From fb08ec81cb6070582ab11ecde6de65cb8724a1a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= Date: Sat, 1 Dec 2018 09:54:31 +0100 Subject: [PATCH] Fix things suggested by chktex --- content/abstract.tex | 2 +- content/architecture.tex | 12 ++++++------ content/introduction.tex | 20 ++++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/content/abstract.tex b/content/abstract.tex index 9fadc87..da75e21 100644 --- a/content/abstract.tex +++ b/content/abstract.tex @@ -6,7 +6,7 @@ interactive tutorials running inside Docker containers, semi-automatically showc IT topics in real time. The user is guided through exercises using real environments with real software, all with the possibility of interaction at any time. This technology can supplement/improve the way e-learning is usually done today --- which is mostly articles and learning videos -- and help users get hands-on experience +--- which is mostly articles and learning videos --- and help users get hands-on experience on their way of acquiring knowledge. Currently more than 60 learning exercises based on this framework are available on diff --git a/content/architecture.tex b/content/architecture.tex index dbd7bf9..dfbbf0f 100644 --- a/content/architecture.tex +++ b/content/architecture.tex @@ -17,8 +17,8 @@ The most important feature of the framework is it's messaging system. Basically what we need is a system where processes running inside a Docker container would be allowed to communicate with eachother. This is easy with lots of possible solutions (named pipes, sockets or shared memory to name a few). -The hard part is that frontend components running inside a web browser -- which could be -potentially on the other side of the planet -- would also need to partake in said communication. +The hard part is that frontend components running inside a web browser --- which could be +potentially on the other side of the planet --- would also need to partake in said communication. So what we need to create is something of a hybrid between an IPC system and something that can communicate with JavaScript running in a browser connected to it. The solution the framework uses is a proxy server, which connects to frontend components @@ -74,7 +74,7 @@ RabbitMQ% ZMQ does not require a daemon (message broker process) and as such has a much lower memory footprint while still providing various messaging patterns and bindings for almost any widely used programming language. -An other -- yet untilized -- capability of this solution is that since ZMQ is capable +An other --- yet untilized --- capability of this solution is that since ZMQ is capable of using simple TCP sockets, we could even communicate with processes running on remote hosts using the framework. @@ -83,13 +83,13 @@ ZMQ which were also considered during the desing process of the framework at som A few examples of top contenders and reasons for not using them in the end: \begin{itemize} \item The handling of raw TCP sockets would involve lot's of boilerplate logic that - already have quality implementations in messaging libraries: i.e. making sure that + already have quality implementations in messaging libraries: i.e.\ making sure that all bytes are sent or received both require checking the return values of the libc \texttt{send()} and \texttt{recv()} system calls, while ZMQ takes care of this extra logic involved and even provides higher level messaging patterns such as subscribe-publish, which would need to be implemented on top of raw sockets again. - \item Using something like gRPC% - \footnote{\href{https://grpc.io}{https://grpc.io}} or plain HTTP (both of which + \item Using something like gRPC\footnote{\href{https://grpc.io}{https://grpc.io}} + or plain HTTP (both of which are considered to be higher level than ZMQ sockets) would require all processes partaking in the communication to be HTTP servers themselves, which would make the framework diff --git a/content/introduction.tex b/content/introduction.tex index 4140413..4c9a234 100644 --- a/content/introduction.tex +++ b/content/introduction.tex @@ -9,8 +9,8 @@ While we are enjoying the comfort that information technology provides us, we of about the risks involved in relying so much on software in our everyday lives. When taking a look on recent events, such as a cyber arms race taking place between leading powers, 50 million Facebook accounts being breached -due to the incorrect handling of access tokens \cite{FacebookBreach}, -or how China is building an Orwellian state of total digital surveillance +due to the incorrect handling of access tokens\cite{FacebookBreach}, +or how China is building an Orwellian state of total digital surveillance% \cite{ChinaSurv}\cite{ChinaCredit}, it becomes clear that security and privacy in the IT sector is more important now than ever. @@ -29,7 +29,7 @@ Often when large and reputable companies in the industry such as CloudFlare\cite{CloudFlareLeak} or eBay\cite{EBayGit} can fail to get it right at times is when people start to grasp how difficult it actually is. This is why unless we want to disconnect all our devices from all networks and ban USB -sticks, the best lines of defense are going to be people -- a new generation +sticks, the best lines of defense are going to be people --- a new generation of \emph{security conscious} users and developers. Among many other things outside IT, this is only possible with education\cite{ITSecEdu}. @@ -42,7 +42,7 @@ The only thing we can hope and work for is to become better and better as time and generations pass. We \emph{must} do better, and education is the way forward. -The short term goal of this project -- and the goal of this thesis -- is to provide +The short term goal of this project --- and the goal of this thesis --- is to provide a new angle in the education of software engineering, especially secure software engineering based on the aspirations above, with the long term goal of bringing something new to the table in the matter of IT education as a whole @@ -72,9 +72,9 @@ These kind of exercises offer great flexibility to reflect real world security i more complex challenges users might be required to exploit multiple vulnerabilites for success, and understand the ways they augment each other. We often recreate real world scenarios based on incident reports released by companies for -added authenticity and relevance \cite{AkosFacebook}. +added authenticity and relevance\cite{AkosFacebook}. Our challenges usually involve some sort of website acting as frontend for the vulnerable -application, or require the user to connect using SSH. +application, or require the user to connect using SSH\@. \pic{figures/avatao_challenge.png}{An offensive challenge on the Avatao platform} @@ -100,7 +100,7 @@ of challenges for QA\footnote{Quality Assurrance} and demo purposes% \footnote{I used to record short videos or GIFs to showcase my content to management}. In a certain scenario I was required to integrate a web based terminal emulator in a frontend application to improve user experience by making it possible to use a shell -right on the website rather than having to connect through SSH. +right on the website rather than having to connect through SSH\@. After I got this working I was looking into writing hacky bash scripts to automate the steps required to complete the challenge in order to make it easier for me to record the solution, as I have often found myself recording over and over again for a demo without any mistakes. @@ -135,12 +135,12 @@ would help formulate the idea of the project \emph{Tutorial Framework} or just \ \section{Vision of the Tutorial Framework} -The whole ''challenges that solve themselves'' thing seemed like an idea that has great +The whole ``challenges that solve themselves'' thing seemed like an idea that has great potential if developed further. We have envisioned something that resembles a learning video, but it is real, actual software running and interacting with itself to showcase different topics to the user. Something that would allow the users to stop at any given time, take a breath, interact -with the environment on their own (i.e. take a look a the directory structure or a file, +with the environment on their own (i.e.\ take a look a the directory structure or a file, try what happens if a command is executed somewhat differently, etc.) and then continue on with the tutorial. We wanted to create something that would feel like if an actual teacher was standing @@ -178,7 +178,7 @@ To achieve our goals we would need: \begin{itemize} \item a way to keep track of user progress - \item a way to to handle various events (i.e. we can react when + \item a way to to handle various events (i.e.\ we can react when the user has edited a file, or has executed a command in the terminal) \item a highly flexible messaging system, in which processes and frontend components (running in a web browser) could communicate with eachother