Gradle is a build automation solution which can be downloaded from http://www.gradle.org/downloads and is an really powerful 'Groovy based' way to automate builds.
The download is made available (in Dec 2013) as a zip file, but for OSX there are is not 'installer script', so here is how I just set it up on my dev OSX laptop:
Monday, 16 December 2013
Sunday, 15 December 2013
What if minecraft was open source? (it would be an amazing learning tool)
Last week I did my 2nd CodeClub session where we tried to use a Minecraft server in the class (see Setting up a CraftBukkit based Minecraft server on OSX (Nov 2013) )
And it was a painful experience.
There where a ton of technical probs and most (if not all of them) were caused by the fact that MineCraft is not open source and needs to have a 'call home' function to make sure the clients have a valid license (i.e. there is an authentication step when connecting to a Minecraft server which forces the clients to be online, and introduces a number of issues).
This got me thinking about the hidden costs of the 'Minecraft closed' world, and how much more of an impact it would have if it was open source (and freely available to more kids).
And it was a painful experience.
There where a ton of technical probs and most (if not all of them) were caused by the fact that MineCraft is not open source and needs to have a 'call home' function to make sure the clients have a valid license (i.e. there is an authentication step when connecting to a Minecraft server which forces the clients to be online, and introduces a number of issues).
This got me thinking about the hidden costs of the 'Minecraft closed' world, and how much more of an impact it would have if it was open source (and freely available to more kids).
The hidden costs of closed words (in reference to Disney/Pixar animations)
I just watched the Disney movie Frozen (with the kids), which is basically a re-cast of the characters and technology used on the Tangled movie.
What I really found interesting was how the kids (8 of them) really had no idea what I was talking about when I mentioned "...well ... they grabbed the same Software and Character's Programming used in Tangled, added a change of clothes and programmed a new story..."
Basically the concept that there is a HUGE amount of programming and technology behind these movies (Pixar, Dreamworks Animation, Walt Disney Animation, etc...) is completely alien to them.
What I really found interesting was how the kids (8 of them) really had no idea what I was talking about when I mentioned "...well ... they grabbed the same Software and Character's Programming used in Tangled, added a change of clothes and programmed a new story..."
Basically the concept that there is a HUGE amount of programming and technology behind these movies (Pixar, Dreamworks Animation, Walt Disney Animation, etc...) is completely alien to them.
Blogger search is still broken and workaround to create a simpler (but working) blog search
I was trying to ignore this and see if Google Blogger team would fix it, but after a couple weeks (or more) it is still broken, and is starting to affect me (because I blog so that Future Self is able to find those ideas (like my Today Self, which is not able to find for what It think it is there).
Thursday, 12 December 2013
How to word-wrap a word without breaking it (when using bootstrap)
I just had one of those bugs that should had taken 5m, but ended up taking a lot more because the behaviour of HTML and bootstrap was not as easy as I was expected.
Basically the problem was that we needed to handle (in the TeamMentor Eclipse Fortify Plugin) the cases when we don't have a TeamMentor mapping for the issue currently being shown in the Fortify views.
The solution was to show the current Fortify recommendation, which is available from their plugin (I need to explain how I got that data in another post), and after integrating that data in our plugin, it looked like this:
Basically the problem was that we needed to handle (in the TeamMentor Eclipse Fortify Plugin) the cases when we don't have a TeamMentor mapping for the issue currently being shown in the Fortify views.
The solution was to show the current Fortify recommendation, which is available from their plugin (I need to explain how I got that data in another post), and after integrating that data in our plugin, it looked like this:
Wednesday, 11 December 2013
Juno probe captures movie of Earth-Moon 'dance' (and how small we all are)
Very cool movie showing how small we all are:
Tuesday, 10 December 2013
Webcast on TeamMentor integration with Checkmarx
If you want to see how TeamMentor integrates with Checkmarx (namely the special asmx proxy we created), me and Maty (from Checkmarx) are doing a webcast later today (1pm EST) which you can register at http://web.securityinnovation.com/webinar-december/
The title is Faster & Better Remediation with Security Innovation’s TeamMentor and Checkmarx’s CxSuite and here is the session description:
The title is Faster & Better Remediation with Security Innovation’s TeamMentor and Checkmarx’s CxSuite and here is the session description:
What really hurts ... is not being defended by your peers/friends
As somebody who has a strong opinions and likes to do stuff, I found myself sometimes in situations where I step a little out of line and do offend/hurt others (see also Why do others think that I'm "hard to deal with" and that "I don't listen").
This means that I tend to be on the receiving end of some criticism, which I've learned to accept (and not argue back, even though I could). Sometimes it is better to just accept the mistakes and let the other side have their say, specially if they are right and some of their feelings where hurt.
