is Chromia. Peter-Paul Koch NLHTML5 Rotterdam, 19 February 2015
The plural of Chromium is Chromia Peter-Paul Koch http://quirksmode.org http://twitter.com/ppk NLHTML5 Rotterdam, 19 February 2015 to do Chrome on ios is not Chrome Switch stats and thing with Android
More informationB r o w s e r s u p p o r t
A Browser Support Since writing this book, much has changed in the browser market. The Chromium project, which the Chrome browser is based on, stopped using WebKit and created their own fork, called Blink.
More informationBORDER IMAGES THE BACKGROUND IMAGE PROPERTIES. Learning Web Design, 5e
BORDER IMAGES For use with: Learning Web Design, 5e by Jennifer Robbins Copyright O Reilly Media 2018 In this article, I ll give you a quick overview of the border-image properties for filling the sides
More informationUsing GitHub for scientific research
Team 1 Reading in a CSV file Feel free to ask me questions if you get stuck! Specification Write a Python function that reads a two-columned CSV file and separates the two columns into two Python lists.
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationSmartphone (in) Security
Smartphone (in) Security Smartphones (in)security Nicolas Economou and Alfredo Ortega October 6, 2008 In this talk: 1. Introduction 2. Smartphone Security overview 3. Explotation and shellcodes for both
More informationAn Empirical Study of Vulnerability Rewards Programs
An Empirical Study of Vulnerability Rewards Programs Matthew Finifter, Devdatta Akhawe, David Wagner UC Berkeley security development lifecycle A vulnerability remediation strategy is any systematic approach
More informationFrom Assembly to JavaScript and Back
From Assembly to JavaScript and Back Robert Gawlik Ruhr-University Bochum August 30th 2018 Singapore About me IT Security since 2010 PostDoc Systems Security Group @ Horst Görtz Institute / Ruhr-University
More informationCS314 Software Engineering Configuration Management
CS314 Software Engineering Configuration Management Dave Matthews Configuration Management Management of an evolving system in a controlled way. Version control tracks component changes as they happen.
More informationKTH Royal Institute of Technology SEMINAR 2-29 March Simone Stefani -
KTH Royal Institute of Technology SEMINAR 2-29 March 2017 Simone Stefani - sstefani@kth.se WHAT IS THIS SEMINAR ABOUT Branching Merging and rebasing Git team workflows Pull requests and forks WHAT IS THIS
More informationGuidelines for doing the short exercises
1 Short exercises for Murach s HTML5 and CSS Guidelines for doing the short exercises Do the exercise steps in sequence. That way, you will work from the most important tasks to the least important. Feel
More informationGIT TUTORIAL. Creative Software Architectures for Collaborative Projects CS 130 Donald J. Patterson
GIT TUTORIAL Creative Software Architectures for Collaborative Projects CS 130 Donald J. Patterson SCM SOFTWARE CONFIGURATION MANAGEMENT SOURCE CODE MANAGEMENT Generic term for the ability to manage multiple
More informationCSC 405 Introduction to Computer Security Fuzzing
CSC 405 Introduction to Computer Security Fuzzing Alexandros Kapravelos akaprav@ncsu.edu Let s find some bugs (again) We have a potentially vulnerable program The program has some inputs which can be controlled
More informationUsing Machine Learning to Identify Security Issues in Open-Source Libraries. Asankhaya Sharma Yaqin Zhou SourceClear
Using Machine Learning to Identify Security Issues in Open-Source Libraries Asankhaya Sharma Yaqin Zhou SourceClear Outline - Overview of problem space Unidentified security issues How Machine Learning
More informationFRONT END DEVELOPER CAREER BLUEPRINT
FRONT END DEVELOPER CAREER BLUEPRINT HAVE A QUESTION? ASK! Read up on all the ways you can get help. CONFUSION IS GOOD :) Seriously, it s scientific fact. Read all about it! REMEMBER, YOU ARE NOT ALONE!
