Continue writig thesis with focus on arctitecture

content/introduction.tex

@@ -21,9 +21,16 @@ a new age of digital wild west, which could involve us running around in vulnera
 driving cars\cite{SelfDriving} with power over life and death, while exposing all our
 sensitive data through our ill-protected smart phones\cite{Android} and IoT devices\cite{IoTDDoS}.
 What a time to be alive.
-Unless we want to disconnect all our devices from all networks and ban USB sticks, the best
-lines of defense are going to be people -- a new generation of \emph{security conscious}
-users and developers.
+It is important to express that IT security is something that is \emph{really hard} to
+get right.
+Even if right often only means better then your neighbour, as perfect security is an utopia
+that doesn't seem to exist\cite{NoPerfectSecurity}.
+Often when large and reputable companies in the industry such as
+CloudFlare\cite{CloudFlareLeak} or eBay\cite{EBayGit} can fail to get it right at times
+is when people start to grasp how difficult it actually is.
+This is why unless we want to disconnect all our devices from all networks and ban USB
+sticks, the best lines of defense are going to be people -- a new generation 
+of \emph{security conscious} users and developers.
 
 Among many other things outside IT, this is only possible with education\cite{ITSecEdu}.
 We need to come up with engaging, addictive and fun ways to learn (and teach), so that
@@ -35,10 +42,10 @@ The only thing we can hope and work for is to become better and better as time
 and generations pass.
 We \emph{must} do better, and education is the way forward.
 
-The short term goal of this project -- and thesis -- is to provide a new angle
-in the education of software engineering, especially secure software engineering
-based on the aspirations above, with the long term goal of bringing something new
-to the table in the matter of IT education as a whole
+The short term goal of this project -- and the goal of this thesis -- is to provide
+a new angle in the education of software engineering, especially secure software
+engineering based on the aspirations above, with the long term goal of bringing
+something new to the table in the matter of IT education as a whole
 (not just developers, but users as well).
 
 \section{A Short Introduction to Avatao}
@@ -46,7 +53,7 @@ to the table in the matter of IT education as a whole
 The goal of Avatao as a company is to help software developers in building a \emph{culture} of
 security amongst themselves, with the vision that if the world is going to be taken over by
 software no matter what, that software might as well be \emph{secure software}.
-To achieve this goal we have been working on an online e-learning platform with hundreds\
+To achieve this goal we have been working on an online e-learning platform with hundreds%
 \footnote{654 exercises as of today, to be exact}
 of hands-on learning exercises to help students and professionals
 master IT security, collaborating with
@@ -69,6 +76,8 @@ added authenticity and relevance \cite{AkosFacebook}.
 Our challenges usually involve some sort of website acting as frontend for the vulnerable
 application, or require the user to connect using SSH.
 
+\pic{figures/avatao_challenge.png}{An offensive challenge on the Avatao platform}
+
 The Avatao platform relies heavily on Docker containers to spawn challenges,
 which makes it extremely flexible in terms of what is possible to do when creating
 content.
@@ -87,7 +96,7 @@ things like exercises involving the use of Docker or Windows based challenges.
 \section{Emergence}
 
 While working as a content creator I have stumbled into the idea of automating the completion
-of challenges for QA\footnote{Quality Assurrance} and demo purposes\
+of challenges for QA\footnote{Quality Assurrance} and demo purposes%
 \footnote{I used to record short videos or GIFs to showcase my content to management}.
 In a certain scenario I was required to integrate a web based terminal emulator in a
 frontend application to improve user experience by making it possible to use a shell
@@ -96,18 +105,19 @@ After I got this working I was looking into writing hacky bash scripts to automa
 required to complete the challenge in order to make it easier for me to record the solution,
 as I have often found myself recording over and over again for a demo without any mistakes.
 During the time I was playing around with this idea, researching possible solutions have led me
-to a hidden gem of a project on GitHub called \texttt{demo-magic}\
+to a hidden gem of a project on GitHub called \texttt{demo-magic}%
 \footnote{\href{https://github.com/paxtonhare/demo-magic}{https://github.com/paxtonhare/demo-magic}},
 which is esentially a bash script that simulates someone typing into a terminal and executing
 commands.
-I have created a fork\
-\footnote{The source code is available at
-\href{https://git.strongds.hu/mrtoth/demo.sh/src/master/demo.sh}{https://git.strongds.hu/mrtoth/demo.sh/src/master/demo.sh}}
+I have created a fork%
+\footnote{
+\href{https://git.strongds.hu/mrtoth/demo.sh/src/master/demo.sh}
+{https://git.strongds.hu/mrtoth/demo.sh/src/master/demo.sh}}
 of the project and integrated it into my challenge.
 Soon after recording demo videos was not even necessary anymore, as I have started to distribute
 the solution script with the challenge code itself, making it toggleable using build-time
 variables.
-Should the solution script be enabled, the challenge would automatically start\
+Should the solution script be enabled, the challenge would automatically start%
 \footnote{I did this by injecting the solution script into the user's \texttt{.bashrc} file}
 completing itself in the terminal integrated into it's frontend, often even explaining the
 commands executed during the solution process.
@@ -123,7 +133,7 @@ but what I did not know was that I have accidentally
 did something far more than a hacky bash script solving challenges, as this little script
 would help formulate the idea of the project \emph{Tutorial Framework} or just \emph{TFW}.
 