Occasionally when that I happens, I get the question "Doesn't it hurt to be on the receiving end of that criticism?" (which is a variation of "doesn't it hurt to be so misunderstood on what you are trying to do?" )
This means that I tend to be on the receiving end of some criticism, which I've learned to accept (and not argue back, even though I could). Sometimes it is better to just accept the mistakes and let the other side have their say, specially if they are right and some of their feelings where hurt.
Occasionally when that I happens, I get the question "Doesn't it hurt to be on the receiving end of that criticism?" (which is a variation of "doesn't it hurt to be so misunderstood on what you are trying to do?" )
Sunday, 8 December 2013
Blogging is like speaking to my 'Future Self'
Speaking to our 'Future Self' is a concept that I have been thinking and rationalising lately.
Looking back I can see that I have been doing it for a while, but I think the first time I wrote it down was on this tweet:
Looking back I can see that I have been doing it for a while, but I think the first time I wrote it down was on this tweet:
Got 3 Raspberry PIs on the post from @CodeClub
Last week I received 3 Raspberry Pis on the post, to be used on the weekly CodeClub sessions I'm doing at my kids school.
This is part of the 15,000 kits sponsored in the UK by Google, with 3000 of them delivered to CodeClub (see Google to give schools Raspberry Pi and We’re happy as Raspberry Pi )
This is part of the 15,000 kits sponsored in the UK by Google, with 3000 of them delivered to CodeClub (see Google to give schools Raspberry Pi and We’re happy as Raspberry Pi )
Wednesday, 4 December 2013
High-Res images of TeamMentor's Fortify integration in Eclipe
As you can read about here and here we are in the final process of officially releasing (and selling) the TeamMentor Eclipse Plugin with Fortify support.
Alli (from SI Marketing) asked me for some High-Res screenshots of how it works, which I just created on a clean install of Eclipse Kepler 64bit on OSX with both Fortify and TeamMentor plugins installed.
You can see the images below, or download the 1.2Mb images from these links:
Alli (from SI Marketing) asked me for some High-Res screenshots of how it works, which I just created on a clean install of Eclipse Kepler 64bit on OSX with both Fortify and TeamMentor plugins installed.
You can see the images below, or download the 1.2Mb images from these links:
- TeamMentor_Inside_Eclipse.png
- TM_Fortify_Command_Injection.png
- TM_Fortify_First_View.png
- TM_Fortify_SQL_Injection_Bottom_Part.png
- TM_Fortify_SQL_Injection_TopPart.png
Thse where taken on a MacBook Air with Retina display, using the OSX screenshot tool, which creates images with a 3108 × 2028 resolution (which I hope is OK for print).
Setting up a CraftBukkit based Minecraft server on OSX (Nov 2013)
Since I have my regular Codeclub Wednesday session later today, I finally got around to figure out how to run a Minecraft server (I have a number of kids that are starting to get bored with Scratch and REALLY like the idea of programming Minecraft)
There are a couple Minecraft servers out there (including an official one), but the CraftBukkit seems really powerful and very plugin-friendly (see http://plugins.bukkit.org/)
Here are the steps required to get an Minecraft CraftBukkit server up and running:
There are a couple Minecraft servers out there (including an official one), but the CraftBukkit seems really powerful and very plugin-friendly (see http://plugins.bukkit.org/)
Here are the steps required to get an Minecraft CraftBukkit server up and running:
- download the CraftBukkit 1.7.2 development version from http://dl.bukkit.org/downloads/craftbukkit/
- follow the instructions from http://wiki.bukkit.org/Setting_up_a_server
- move the downloaded craftbukkit-1.7.2-R0.1-20131204.020906-17.jar into the BukkitServer folder and rename it craftbukkit.jar (you can delete the one originally downloaded)
- execute ./start.command from a terminal window in the BukkitServer folder
- open your Minecraft client (downloaded from https://minecraft.net/download) and connect to localhost (you will need a valid/paid account in https://minecraft.net)
Monday, 2 December 2013
Installing Eclipse Plugin Builder, accessing Eclipse objects and adding a new Menu Item that opens Owasp.org website
This post shows how to use the Eclipse Plugin Update site described in TeamMentor Plugin and Builder v1.5.6 (Source Code and Eclipse Update site) to install and use the Eclipse Builder Kit that we open sourced last week.
The objective is to do these actions, without needing to start Eclipse to see them:
The objective is to do these actions, without needing to start Eclipse to see them:
- Dynamically access eclipse objects like: Shell, Workbench, Worksapce, ActiveWorkbenchPage, Display, etc...
- Open the http://www.owasp.org website in a browser (and put it inside an Action object)
- Add new Menu called ‘OWASP’
- Add a menu Item to the ‘OWASP’ menu called ‘Open OWASP website’ that calls the Action object that opens wht OWASP website.
