SlideShare una empresa de Scribd logo

Reading Other Peoples Code (Web Rebels 2018)

Patricia Aas
Patricia Aas

Someone else's code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.

Tecnología
1 de 56
Descargar para leer sin conexión
@pati_gallardo
Reading Other People's Code @pati_gallardo Patricia Aas Web Rebels 2018
Patricia Aas - Vivaldi Browser Programmer - mainly in C++ Currently : Vivaldi Technologies Previously : Cisco Systems, Knowit, Opera Software Master in Computer Science - main language Java Twitter : @pati_gallardo
- So… You Got Someone Else’s Code? - Before You Start - 10 Techniques - Different is Good @pati_gallardo
@pati_gallardo So… You Got Someone Else's Code?
This is not a code review @pati_gallardo
Code is the serialized version of a mental machine @pati_gallardo
What We Are Lacking Is: The Mental Model What we are faced with is: pages and pages of code. This is fine @pati_gallardo
@pati_gallardo Before You Start
#preperation - Get the code - Put it in source control - Put it in a “smart” IDE - Try to build it - Try to run it - Preferably in a debugger @pati_gallardo
Browsers are MASSIVE Vivaldi: 600,000 files @pati_gallardo
@pati_gallardo 10 Techniques That Will Help You Understand Other People’s Code
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 1. Grepping
Strings you see as ends to pull on - in the GUI - on the commandline - in the logs @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 2. Where Is This Button?
- Grep for the button text - Find the button - Set a breakpoint on onClick - Click on the button - Look at the stack - Traverse up the widget hierarchy @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 3. Following Inputs Events
Investigating Your GUI framework - Trace platform events - Look at graphics output - Find the platform integration architecture @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 4. What Do The Tests Do?
Integration / System Tests - How to run it - Use Cases - Write tests to drive the code you’re looking at - Write tests to examine your assumptions @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 5. Refactoring
Refactoring is Opinionated: Don’t get attached This is throw-away code @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 6. Reading “main”
The How Execution Architecture - Mainloop & event handling - Read top to bottom - Take notes & draw - Important objects/functions - Watch for common types - Recurse@pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 7. The Graphical Layout
- Find the Main Layout - Find the (implicit) State Machine - This is what changes the window contents - Maps often to Use Cases @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 8. Runtime Investigation
Rough Outline of Architectures - Event driven : main loop, async, event handlers - Request handling : one thread per request - mostly synchronous - Command line tool : mostly synchronous, takes input, produces output @pati_gallardo
- Use the debugger to examine runtime state and stacks - Read the logs to see flow - Run the tests - Add logging - Add tests and assertions - Add a feature@pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 9. Reading A “Class”
- Which interfaces does it implement? - Who uses it and how? - Public functions are the “mains” of a class (Getters don’t count) @pati_gallardo
1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
@pati_gallardo 10. Retelling or Rubber Ducking
Explain It To Someone Write a (fictional) blog post Write some documentation Make an internal prestation (Ducks aren't very motivating)@pati_gallardo
@pati_gallardo Conclusion : Different Is Good
Great code should be personal We want people to take pride in their work Learn to appreciate other people's code Style is individual @pati_gallardo
Make Everyone Feel Safe To Be Themselves @pati_gallardo
@pati_gallardo
Vivaldi Swag Patricia Aas, Vivaldi Technologies @pati_gallardo Photos from pixabay.com
Don’t be tempted to criticize If only… it were different... No. Breathe and accept @pati_gallardo
#philosophy Running code is not linear, reading code cannot be linear either. @pati_gallardo
#goals - Establishing a vague outline and fleshing it out in an iterative process - Taking notes and drawing - Make documentation - Teach others @pati_gallardo
Code is like Balls of Yarn on the FLoor It’s a mess. How do you know where to begin? Find an interesting end: Pull on it @pati_gallardo
Refactoring is opinionated Use it to understand, throw it away and go back to the original code Do not judge @pati_gallardo
You Need a Full Toolset For synchronous execution the debugger is useful For async the log will yield interesting places @pati_gallardo
If you approach other people's code wanting to learn: You will learn If you approach to criticize: You will criticize @pati_gallardo
“Instead of condemning people, let’s try to understand them. Let’s try to figure out why they do what they do. That’s a lot more profitable and intriguing than criticism; and it breeds sympathy, tolerance and kindness.” Dale Carnegie, How to Win Friends & Influence People @pati_gallardo

