DOCSLIB.ORG

Introduction

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introduction EEMCS / SCS INTRODUCTION ERIK TEWS <[email protected]> 9 NOVEMBER 2020 SOFTWARE SECURITY 2020 1 ABOUT ME • I‘m Erik • Assistant Professor at the University of Twente since 3 years • Previously in Darmstadt and Birmingham • I like programming • I like security 2 9 November 2020 Software Security 2020 ABOUT THIS LECTURE STRUCTURE • I will provide you with some teaching material upfront • Videos but also articles • We will later on discuss this • We can have video conferences • And we can also use the breakout rooms there • And then we will have the opportunity to try things together • We will have lab sessions online • And potentially on the campus as well • And we can use a chat for the lecture where you can get help 4 CONTENT • Low level programming bugs in C • How buffer overflows and memory corruption affect the security • More secure low level languages (Rust) • Rust is a modern and memory safe low level language • Automated and advanced tools to detect bugs • Code checkers, verification, fuzzing and more • Modern software development and web security • How to use all those tools in a modern development environment 5 TIME PLANNING • I will try to hand out all assignments in 2020 • In 2021, no (significant) new topics will be added • We will spend more time with discussing your results • In a nutshell: • More work for you in 2020 • Less in the last weeks of the course 6 WHO THE COURSE IS MADE FOR • People who like programming • And would like to be able to write better and more secure code • And do that in a larger group • People who manage software projects • And are responsible for the security in their projects • I‘m sorry, but you need to learn something about programming as well 7 TECHNOLOGY • We will do coding in C, Rust and a high level language • We will use git and https://gitlab.utwente.nl/ • Most of the tools we use work best on Linux • Windows users may use WSL2 and/or a VM • MacOS users should probably use a Linux VM (Ubuntu or whatever you like) • And we will use Zulip • Please join using this link • https://zulip.eemcs.utwente.nl/join/rkhk004pajjaigr3h3a3gyyy/ 8 VIDEO CONFERENCING • We are currently on Zoom • Probably the best solution from a technology point of view • We could also use Microsoft Teams • The university uses it anyway • And we could use Canvas Conferences • Nice integration with Canvas 9 ASSIGNMENTS AND EXAMS • There will be some assignments for each of the 4 topics • You will work in groups of 2 on them • And sometimes with other groups as well • Grades for those assignment sets can be • Not sufficient – you screwed it up! • Sufficient – it’s OK but we are not impressed • Excellent – we are impressed! • You need at least 3x sufficient or better to go to the exam • An excellent gives you a 0,5 bonus on the exam mark (3x max) 10 THE EXAM • Currently we plan a traditional exam written on Chromebooks • I know that there are some who would like to avoid the campus at the moment • And we don‘t know what the next Covid19 rule change will bring • Possible alternatives • Oral online exam • A final project • A combination of both 11 WHAT THE COURSE IS BASED ON • The course from 2017 given by Jaco van de Pol • Who based it on: • A course from the University of Maryland • And a course by Erik Poll, Radboud University 12 YOUR TASKS NOW • Try to find answers to the following questions • How good are you in programming? • What do you expect from the course? • Would you (now) like to come to the campus once a week? • Which online conferencing solution do you like? • Shell we record the common part of the conferences? • Which examination mode do you like? • And do that in breakout rooms • I might join you there 13 BREAK OUT ROOMS 14 YOUR NEXT TASKS • You need to find a team mate • When you don’t know someone yet • Ask in Zulip: https://zulip.eemcs.utwente.nl/#narrow/stream/93-CS- SoftSec.202020.20Teamfinding • Join a team finding event on Wednesday 15:45 • Feel free to submit a slide about you upfront (Tuesday evening) • Until Thursday 23:59 • Join a team on Canvas • Login once on https://gitlab.utwente.nl/ • Join Zulip https://zulip.eemcs.utwente.nl/join/rkhk004pajjaigr3h3a3gyyy/ 15 ABOUT ZULIP • It’s a chat like Slack, Mattermost, Discord… • One major difference: Every message has a topic • Similar to threads in Slack • Makes it very easy to group messages and catch up with them • Chatting about software is really nice there due to syntax highlighting • And you can link bots as well • And you even get nice mobile apps • And you can have your private team channel there as well 16 ZULIP CHANNELS • #CS SoftSec 2020 General • General questions about the course, help with assignments • #CS SoftSec 2020 Teamfinding • When you are still looking for a team member • #CS SoftSec 2020 Announcements • Important announcements you should read • #Playground • When you are new to Zulip and like to play around • Stuff you can safely ignore 17 LOGGING IN TO ZULIP • Join the first time via the link we provide • Use your Utwente email address and pasword • When it doesn‘t work: • Go to https://tap.utwente.nl/ • Change your password once • Wait a few minutes • Try again 18 LOGGING IN TO GITLAB • Go to https://gitlab.utwente.nl • Use your s-number and your Utwente password • When it doesn‘t work, try the same procedure as for Zulip • When it still doesn‘t work: Contact the ICT servicedesk 19 QUESTIONS? 20.