Wednesday, 27 November 2013
TeamMentor Plugin and Builder v1.5.6 (Source Code and Eclipse Update site)
TLDR: open eclipse and install the plugin from: http://eclipse-plugin-builder.azurewebsites.net
I just updated the TeamMentor_Eclipse_Plugin repo with the latest version of this plugin (take a look at the develop branch which is in sync with the develop branch in my dev fork).
This code is now Open Source (see SI Open Sources the Eclipse Plugin-development toolkit that I developed for TeamMentor) so fell free to take a look, fork it and figure out how to use it.
I just updated the TeamMentor_Eclipse_Plugin repo with the latest version of this plugin (take a look at the develop branch which is in sync with the develop branch in my dev fork).
This code is now Open Source (see SI Open Sources the Eclipse Plugin-development toolkit that I developed for TeamMentor) so fell free to take a look, fork it and figure out how to use it.
Executing two H2 scripts after compiling them
Sometimes you want to reuse a script that already exists, for example to have multiple copies of it running at the same time (great for Fuzzing of load testing).
Here is a simple example (from the TeamMentor UnitTest/Tools collection) that does exactly that:
Here is a simple example (from the TeamMentor UnitTest/Tools collection) that does exactly that:
Util - Browse TeamMentor Libraries.h2
Here is another simple tool that allows for a quick browse of TeamMentor Articles (download exe from: Util - Browse TeamMentor Libraries v1.0.exe )
The objective of this tool is to show how to mass consume TeamMentor Articles (if you look at the code you will notice that all metadata will be downloaded locally so that after an initial delay, all navigation happens in real time (with the articles being downloaded on demand).
Note that that there is a more advanced version of this tool (called Library Manager), but for local access and quick views of TeamMentor Libraries, this is quite a nice tool:
The objective of this tool is to show how to mass consume TeamMentor Articles (if you look at the code you will notice that all metadata will be downloaded locally so that after an initial delay, all navigation happens in real time (with the articles being downloaded on demand).
Note that that there is a more advanced version of this tool (called Library Manager), but for local access and quick views of TeamMentor Libraries, this is quite a nice tool:
No OWASP app on the OSX AppStore (Nov 2013)
Definitely a missed opportunity here :)
What types of App should exist?
At least we should have a couple that expose OWASP materials (books, wiki pages) , projects and events.
I will be a happy guy when this page doesn't look like this:
What types of App should exist?
At least we should have a couple that expose OWASP materials (books, wiki pages) , projects and events.
I will be a happy guy when this page doesn't look like this:
Monday, 25 November 2013
Script to create stats from TeamMentor Libraries
While creating a better tool to manage the new 'TeamMentor Researcher Programme' (more details later today), I am updating the https://github.com/TeamMentor/UnitTests/ scripts to the latest version of TeamMentor (3.4) and FluentSharp Apis (5.3).
Amongst the scripts/apis I'm fixing there is the Calculate TM article totals.h2 which I created a while back when we needed to know the size of TeamMentor articles for translation (btw, if you speak Japanese, there is a version of TM in your language almost done).
Here are the stats of the current version of TM:
Amongst the scripts/apis I'm fixing there is the Calculate TM article totals.h2 which I created a while back when we needed to know the size of TeamMentor articles for translation (btw, if you speak Japanese, there is a version of TM in your language almost done).
Here are the stats of the current version of TM:
Sunday, 24 November 2013
SI Open Sources the Eclipse Plugin-development toolkit that I developed for TeamMentor
For the past couple months I have been working on a Eclipse plug-in for TeamMentor (see Programming Eclipse in Real-Time (using an 'Groovy based' Eclipse Plug-in) , Opening up a native Chrome Browser window inside Eclipse (raw version) , Injecting HP Fortify Eclipse Plug-in Views into HP’s WebInspect UI and Two Videos showing TeamMentor Eclipse Plugin integration with Fortify Eclipse Plugin (as shown in HP Protect 2013 conference) ).