Recomendados

Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Patricia Aas
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Secure Programming Practices in C++ (NDC Security 2018)
Secure Programming Practices in C++ (NDC Security 2018)Secure Programming Practices in C++ (NDC Security 2018)
Secure Programming Practices in C++ (NDC Security 2018)Patricia Aas
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 
Thoughts On Learning A New Programming Language
Thoughts On Learning A New Programming LanguageThoughts On Learning A New Programming Language
Thoughts On Learning A New Programming LanguagePatricia Aas
 
Isolating GPU Access in its Own Process
Isolating GPU Access in its Own ProcessIsolating GPU Access in its Own Process
Isolating GPU Access in its Own ProcessPatricia Aas
 
Reading Other Peoples Code (NDC Copenhagen 2019)
Reading Other Peoples Code (NDC Copenhagen 2019)Reading Other Peoples Code (NDC Copenhagen 2019)
Reading Other Peoples Code (NDC Copenhagen 2019)Patricia Aas
 

Recomendados

Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Secure Programming Practices in C++ (NDC Oslo 2018)
Secure Programming Practices in C++ (NDC Oslo 2018)Patricia Aas
 
C++ The Principles of Most Surprise
C++ The Principles of Most SurpriseC++ The Principles of Most Surprise
C++ The Principles of Most SurprisePatricia Aas
 
Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Software Vulnerabilities in C and C++ (CppCon 2018)
Software Vulnerabilities in C and C++ (CppCon 2018)Patricia Aas
 
Secure Programming Practices in C++ (NDC Security 2018)
Secure Programming Practices in C++ (NDC Security 2018)Secure Programming Practices in C++ (NDC Security 2018)
Secure Programming Practices in C++ (NDC Security 2018)Patricia Aas
 
Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Trying to learn C# (NDC Oslo 2019)
Trying to learn C# (NDC Oslo 2019)Patricia Aas
 
Thoughts On Learning A New Programming Language
Thoughts On Learning A New Programming LanguageThoughts On Learning A New Programming Language
Thoughts On Learning A New Programming LanguagePatricia Aas
 
Isolating GPU Access in its Own Process
Isolating GPU Access in its Own ProcessIsolating GPU Access in its Own Process
Isolating GPU Access in its Own ProcessPatricia Aas
 
Reading Other Peoples Code (NDC Copenhagen 2019)
Reading Other Peoples Code (NDC Copenhagen 2019)Reading Other Peoples Code (NDC Copenhagen 2019)
Reading Other Peoples Code (NDC Copenhagen 2019)Patricia Aas
 
DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
 
The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)Patricia Aas
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)Patricia Aas
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 
The Anatomy of an Exploit
The Anatomy of an ExploitThe Anatomy of an Exploit
The Anatomy of an ExploitPatricia Aas
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida pythongeeksec80
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxyDEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxyFelipe Prado
 
Metasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's APIMetasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's APIKiwamu Okabe
 
Publishing a Perl6 Module
Publishing a Perl6 ModulePublishing a Perl6 Module
Publishing a Perl6 Moduleast_j
 
A Modest Introduction To Swift
A Modest Introduction To SwiftA Modest Introduction To Swift
A Modest Introduction To SwiftJohn Anderson
 
Hollywood mode off: security testing at scale
Hollywood mode off: security testing at scaleHollywood mode off: security testing at scale
Hollywood mode off: security testing at scaleClaudio Criscione
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your codeElizabeth Smith
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
Arduino programming of ML-style in ATS
Arduino programming of ML-style in ATSArduino programming of ML-style in ATS
Arduino programming of ML-style in ATSKiwamu Okabe
 
Clojure: Simple By Design
Clojure: Simple By DesignClojure: Simple By Design
Clojure: Simple By DesignAll Things Open
 
Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)Patricia Aas
 
Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)Patricia Aas
 

Más contenido relacionado

La actualidad más candente

DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
 
The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)Patricia Aas
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)Patricia Aas
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock examsecho liu
 
The Anatomy of an Exploit
The Anatomy of an ExploitThe Anatomy of an Exploit
The Anatomy of an ExploitPatricia Aas
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida pythongeeksec80
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxyDEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxyFelipe Prado
 
Metasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's APIMetasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's APIKiwamu Okabe
 
Publishing a Perl6 Module
Publishing a Perl6 ModulePublishing a Perl6 Module
Publishing a Perl6 Moduleast_j
 
A Modest Introduction To Swift
A Modest Introduction To SwiftA Modest Introduction To Swift
A Modest Introduction To SwiftJohn Anderson
 
Hollywood mode off: security testing at scale
Hollywood mode off: security testing at scaleHollywood mode off: security testing at scale
Hollywood mode off: security testing at scaleClaudio Criscione
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your codeElizabeth Smith
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
Arduino programming of ML-style in ATS
Arduino programming of ML-style in ATSArduino programming of ML-style in ATS
Arduino programming of ML-style in ATSKiwamu Okabe
 
Clojure: Simple By Design
Clojure: Simple By DesignClojure: Simple By Design
Clojure: Simple By DesignAll Things Open
 

La actualidad más candente (20)

DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)DevSecOps for Developers, How To Start (ETC 2020)
DevSecOps for Developers, How To Start (ETC 2020)
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)
 
The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)The Anatomy of an Exploit (CPPP 2019)
The Anatomy of an Exploit (CPPP 2019)
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)
 
C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)C++ for Java Developers (JavaZone Academy 2018)
C++ for Java Developers (JavaZone Academy 2018)
 
Php5 certification mock exams
Php5 certification mock examsPhp5 certification mock exams
Php5 certification mock exams
 
The Anatomy of an Exploit
The Anatomy of an ExploitThe Anatomy of an Exploit
The Anatomy of an Exploit
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida python
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
 
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxyDEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
DEF CON 27 - AMIT WAISEL and HILA COHEN - malproxy
 
Metasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's APIMetasepi team meeting #17: Invariant captured by ATS's API
Metasepi team meeting #17: Invariant captured by ATS's API
 
Publishing a Perl6 Module
Publishing a Perl6 ModulePublishing a Perl6 Module
Publishing a Perl6 Module
 
A Modest Introduction To Swift
A Modest Introduction To SwiftA Modest Introduction To Swift
A Modest Introduction To Swift
 
Hollywood mode off: security testing at scale
Hollywood mode off: security testing at scaleHollywood mode off: security testing at scale
Hollywood mode off: security testing at scale
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your code
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singapore
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you develop
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
Arduino programming of ML-style in ATS
Arduino programming of ML-style in ATSArduino programming of ML-style in ATS
Arduino programming of ML-style in ATS
 
Clojure: Simple By Design
Clojure: Simple By DesignClojure: Simple By Design
Clojure: Simple By Design
 

Similar a Reading Other Peoples Code (Web Rebels 2018)

Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)Patricia Aas
 
Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)Patricia Aas
 
Make it Fixable (NDC Copenhagen 2018)
Make it Fixable (NDC Copenhagen 2018)Make it Fixable (NDC Copenhagen 2018)
Make it Fixable (NDC Copenhagen 2018)Patricia Aas
 
Make It Fixable, Living with Risk (NDC London 2018)
Make It Fixable, Living with Risk (NDC London 2018)Make It Fixable, Living with Risk (NDC London 2018)
Make It Fixable, Living with Risk (NDC London 2018)Patricia Aas
 
Make It Fixable (Sikkert NOK 2017)
Make It Fixable (Sikkert NOK 2017)Make It Fixable (Sikkert NOK 2017)
Make It Fixable (Sikkert NOK 2017)Patricia Aas
 
New Ideas for Old Code - Greach
New Ideas for Old Code - GreachNew Ideas for Old Code - Greach
New Ideas for Old Code - GreachHamletDRC
 