More informationCSC 2700: Scientific Computing
CSC 2700: Scientific Computing Record and share your work: revision control systems Dr Frank Löffler Center for Computation and Technology Louisiana State University, Baton Rouge, LA Feb 13 2014 Overview
More informationVersion Control with Git ME 461 Fall 2018
Version Control with Git ME 461 Fall 2018 0. Contents Introduction Definitions Repository Remote Repository Local Repository Clone Commit Branch Pushing Pulling Create a Repository Clone a Repository Commit
More informationBuilding a Browser for Automotive: Alternatives, Challenges and Recommendations
Building a Browser for Automotive: Alternatives, Challenges and Recommendations Igalia and Webkit/Chromium Open source consultancy founded in 2001 Igalia is Top 5 contributor to upstream WebKit/Chromium
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationVersion control CSE 403
Version control CSE 403 Goals of a version control system Keep a history of your work Explain the purpose of each change Checkpoint specific versions (known good state) Recover specific state (fix bugs,
More informationHuman-Computer Interaction Design
Human-Computer Interaction Design COGS120/CSE170 - Intro. HCI Instructor: Philip Guo Lab 2 - Styling and publishing your website (2018-10-10) by Michael Bernstein, Scott Klemmer, Philip Guo, and Sean Kross
More informationBlack Hat Webcast Series. C/C++ AppSec in 2014
Black Hat Webcast Series C/C++ AppSec in 2014 Who Am I Chris Rohlf Leaf SR (Security Research) - Founder / Consultant BlackHat Speaker { 2009, 2011, 2012 } BlackHat Review Board Member http://leafsr.com
More informationYou Can t Move Forward Unless You Can Roll Back. By: Michael Black
You Can t Move Forward Unless You Can Roll Back By: Michael Black The VP of Sales walks in and tells you that your largest and oldest client wants to pay for a custom modification. But here s the clincher,
More informationMore CSS goodness with CSS3. Webpage Design
More CSS goodness with CSS3 Webpage Design CSS3 for Web Designers CSS is Evolving Currently we have been working with CSS 2.1 This specification in its entirety is supported by all current browsers (there
More informationSpectre and Meltdown. Clifford Wolf q/talk
Spectre and Meltdown Clifford Wolf q/talk 2018-01-30 Spectre and Meltdown Spectre (CVE-2017-5753 and CVE-2017-5715) Is an architectural security bug that effects most modern processors with speculative
More informationProject Management. Overview
Project Management Overview How to manage a project? What is software configuration management? Version control systems Issue tracking systems N. Meng, L. Zhang 2 1 What is Project Management? Effective
More informationGit for Subversion users
Git for Subversion users Zend webinar, 23-02-2012 Stefan who? Stefan who? Freelancer: Ingewikkeld Stefan who? Freelancer: Ingewikkeld Symfony Community Manager Stefan who? Freelancer: Ingewikkeld Symfony
More informationGit and Gerrit Workflows. Enforcing Manual & Automated Review
Git and Gerrit Workflows Enforcing Manual & Automated Review Agenda Branching and Workflow Review A Look at Gerrit The Gerrit Workflow Other Workflows Customizing Gerrit Workflow Branching and Workflow
More informationThe Rock branching strategy is based on the Git Branching Model documented by Vincent Driessen.
Overview The Rock branching strategy is based on the Git Branching Model documented by Vincent Driessen. Branches Master The master branch should always reflect the latest production-ready state, and should
More informationSOEN287: Web Programming
Concordia University Department of Computer Science and Software Engineering SOEN287: Web Programming Summer 2016 Programming assignment #1 Deadline: Friday, July, 22, 2016 @ 23:55 Late submission: Type
More informationJersey City Free Public Library WIFI Hotspot
1. Windows 2000, XP, 7 and Vista Users: a. Select the wireless icon in the system tray. or or or b. Select the SSID of the library you are currently located: JCPL- c. Launch a web browser (Internet Explorer,
More informationJavaScript & Security get married. Yan Zhu NCC Group SF Open Forum 9/17/15
JavaScript & Security get married Yan Zhu NCC Group SF Open Forum 9/17/15 F YEAH RUSTIC PENNSYLVANIA WEDDING THEME!! About me: Security Engineer at Yahoo! by day EFF Technology Fellow (Let s Encrypt, HTTPS
More informationVisualizing Git Workflows. A visual guide to 539 workflows
Visualizing Git Workflows A visual guide to 539 workflows Table of Contents Notation Collaboration Without Review or Branches Merge Conflicts Requesting Code Review Collaboration with Multiple Branches
More informationGit, the magical version control
Git, the magical version control Git is an open-source version control system (meaning, it s free!) that allows developers to track changes made on their code files throughout the lifetime of a project.
More informationINFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION
INFORMATION SECURITY - PRACTICAL ASSESSMENT - BASICS IN BUFFER EXPLOITATION GRENOBLE INP ENSIMAG http://www.ensimag.fr COMPUTER SCIENCE 3RD YEAR IF-MMIS - 1ST SEMESTER, 2011 Lecturers: Fabien Duchene -
More informationCSE 390 Lecture 9. Version control and Subversion (svn)
CSE 390 Lecture 9 Version control and Subversion (svn) slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 Working Alone Ever done one of the
More informationLab 08. Command Line and Git
Lab 08 Command Line and Git Agenda Final Project Information All Things Git! Make sure to come to lab next week for Python! Final Projects Connect 4 Arduino ios Creative AI Being on a Team - How To Maximize
More informationHuman-Computer Interaction Design
Human-Computer Interaction Design COGS120/CSE170 - Intro. HCI Instructor: Philip Guo, Lab TA: Sean Kross Lab 2 - Styling and publishing your website (2017-10-13) by Michael Bernstein, Scott Klemmer, Philip
More informationIngegneria del Software Corso di Laurea in Informatica per il Management (D)VCS. Davide Rossi Dipartimento di Informatica Università di Bologna
Ingegneria del Software Corso di Laurea in Informatica per il Management (D)VCS Davide Rossi Dipartimento di Informatica Università di Bologna Rationale for version control Control the revisions of artifacts
More informationAutomating Your Way out of the Dark Ages
Automating Your Way out of the Dark Ages Our experience with (and without) PhoneGap Build @burin creative commons licensed (BY-NC-ND) flickr photo by Fred Seibert: http://flickr.com/photos/84568447@n00/2060261678
More informationWhat is a web browser?
Web Browsers What is a web browser? A software application for retrieving, presenting, and traversing information resources on the World Wide Web. Web page Image Video Other piece of content History of
More informationRevision Control. How can 4. Slides #4 CMPT 276 Dr. B. Fraser. Local Topology Simplified. Git Basics. Revision Control:
How can 4 (or 4000) developers work on a product at once? Revision Control Revision Control Revision Control: Also called version control, source control, software configuration management. Motivation:
More informationInstructions for downloading paid media from BSO.org and playing paid media in the BSO Media Center Revised as of 12/23/2011
Instructions for downloading paid media from BSO.org and playing paid media in the BSO Media Center Revised as of 12/23/2011 DOWNLOADING MEDIA 1. Purchase Media Once you have completed your purchase, you
More informationVersion (Source Code) Control SWEN-250
Version (Source Code) Control SWEN-250 Overview Motivation why is version control useful? Key concepts Variations on the basic theme Example version control systems 1/10/2019 (c) 2013 RIT Dept. of Software
More informationEmpirical Study on Impact of Developer Collaboration on Source Code
Empirical Study on Impact of Developer Collaboration on Source Code Akshay Chopra, Sahil Puri and Parul Verma 03 April 2018 Outline Introduction Research Questions Methodology Data Characteristics Analysis
More informationContribute To Linux Mainline
Contribute To Linux Mainline Wu Zhangjin / Falcon wuzhangjin@gmail.com Tiny Lab 泰晓实验室 http://tinylab.org June 3, 2013 Outline 1 About Linux Kernel Development 2 Upstream your source code 3 Reference 4
More informationGit Introduction CS 400. February 11, 2018
Git Introduction CS 400 February 11, 2018 1 Introduction Git is one of the most popular version control system. It is a mature, actively maintained open source project originally developed in 2005 by Linus
More informationCS7026 CSS3. CSS3 Graphics Effects
CS7026 CSS3 CSS3 Graphics Effects What You ll Learn We ll create the appearance of speech bubbles without using any images, just these pieces of pure CSS: The word-wrap property to contain overflowing
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationGithub/Git Primer. Tyler Hague