I had a number of culture chocks coming from a C#/VisualStudio/O2Platform/REPL world into a Java/Eclipse one. The biggest one by far was the loss of 'semi-real-time' code execution that I have in Windows/C#. I used the O2 Platform REPL (and Resharper+Ncrunch VS plugins) to have a proper TDD development mode (i.e. high effectiveness and productivity), and in the Eclipse world (specially in plugin development) I had a 10 to 30 sec delay before seeing the result of any code or UnitTests execution! (which is 95% slower than what I was used to)
So, as I guess it is typical of me, I didn't just create an Eclipse Plugin. I created an 'Eclipse Plugin to create/develop Eclipse Plugins' (think of it as a 'Groovy based Eclipse Plugin where the Groovy scripts have access to the Eclipse Objects of the Eclipse instance running those Groovy scripts' :)
I had a number of culture chocks coming from a C#/VisualStudio/O2Platform/REPL world into a Java/Eclipse one. The biggest one by far was the loss of 'semi-real-time' code execution that I have in Windows/C#. I used the O2 Platform REPL (and Resharper+Ncrunch VS plugins) to have a proper TDD development mode (i.e. high effectiveness and productivity), and in the Eclipse world (specially in plugin development) I had a 10 to 30 sec delay before seeing the result of any code or UnitTests execution! (which is 95% slower than what I was used to)
So, as I guess it is typical of me, I didn't just create an Eclipse Plugin. I created an 'Eclipse Plugin to create/develop Eclipse Plugins' (think of it as a 'Groovy based Eclipse Plugin where the Groovy scripts have access to the Eclipse Objects of the Eclipse instance running those Groovy scripts' :)
4 Million USD to build a secure Operating System to run Secure websites?
Is that too expensive or a great investment?
Well ... I meet a great friend at AppSec USA that already built a secure OS (based on Open Source technology) years ago in a company that failed (i.e. went bust at great personal cost). He is one of the most cleaver guys I know, and he and his team built (at the time) an OS that powered a very high-profile and targeted website that was NOT compromised.
The only catch is that their previous efforts was done under a 'closed software' platform, and my view is that such creation needs to be done under an Open Source model. This would allow the code to be peer reviewed and checked. Just like crypo, a secure OS needs to have the highest degree of assurance.
And since we can't really have a 'Secure Website' without a 'Secure OS' , I'm sure we will see multiple 'Secure OSes' in the future. My only doubt is if my friends' creation will be one of them.
So how do I got to the 4 Million USD value?
Well ... I meet a great friend at AppSec USA that already built a secure OS (based on Open Source technology) years ago in a company that failed (i.e. went bust at great personal cost). He is one of the most cleaver guys I know, and he and his team built (at the time) an OS that powered a very high-profile and targeted website that was NOT compromised.
The only catch is that their previous efforts was done under a 'closed software' platform, and my view is that such creation needs to be done under an Open Source model. This would allow the code to be peer reviewed and checked. Just like crypo, a secure OS needs to have the highest degree of assurance.
And since we can't really have a 'Secure Website' without a 'Secure OS' , I'm sure we will see multiple 'Secure OSes' in the future. My only doubt is if my friends' creation will be one of them.
So how do I got to the 4 Million USD value?
Friday, 22 November 2013
Just disabled AdSense for this blog
I was curious on how it was going work out, but never really liked the idea of exposing readers to adds.
And since I want to move into a static based blog as soon as possible (maybe something like docpad), it was just a matter of time.
And since I want to move into a static based blog as soon as possible (maybe something like docpad), it was just a matter of time.
Friday, 15 November 2013
I'm doing the 'Survival of the Fittest' (please sponsor if you can)
Sarah and I have been offered last minute places to take part in race called 'Survival of the Fittest', to raise money for the Philippines.
We have decided to go for it with very little preparation because we are raising money for a really important Philippines charity and the disaster relief fund. Splitting the funds 50/50.
If you haven't already made a donation to the disaster appeal then please consider sponsoring us.
The charity already sponsors some of the poorest children in the Manilla, and they are now suffering from the recent typhoon.
We have decided to go for it with very little preparation because we are raising money for a really important Philippines charity and the disaster relief fund. Splitting the funds 50/50.
If you haven't already made a donation to the disaster appeal then please consider sponsoring us.
The charity already sponsors some of the poorest children in the Manilla, and they are now suffering from the recent typhoon.
Friday, 8 November 2013
Presenting at OWASP Turkey Chapter on Sat 10th of November (on Secure Continuous Delivery)
If you happen to be in Turkey this weekend, there is a great OWASP event happening tomorrow, where I'm also presenting on "Secure Continuous Delivery: Developer’s Immediate Connection to What They’re Creating".
This is basically going to be a review of the O2 Platform and development work I have been doing for the past years (namely in trying to automate application security knowledge).
This is basically going to be a review of the O2 Platform and development work I have been doing for the past years (namely in trying to automate application security knowledge).
Wednesday, 6 November 2013
Video for: "Using the O2 Platform to Automate Application Security Knowledge and Workflows"
As per a request from Samantha and Kate, I did an OWASP webcast on Nov 6th about the O2 Platform, and here is its video:
Tuesday, 5 November 2013
Updating my bio description (as of Nov 2013), now more 'developer focused'
My current bio is quite a bit out of data and it looked like this:
- Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences At OWASP, Dinis is the leader of the OWASP O2 Platform project.
Subscribe to:
Posts (Atom)