Make it Fixable (CppCon 2018)
Make it Fixable (CppCon 2018)Make it Fixable (CppCon 2018)
Make it Fixable (CppCon 2018)Patricia Aas
 
Make it Fixable, Living with Risk (Paranoia 2017)
Make it Fixable, Living with Risk (Paranoia 2017)Make it Fixable, Living with Risk (Paranoia 2017)
Make it Fixable, Living with Risk (Paranoia 2017)Patricia Aas
 
Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Anand Sampat
 
Tooling around in the jdk
Tooling around in the jdkTooling around in the jdk
Tooling around in the jdkBrant Boehmann
 
Continuous integration with Git & CI Joe
Continuous integration with Git & CI JoeContinuous integration with Git & CI Joe
Continuous integration with Git & CI JoeShawn Price
 
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018Mike Harris
 
Use Groovy&Grails in your spring boot projects
Use Groovy&Grails in your spring boot projectsUse Groovy&Grails in your spring boot projects
Use Groovy&Grails in your spring boot projectsParadigma Digital
 
Distributing Sage / Python Code, The Right Way
Distributing Sage / Python Code, The Right WayDistributing Sage / Python Code, The Right Way
Distributing Sage / Python Code, The Right Waymmasdeu
 
DevSecOps for Developers: How To Start
DevSecOps for Developers: How To StartDevSecOps for Developers: How To Start
DevSecOps for Developers: How To StartPatricia Aas
 
PuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPhil Zimmerman
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...ShaiAlmog1
 
Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Dr Nic Williams
 
Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Patricia Aas
 

Similar a Reading Other Peoples Code (Web Rebels 2018) (20)

Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)Reading Other Peoples Code (NDC London 2019)
Reading Other Peoples Code (NDC London 2019)
 
Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)Reading Other Peoples Code (NDC Sydney 2018)
Reading Other Peoples Code (NDC Sydney 2018)
 
Make it Fixable (NDC Copenhagen 2018)
Make it Fixable (NDC Copenhagen 2018)Make it Fixable (NDC Copenhagen 2018)
Make it Fixable (NDC Copenhagen 2018)
 
Make It Fixable, Living with Risk (NDC London 2018)
Make It Fixable, Living with Risk (NDC London 2018)Make It Fixable, Living with Risk (NDC London 2018)
Make It Fixable, Living with Risk (NDC London 2018)
 
Make It Fixable (Sikkert NOK 2017)
Make It Fixable (Sikkert NOK 2017)Make It Fixable (Sikkert NOK 2017)
Make It Fixable (Sikkert NOK 2017)
 
New Ideas for Old Code - Greach
New Ideas for Old Code - GreachNew Ideas for Old Code - Greach
New Ideas for Old Code - Greach
 
Make it Fixable (CppCon 2018)
Make it Fixable (CppCon 2018)Make it Fixable (CppCon 2018)
Make it Fixable (CppCon 2018)
 
Make it Fixable, Living with Risk (Paranoia 2017)
Make it Fixable, Living with Risk (Paranoia 2017)Make it Fixable, Living with Risk (Paranoia 2017)
Make it Fixable, Living with Risk (Paranoia 2017)
 
Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)
 
Tooling around in the jdk
Tooling around in the jdkTooling around in the jdk
Tooling around in the jdk
 
Continuous integration with Git & CI Joe
Continuous integration with Git & CI JoeContinuous integration with Git & CI Joe
Continuous integration with Git & CI Joe
 
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
How I Learned to Stop Worrying and Love Legacy Code - Ox:Agile 2018
 
Use Groovy&Grails in your spring boot projects
Use Groovy&Grails in your spring boot projectsUse Groovy&Grails in your spring boot projects
Use Groovy&Grails in your spring boot projects
 
Distributing Sage / Python Code, The Right Way
Distributing Sage / Python Code, The Right WayDistributing Sage / Python Code, The Right Way
Distributing Sage / Python Code, The Right Way
 
DevSecOps for Developers: How To Start
DevSecOps for Developers: How To StartDevSecOps for Developers: How To Start
DevSecOps for Developers: How To Start
 
Introduce Django
Introduce DjangoIntroduce Django
Introduce Django
 
PuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With Notes
 
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...The Duck Teaches Learn to debug from the masters. Local to production- kill ...
The Duck Teaches Learn to debug from the masters. Local to production- kill ...
 
Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009
 
Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020
 

Más de Patricia Aas

NDC TechTown 2023_ Return Oriented Programming an introduction.pdf
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfNDC TechTown 2023_ Return Oriented Programming an introduction.pdf
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfPatricia Aas
 
Return Oriented Programming, an introduction
Return Oriented Programming, an introductionReturn Oriented Programming, an introduction
Return Oriented Programming, an introductionPatricia Aas
 
I can't work like this (KDE Academy Keynote 2021)
I can't work like this (KDE Academy Keynote 2021)I can't work like this (KDE Academy Keynote 2021)
I can't work like this (KDE Academy Keynote 2021)Patricia Aas
 
Dependency Management in C++ (NDC TechTown 2021)
Dependency Management in C++ (NDC TechTown 2021)Dependency Management in C++ (NDC TechTown 2021)
Dependency Management in C++ (NDC TechTown 2021)Patricia Aas
 
Introduction to Memory Exploitation (Meeting C++ 2021)
Introduction to Memory Exploitation (Meeting C++ 2021)Introduction to Memory Exploitation (Meeting C++ 2021)
Introduction to Memory Exploitation (Meeting C++ 2021)Patricia Aas
 
Classic Vulnerabilities (MUCplusplus2022).pdf
Classic Vulnerabilities (MUCplusplus2022).pdfClassic Vulnerabilities (MUCplusplus2022).pdf
Classic Vulnerabilities (MUCplusplus2022).pdfPatricia Aas
 
Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Patricia Aas
 
Introduction to Memory Exploitation (CppEurope 2021)
Introduction to Memory Exploitation (CppEurope 2021)Introduction to Memory Exploitation (CppEurope 2021)
Introduction to Memory Exploitation (CppEurope 2021)Patricia Aas
 
Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Patricia Aas
 
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Patricia Aas
 
The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
 
Elections, Trust and Critical Infrastructure (NDC TechTown)
Elections, Trust and Critical Infrastructure (NDC TechTown)Elections, Trust and Critical Infrastructure (NDC TechTown)
Elections, Trust and Critical Infrastructure (NDC TechTown)Patricia Aas
 
Survival Tips for Women in Tech (JavaZone 2019)
Survival Tips for Women in Tech (JavaZone 2019) Survival Tips for Women in Tech (JavaZone 2019)
Survival Tips for Women in Tech (JavaZone 2019) Patricia Aas
 
Embedded Ethics (EuroBSDcon 2019)
Embedded Ethics (EuroBSDcon 2019)Embedded Ethics (EuroBSDcon 2019)
Embedded Ethics (EuroBSDcon 2019)Patricia Aas
 
Keynote: Deconstructing Privilege (C++ on Sea 2019)
Keynote: Deconstructing Privilege (C++ on Sea 2019)Keynote: Deconstructing Privilege (C++ on Sea 2019)
Keynote: Deconstructing Privilege (C++ on Sea 2019)Patricia Aas
 
Why Is Election Security So Hard? (Paranoia 2019)
Why Is Election Security So Hard? (Paranoia 2019) Why Is Election Security So Hard? (Paranoia 2019)
Why Is Election Security So Hard? (Paranoia 2019) Patricia Aas
 
6 DevSecOps Hacks (femtech 2019)
6 DevSecOps Hacks (femtech 2019)6 DevSecOps Hacks (femtech 2019)
6 DevSecOps Hacks (femtech 2019)Patricia Aas
 
C++ is like JavaScript
C++ is like JavaScriptC++ is like JavaScript
C++ is like JavaScriptPatricia Aas
 

Más de Patricia Aas (19)

NDC TechTown 2023_ Return Oriented Programming an introduction.pdf
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfNDC TechTown 2023_ Return Oriented Programming an introduction.pdf
NDC TechTown 2023_ Return Oriented Programming an introduction.pdf
 