Load more

Recommended publications
  • Bebras International Workshop 2020 Delegates’ Guidelines for Working Groups
    Bebras International Workshop 2020 Delegates’ Guidelines for Working Groups Preparation for Working Group Participation Please read through this document thoroughly in order to make your work for the Bebras Workshop more efficient. Prepare Your Workplace You will need to have the following installed and running: ● A recent computer. ​ ​ ● A working microphone. ​ ​ ● If possible a webcam. ​ ​ ● A proper up-to-date web browser (for this year Chrome or Chromium derivatives like Vivaldi are ​ ​ preferred for compatibility reasons). ● A SVN client (except for guests or representatives without SVN access1). ​ ​ ○ Windows: TortoiseSVN is recommended (https://tortoisesvn.net/). ​ ​ ○ macOS: either use the command line (if you’re comfortable with it) or consider Versions https://versionsapp.com/ (not free); some people have also used integrated development ​ environments that offer SVN functionality; some people even run a virtualized Windows just for TortoiseSVN. ○ Linux: you know what you’re doing, right? ● LibreOffice 6.3 or 6.4 (https://www.libreoffice.org/download/download/). Older versions become ​ ​ ​ increasingly incompatible. OpenOffice is no longer an alternative. ● A proper text editor (not Word or LibreOffice but for HTML source code editing) ​ ​ ○ Windows: Notepad++ is recommended (https://notepad-plus-plus.org/downloads/). ​ ​ ○ macOS: TextWrangler 5.5.2 was recommended for pre-macOS 10.15, Atom is also working with macOS 10.15 (https://atom.io/). ​ ​ ○ Linux: you know what you’re doing, right? ● Our video conferencing tool for the working groups (a local installation of Jitsi Meet available at ​ ​ https://workshop.cuttle.org/BebrasYourRoomName ) will run fine in any web browser. There is an ​ ​ electron app available (https://github.com/jitsi/jitsi-meet-electron/releases), but watch out for ​ ​ security problems with electron apps because they tend to bundle older chromium versions with security problems.
    [Show full text]
  • Polishing Zulip (Electron) Making the Desktop Client an Obvious Choice for Zulip Users
    Kanishk Kakar [email protected] github.com/kanishk98 GMT +05:30 India, fluent in English Polishing Zulip (Electron) Making the desktop client an obvious choice for Zulip users ABSTRACT With its innovative threading model and robust webapp, Zulip has received a lot of praise from remote teams that use it. While the desktop app is certainly complete in terms of features, it needs some polish and certain standout features to make it an obvious choice for a Zulip user to install. In this proposal, I suggest the implementation of multiple features to achieve the above goal. PROPOSED DELIVERABLES By the end of the summer, I intend to have implemented the following features: Enterprise deployment Currently, there is no Zulip-enabled way for admins to deploy the app with custom settings for multiple users in an enterprise setting. After ​discussions​ with the community, I’ve been working with Vipul Sharma to implement a system that allows the admin to write a script for configuring the app as they require via a .json file in the root directory. My role so far while developing this feature has been to add an ​ ​EnterpriseUtil ​module ​ that configures settings at various places in the app and allows admins to also configure whether keeping a setting admin-only is required or not. I expect to have completed this feature before the community bonding period begins. WIP PR #681 Replacing​ <webview> with​ BrowserView ​ ​ We currently use <​ webview> ​for rendering all content except the sidebar in the app window. ​ However, the Electron team has ​warned​ developers against using <​ webview>​ because of certain persistent bugs.