-\section{Introducing the Tutorial Framework}
+\section{Vision of the Tutorial Framework}
 
 The whole ''challenges that solve themselves'' thing seemed like an idea that has great
 potential if developed further.
@@ -141,7 +151,7 @@ your newfound skills in action immediately.
 
 For example a chatbot would show you how to encrypt a file using GnuGP,
 then it would ask you to encrypt an other file similarly.
-After this the bot could show you how to a configure a database server and then
+After this the bot could teach you how to a configure a database server and then
 ask you to write a configuration file yourself and then encrypt it because it might
 contain sensitive data such as open ports, usernames and such.
 
@@ -157,6 +167,28 @@ a web based frontend with a file editor, terminal, chat window and stuff like th
 Turns out that today all this can be done by writing a few hundred lines of Python
 code which uses the Tutorial Framework.
 
+\subsection{Project Requirements}\label{requirements}
+
+Based on this it is now more or less possible to define requirements for the project.
+The reason for the ``more or less'' part is that all of this is pretty much bleeding edge,
+where the requirements could shift dynamically with time.
+For this reason I am going to be as general as possible, to the point that some of
+this might even sound vauge.
+To achieve our goals we would need:
+
+\begin{itemize}
+    \item a way to keep track of user progress
+    \item a way to to handle various events (i.e. we can react when
+          the user has edited a file, or has executed a command in the terminal)
+    \item a highly flexible messaging system, in which processes and
+          frontend components (running in a web browser) could communicate with eachother
+    \item a web based frontend with lots of built-in options (terminal, file editor, chat
+          window, etc.) that use said messaging system
+    \item stable APIs that can be exposed to content creators to work with (so that
+          framework updates won't break client code)
+    \item tooling for development (distributing, building and running)
+\end{itemize}
+
 \section{Early Development}
 
 Around a year ago a good friend and collage of mine Bálint Bokros, the CTO of our company
@@ -174,9 +206,27 @@ Bachelor's Thesis\cite{BokaThesis}.
 Although not much of the original code base has remained due to intense refactoring
 and all around changes, the result would serve as a solid foundation for further development,
 and the architecture is mostly the same to this day.
-The resulting code would be the first working POC\
+The resulting code would be the first working POC%
 \footnote{Proof of Concept} of the framework showcasing the fixing of an SQL Injection
 attack.
+This initial version included the foundations of the framework:
+a working messaging system, event handling and state tracking.
+These provided a great basis
+despite of the fact that the core codebase of the framework was almost
+completely rewritten due to an increased focus on code quality, 
+extensibility and API stability required by new features.
+
+It is interesting to note, that when I've mentioned that the project requirements
+were kept general on purpose (\ref{requirements}) I had good reason to do so.
+When taking a look at the requirements of Bálint's Thesis, much of that
+is completely obsolete by now.
+But since the project has followed Agile Methodology%
+\footnote{Manifesto for Agile Software Development:
+\href{https://agilemanifesto.org}{https://agilemanifesto.org}}
+from the start, we were able to adapt to these changes without losing
+the progess he made in said Thesis. Quoting from the Agile Manifesto: 
+``Responding to change over following a plan''.
+This is a really important takeaway.
 
 After becoming a full time employee at Avatao I was tasked with developing the project
 with Bálint, who was later reassigned to work on the GDPR compliance of the platform.