Github/Git Primer Tyler Hague Why Use Github? Github keeps all of our code up to date in one place Github tracks changes so we can see what is being worked on Github has issue tracking for keeping up with
More information(try adding using css to add some space between the bottom of the art div and the reset button, this can be done using Margins)
Pixel Art Editor Extra Challenges 1. Adding a Reset button Add a reset button to your HTML, below the #art div. Pixels go here reset The result should look something
More informationCSS for Page Layout Robert K. Moniot 1
CSS for Page Layout 2015 Robert K. Moniot 1 OBJECTIVES In this unit, you will learn: How to use style sheets for layout Controlling text flow, margins, borders, and padding Controlling visibility of elements
More informationState of jquery Fall John Resig
State of jquery Fall 2010 John Resig State of the Project New Releases jquery 1.4.3 / jquery 1.4.4 Official Plugins: jquery Templating jquery Data Linking jquery Mobile jquery 1.4.3 JSLint Modularity
More informationLaboratorio di Programmazione. Prof. Marco Bertini
Laboratorio di Programmazione Prof. Marco Bertini marco.bertini@unifi.it http://www.micc.unifi.it/bertini/ Code versioning: techniques and tools Software versions All software has multiple versions: Each
More informationTechnical Architecture & Analysis
Technical Architecture & Analysis HS2 Technical Architecture & Analysis 15 October 2012 Anton Palitsyn 020 7426 8920 anton.palitsyn@precedent.co.uk Contents Contents... 2 Document info... 3 Authors...
More informationContinuous Integration. Johannes Seitz
Continuous Integration Johannes Seitz - @Ookami86 What is Continuous Integration? That Jenkins job may be necessary, but not sufficient. Ways of working in a team Integrating often Integrating in a Big
More informationEconomies of Scale in Hacking Dave Aitel Immunity
Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 1 Demand Side/Supply Side Economies of Scale Networked increase in value High barrier of entry Cheaper as you get bigger
More informationGetting started with GitHub
Getting started with GitHub A beginner s guide. (There s no code in this slide deck!) Presented by Quinn Supplee https://github.com/quinns What is GitHub? GitHub is a code hosting platform for version
More informationHow to git with proper etiquette
How to git with proper etiquette Let's start fixing how we use git here in crew so our GitHub looks even more awesome and you all get experience working in a professional-like git environment. How to use
More informationSoftware Tools Subversion
Software Tools Subversion Part II Lecture 4 1 Today s Outline Subversion (SVN) TortoiseSVN Client SVN Tips 2 Subversion (SVN) 3 Subversion (SVN) Centralized open-source VCS; started in 2000 Developed as
More informationORB Education Quality Teaching Resources
These basic resources aim to keep things simple and avoid HTML and CSS completely, whilst helping familiarise students with what can be a daunting interface. The final websites will not demonstrate best
More informationProduced by. Web Development. Eamonn de Leastar Department of Computing, Maths & Physics Waterford Institute of Technology
Web Development Produced by Eamonn de Leastar (edeleastar@wit.ie) Department of Computing, Maths & Physics Waterford Institute of Technology http://www.wit.ie http://elearning.wit.ie CSS: Box Model Worked
More informationHow to lay out a web page with CSS
How to lay out a web page with CSS A CSS page layout uses the Cascading Style Sheets format, rather than traditional HTML tables or frames, to organize the content on a web page. The basic building block
More informationProgramming in the Real World. Dr. Baldassano Yu s Elite Education
Programming in the Real World Dr. Baldassano chrisb@princeton.edu Yu s Elite Education Our programs are getting bigger! Our game was already over 100 lines long - most programs are worked on by teams of
More information