Telling a story
Telling a storyTelling a story
Telling a story
 
Return Oriented Programming, an introduction
Return Oriented Programming, an introductionReturn Oriented Programming, an introduction
Return Oriented Programming, an introduction
 
I can't work like this (KDE Academy Keynote 2021)
I can't work like this (KDE Academy Keynote 2021)I can't work like this (KDE Academy Keynote 2021)
I can't work like this (KDE Academy Keynote 2021)
 
Dependency Management in C++ (NDC TechTown 2021)
Dependency Management in C++ (NDC TechTown 2021)Dependency Management in C++ (NDC TechTown 2021)
Dependency Management in C++ (NDC TechTown 2021)
 
Introduction to Memory Exploitation (Meeting C++ 2021)
Introduction to Memory Exploitation (Meeting C++ 2021)Introduction to Memory Exploitation (Meeting C++ 2021)
Introduction to Memory Exploitation (Meeting C++ 2021)
 
Classic Vulnerabilities (MUCplusplus2022).pdf
Classic Vulnerabilities (MUCplusplus2022).pdfClassic Vulnerabilities (MUCplusplus2022).pdf
Classic Vulnerabilities (MUCplusplus2022).pdf
 
Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)
 
Introduction to Memory Exploitation (CppEurope 2021)
Introduction to Memory Exploitation (CppEurope 2021)Introduction to Memory Exploitation (CppEurope 2021)
Introduction to Memory Exploitation (CppEurope 2021)
 
Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020Trying to build an Open Source browser in 2020
Trying to build an Open Source browser in 2020
 
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
 
The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))
 
Elections, Trust and Critical Infrastructure (NDC TechTown)
Elections, Trust and Critical Infrastructure (NDC TechTown)Elections, Trust and Critical Infrastructure (NDC TechTown)
Elections, Trust and Critical Infrastructure (NDC TechTown)
 
Survival Tips for Women in Tech (JavaZone 2019)
Survival Tips for Women in Tech (JavaZone 2019) Survival Tips for Women in Tech (JavaZone 2019)
Survival Tips for Women in Tech (JavaZone 2019)
 
Embedded Ethics (EuroBSDcon 2019)
Embedded Ethics (EuroBSDcon 2019)Embedded Ethics (EuroBSDcon 2019)
Embedded Ethics (EuroBSDcon 2019)
 
Keynote: Deconstructing Privilege (C++ on Sea 2019)
Keynote: Deconstructing Privilege (C++ on Sea 2019)Keynote: Deconstructing Privilege (C++ on Sea 2019)
Keynote: Deconstructing Privilege (C++ on Sea 2019)
 
Why Is Election Security So Hard? (Paranoia 2019)
Why Is Election Security So Hard? (Paranoia 2019) Why Is Election Security So Hard? (Paranoia 2019)
Why Is Election Security So Hard? (Paranoia 2019)
 
6 DevSecOps Hacks (femtech 2019)
6 DevSecOps Hacks (femtech 2019)6 DevSecOps Hacks (femtech 2019)
6 DevSecOps Hacks (femtech 2019)
 
C++ is like JavaScript
C++ is like JavaScriptC++ is like JavaScript
C++ is like JavaScript
 

Último

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Último (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Reading Other Peoples Code (Web Rebels 2018)