    [Show full text]
  • A Perfectly Good Hour
    A PERFECTLY GOOD HOUR 1. Social Capital 2. Social Intelligence 3. Listening 4. Identity 5. Language & Cursing 6. Nonverbal Communication 7. Satisfying Relationships 8. Consummate Love 9. Conflict Management 10. Styles of Parenting/Leading Modern Social Commentary Cartoons by David Hawker from PUNCH Magazine, 1981 A PERFECTLY GOOD HOUR Feel free to voice your opinion and to disagree. This is not a friction- free zone. AND, please do demonstrate social intelligence. Let’s Get Better Acquainted If you match this descriptor, keep your 1. You belong to an LLI Special Interest Group video on and unmute. 2. You are fluent in another language 3. You’ve received your flu shot If you don’t match this 4. You attended the LLI class on nanotechnology descriptor, temporarily 5. You have grandchildren stop your video. 6. You (have) participate(d) in Great Decisions 7. You have a pet 8. You play a musical instrument 9. You are/have been on the LLI Board 10. You think this is a fun poll How fortunate we are that during this global pandemic, we can stay home, attending LLI classes, reading, creating, baking, taking walks, and talking with our loved one. The last six months have exposed and magnified long standing inequities -- in our communities, in our hospitals, in our workplaces, and in schools. Too many of our school districts lack a fair share of resources to address the pandemic’s challenges; not every student can be taught remotely with attention to their need for social and emotional safe learning spaces. The current circumstances are poised to exacerbate existing disparities in academic opportunity and performance, particularly between white communities and communities of color.
    [Show full text]
  • Open Online Meeting
    Open online meeting Project report 2021 1 Content Page ➢ Objectives and background ○ Background, current situation and future needs 3 ○ Purpose and aim of the project 4 ○ Implementation: Preliminary study 5 ○ Functionalities 6 ➢ Results of the study ○ Group 1: Web-conferencing and messaging solutions 7 ○ Group 2: Online file storage, management and collaboration platforms 21 ○ Group 3: Visual online collaboration and project management solutions 30 ○ Group 4: Online voting solutions 37 ➢ Solution example based on the study results ○ Selection criteria 42 ○ Description of the example solution 43 ➢ Next steps 44 2021 2 Background, current situation and future needs Municipalities in Finland have voiced a need to map out open source based alternatives for well-known proprietary online conferencing systems provided by e.g. Google and Microsoft for the following purposes: ➢ Online meeting (preferably web-based, no installation), ➢ Secure file-sharing and collaborative use of documents, ➢ Chat and messaging, ➢ Solution that enables online collaboration (easy to facilitate), ➢ Cloud services, ➢ Online voting (preferably integrated to the online meeting tool with strong identification method that would enable secret ballot voting). There are several open source based solutions and tools available for each category but a coherent whole is still missing. 2021 3 Purpose and aim of the project The purpose in the first phase of the project was to conduct a preliminary study on how single open source based solutions and tools could be combined to a comprehensive joint solution and research the technical compatibility between the different OS solutions. The project aims to create a comprehensive example solution that is based on open source components.
    [Show full text]
  • Team Collaboration and the Future of Work Irwin Lazar VP & Service Director, Nemertes Research [email protected] @Nemertes @Imlazar 12 March, 2020
    Team Collaboration and the Future of Work Irwin Lazar VP & Service Director, Nemertes Research [email protected] @Nemertes @imlazar 12 March, 2020 © 2020 Nemertes Research DN8381 Agenda • Introductions • Defining Team Collaboration • State of Deployment • Achieving Success • Next Steps • Q&A © 2020 Nemertes Research DN8381 About Nemertes Global research and strategic consulting firm that analyzes the business value of emerging technologies. Our real-world operational and business metrics help organizations achieve successful technology transformations. Founded in 2002. Topics We Cover Research We Conduct Services We Provide • Cloud, Networking & Infrastructure • Benchmarks: Live discussions with • Research advisory service Services IT leaders • Strategy & roadmap consulting • Cybersecurity & Risk Management • Vendor & technology assessment • Digital Customer Experience • Surveys: Industry-leading data • Digital Transformation integrity methodology • Cost models • Digital Workplace • Maturity models • Internet of things (IoT) • Vendor discussions: Product, • Annual conference technology analysis © 2020 Nemertes Research DN8381 Who Am I? • Lead coverage of collaboration and digital workplace technologies • Consult with organizations on collaboration strategy • Advise vendors/service providers on go to market and product development @imlazar • Regular speaker/contributor for @nemertes NoJitter/Enterprise Connect, SearchEnterpriseUnifiedCommunications • Based in Virginia © 2020 Nemertes Research DN8381 What Are Team Collaboration Apps?
    [Show full text]
  • Rocket Chat Ios Push Notifications
    Rocket Chat Ios Push Notifications Is Levin brash or moldering when fanned some one-upmanship panegyrizes indifferently? Uncreditable Jonathon streams kinda. Which Kit glorifies so out-of-hand that Kendall outreach her sovietisms? Web chat and is sent, for medium members in the help customers to push notifications we can set up for easy Meanwhile another poster might intervene. Everything has functioned as it should with no problem. The kiz reserves the right to deactivate this channel in the future. Mattermost qualify as part of greensboro apologized for ios, or so many different audiences with rocket chat ios push notifications with push. It is a monorepo meteor application. OR live voice, but not one that can do recorded voice chat. Like many alternatives to Slack, Spike does much more to support communication and collaboration within a team. Alertmanager is too long are jira transport will show a rocket chat ios push notifications can i have signed in my synoogy nas owners and ios devices and. Furthermore, we do not make use of your phone number for identification. We setup multiple channels for different business sections and major projects. Technically, a container component is just a React component that uses store. So there is no point in needing the app. Reduce operational costs and keep your online customer service team focused on solutions, with fewer distractions and all the tools needed for exceptional customer experience. BEST Alternative FOCUS Apps! Although it is over two years old and might not have been up to date anymore. How do I contact Publishers Clearing House? Use in app configuration adds to download avast password where to rocket chat ios push notifications on your password where anyone help us.
    [Show full text]
  • Who Owns Your Conversations?
    Who owns your conversations? We’re about to see a major shake-up in how people communicate within the workplace. It’s called Element. Element is the pioneer of Universal Secure Collaboration. The world has changed Now more than ever, organisations face challenges with people Element changes this. collaborating. Designed to provide a radical new way of messaging and collaborating, Internally and externally, they face an unmanaged mix of traditional, Element is for those who have woken up to the severe downsides out-of-date collaboration tools and consumer-grade messaging apps. inherent with traditional messaging and collaboration tools and saves This leaves organisations with data strewn across multiple services, them from: with little control or clarity about how the data is secured, managed, accessed or audited. Loss of data ownership These applications - like Microsoft Teams, Signal, Slack, Telegram, Walled garden apps hampering true, open collaboration WhatsApp and Zoom - operate on an overly centralised internet, which Flawed, obfuscated encryption leaves data vulnerable enables corporate and nation-state datamining and routine surveillance. The result? Individuals and organisations relinquish control of their data. The world has changed, it’s time to change with it 2 The need for decentralisation The endemic issues within traditional messaging and collaboration But decentralised is super-difficult and incredibly time-consuming. apps stem from centralisation. It’s why commercial firms, and most investors, have favoured centralised The centralised products and services and the now centralised, systems - they deliver a faster return. The downside, which end-users formerly, open internet puts too much power in too few hands, now feel, is their loss of control and privacy.
    [Show full text]
  • Preliminary Report
    Practical Course { Contributing to an Open-Source Project Preliminary Report Helena Klause Winter term 2020/21 Zulip is a hundred percent open source full-featured group chat that aims to increase productivity of teams that use it. According to the project's creator and lead developer Tim Abbott, it has one of the most fascinating histories for an open source project.[1] The group chat is used by thousands of teams and is known to have a highly welcoming community for contributors. 1 History 1.1 Origin Zulip's story goes back to 2008, when four MIT students were working on the Ksplice software, which allows users to live-patch a running Linux kernel. The software is based on the master's thesis authored by Jeff Arnold and is provided under an open source license.[2] Jessica McKellar, Tim Abbott and Waseem Daher joined forces with him in order to develop the software further.[3][4][5] In June 2008, they founded the company Ksplice, Inc. whose business model was to maintain the software and provide support for it.[6] At the time, Ksplice's founders were using an instant-messaging system called Bar- nOwl for internal communications. BarnOwl was a client that implemented the Zephyr protocol, one of the first IP-based chat protocols built in the late 80s which was hugely 1 popular at MIT.[7][1] BarnOwl's powerful user interface made it easy to read and write hundreds of messages a day, which meshed well with the Ksplice team's need for a highly productive tool.
    [Show full text]
  • TUG 2020: a Report and Texmaker and Overleaf
    TUGboat, Volume 41 (2020), No. 2 123 TUG 2020: A report and TEXmaker and Overleaf. We played three hours of future recommendations it as part of the workshop. Thirty out of the total stayed for the whole Paulo Ney de Souza three hours, with a clear over-representation of Latin This document expresses my own opinions, and lack- America among the attendees | most likely due to ing, due to time constraints, are opinions of viewers the timezone we used for this part of the conference. and attendees of the conference. These are my rec- Attendees were engaged and the chat was used for ommendations for future online meetings and even discussion not only of the lecture, but of the methods in-person meetings with an online component. and tools used by Cheryl and Sue. A few of the students have commented that The organization they watched and engaged the workshop with closed captions and automatic translation on YouTube. The entire conference committee, Karl Berry, Jen- My recommendations would be: nifer Claudio, Rohit Goswami, Robin Laakso, Ross Moore, Will Robertson and Boris Veytsman worked ¶1. Include an Intermediate Course, expanding on very closely and diligently due to the time constraints, the collection of videos we have started to build. the cancellation of other TEX meetings and the wish ¶2. Replay the lectures in intervals of 6-hours and to deliver a good quality program, despite the uncer- 12-hours later to cover most of the globe. The tainties of the COVID-19 pandemic around us. Two challenge here is to find able bodies to answer the other TUG board members, Norbert Preining and chat, especially outside Cheryl{Sue timezones.