  • 2. Reading Other People's Code @pati_gallardo Patricia Aas Web Rebels 2018
  • 3. Patricia Aas - Vivaldi Browser Programmer - mainly in C++ Currently : Vivaldi Technologies Previously : Cisco Systems, Knowit, Opera Software Master in Computer Science - main language Java Twitter : @pati_gallardo
  • 4. - So… You Got Someone Else’s Code? - Before You Start - 10 Techniques - Different is Good @pati_gallardo
  • 5. @pati_gallardo So… You Got Someone Else's Code?
  • 6. This is not a code review @pati_gallardo
  • 7. Code is the serialized version of a mental machine @pati_gallardo
  • 8. What We Are Lacking Is: The Mental Model What we are faced with is: pages and pages of code. This is fine @pati_gallardo
  • 10. #preperation - Get the code - Put it in source control - Put it in a “smart” IDE - Try to build it - Try to run it - Preferably in a debugger @pati_gallardo
  • 11. Browsers are MASSIVE Vivaldi: 600,000 files @pati_gallardo
  • 12. @pati_gallardo 10 Techniques That Will Help You Understand Other People’s Code
  • 13. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 15. Strings you see as ends to pull on - in the GUI - on the commandline - in the logs @pati_gallardo
  • 16. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 18. - Grep for the button text - Find the button - Set a breakpoint on onClick - Click on the button - Look at the stack - Traverse up the widget hierarchy @pati_gallardo
  • 19. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 21. Investigating Your GUI framework - Trace platform events - Look at graphics output - Find the platform integration architecture @pati_gallardo
  • 22. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 23. @pati_gallardo 4. What Do The Tests Do?
  • 24. Integration / System Tests - How to run it - Use Cases - Write tests to drive the code you’re looking at - Write tests to examine your assumptions @pati_gallardo
  • 25. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 27. Refactoring is Opinionated: Don’t get attached This is throw-away code @pati_gallardo
  • 28. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 30. The How Execution Architecture - Mainloop & event handling - Read top to bottom - Take notes & draw - Important objects/functions - Watch for common types - Recurse@pati_gallardo
  • 31. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 32. @pati_gallardo 7. The Graphical Layout
  • 33. - Find the Main Layout - Find the (implicit) State Machine - This is what changes the window contents - Maps often to Use Cases @pati_gallardo
  • 34. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 36. Rough Outline of Architectures - Event driven : main loop, async, event handlers - Request handling : one thread per request - mostly synchronous - Command line tool : mostly synchronous, takes input, produces output @pati_gallardo
  • 37. - Use the debugger to examine runtime state and stacks - Read the logs to see flow - Run the tests - Add logging - Add tests and assertions - Add a feature@pati_gallardo
  • 38. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 40. - Which interfaces does it implement? - Who uses it and how? - Public functions are the “mains” of a class (Getters don’t count) @pati_gallardo
  • 41. 1. Grepping 2. Where is this button? 3. Following input events 4. What do the tests do? 5. Refactoring 6. Reading “main” 7. The graphical layout 8. Runtime Investigation 9. Reading a class 10. Retelling or Rubber Ducking@pati_gallardo
  • 43. Explain It To Someone Write a (fictional) blog post Write some documentation Make an internal prestation (Ducks aren't very motivating)@pati_gallardo
  • 45. Great code should be personal We want people to take pride in their work Learn to appreciate other people's code Style is individual @pati_gallardo
  • 46. Make Everyone Feel Safe To Be Themselves @pati_gallardo
  • 48. Vivaldi Swag Patricia Aas, Vivaldi Technologies @pati_gallardo Photos from pixabay.com
  • 49. Don’t be tempted to criticize If only… it were different... No. Breathe and accept @pati_gallardo
  • 50. #philosophy Running code is not linear, reading code cannot be linear either. @pati_gallardo
  • 51. #goals - Establishing a vague outline and fleshing it out in an iterative process - Taking notes and drawing - Make documentation - Teach others @pati_gallardo
  • 52. Code is like Balls of Yarn on the FLoor It’s a mess. How do you know where to begin? Find an interesting end: Pull on it @pati_gallardo
  • 53. Refactoring is opinionated Use it to understand, throw it away and go back to the original code Do not judge @pati_gallardo
  • 54. You Need a Full Toolset For synchronous execution the debugger is useful For async the log will yield interesting places @pati_gallardo
  • 55. If you approach other people's code wanting to learn: You will learn If you approach to criticize: You will criticize @pati_gallardo
  • 56. “Instead of condemning people, let’s try to understand them. Let’s try to figure out why they do what they do. That’s a lot more profitable and intriguing than criticism; and it breeds sympathy, tolerance and kindness.” Dale Carnegie, How to Win Friends & Influence People @pati_gallardo