    [Show full text]
  • Aliya Khan and Kishan Patel
    Kishan Patel (kishanlp) and Aliya Khan (khanal) EECS 481: Software Engineering 16 Apr 2018 HW6b: Contribution I. Name and Email Ids Kishan Patel (kishanlp) and Aliya Khan (khanal) II. Selected Project We contributed to an open-source messaging application called Zulip. The Zulip website URL is https://zulipchat.com/. The Github project can be found at ​ ​ https://github.com/zulip/zulip. Zulip is a messaging app similar to Slack, and it is mainly ​ geared towards larger communities such as organizations or companies that include many people. The Zulip project is highly trafficked, with developers responding to my questions within hours. Zulip itself is organized into several different smaller projects, one of which is the main Zulip app, and another being the Python Zulip API which includes implementations of several bots that can be run within the Zulip app. For our contribution, we were initially going to contribute to a bug in the main Zulip app, but when this proved too time-consuming, we switched to focusing on tests for the bots in the Python Zulip API. III. Project Context Zulip’s project context and ‘business model’ involves a Slack-like interface that allows users who haven’t been active for a while to easily catch up on previous conversations. Its open-source competitors include Mattermost, Rocket.chat, and matrix.org, and its main closed-source competitor is Slack. Zulip aims to create a chat application for large communities. On its website, it states “Zulip combines the immediacy of Slack with an email threading model. With Zulip, you can catch up on important conversations while ignoring irrelevant ones” (Zulip).
    [Show full text]
  • Zulip Documentation Release 1.4.0
    Zulip Documentation Release 1.4.0 The Zulip Team Jan 10, 2017 Overview 1 Zulip overview 3 1.1 Community................................................3 1.2 Installing the Zulip Development environment.............................3 1.3 Running Zulip in production.......................................3 1.4 Ways to contribute............................................4 1.5 How to get involved with contributing to Zulip.............................4 1.6 License..................................................5 2 Zulip architectural overview 7 2.1 Key Codebases..............................................7 2.2 Usage assumptions and concepts.....................................7 2.3 Components...............................................8 3 Directory structure 11 3.1 Core Python files............................................. 11 3.2 HTML Templates............................................ 11 3.3 JavaScript and other static assets..................................... 12 3.4 Tests................................................... 12 3.5 Management commands......................................... 12 3.6 Scripts.................................................. 12 3.7 API and Bots............................................... 13 3.8 Production puppet configuration..................................... 13 3.9 Additional Django apps......................................... 13 3.10 Jinja2 Compatibility Files........................................ 13 3.11 Translation files............................................. 13 3.12 Documentation.............................................
    [Show full text]
  • Err Documentation Release 9.9.9
    Err Documentation Release 9.9.9 Guillaume Binet, Tali Davidovich Petrover and Nick Groenen Jun 22, 2021 Contents 1 Screenshots 3 2 Simple to build upon 5 3 Batteries included 7 3.1 Multiple server backends.........................................7 3.2 Core features...............................................8 3.3 Built-in administration and security...................................8 3.4 Extensive plugin framework.......................................8 4 Sharing 9 5 Community 11 6 User guide 13 6.1 Setup................................................... 13 6.2 Administration.............................................. 22 6.3 Plugin development........................................... 25 6.4 Flow development............................................ 52 6.5 [Advanced] Backend development.................................... 56 6.6 [Advanced] Storage Plugin development................................ 58 6.7 Logging to Sentry............................................ 59 7 Getting involved 61 7.1 Contributing............................................... 61 7.2 Issues and feature requests........................................ 62 7.3 Getting help............................................... 62 8 API documentation 63 8.1 errbot package.............................................. 63 9 Release history 141 9.1 v6.1.8 (2021-06-21)........................................... 141 9.2 v6.1.7 (2020-12-18)........................................... 142 9.3 v6.1.6 (2020-11-16)........................................... 142 9.4 v6.1.5
    [Show full text]