Fix things suggested by chktex

This commit is contained in:
Kristóf Tóth 2018-12-01 09:54:31 +01:00
parent d1751b0e7c
commit fb08ec81cb
3 changed files with 17 additions and 17 deletions

View File

@ -6,7 +6,7 @@ interactive tutorials running inside Docker containers, semi-automatically showc
IT topics in real time. The user is guided through exercises using real environments with IT topics in real time. The user is guided through exercises using real environments with
real software, all with the possibility of interaction at any time. real software, all with the possibility of interaction at any time.
This technology can supplement/improve the way e-learning is usually done today This technology can supplement/improve the way e-learning is usually done today
-- which is mostly articles and learning videos -- and help users get hands-on experience --- which is mostly articles and learning videos --- and help users get hands-on experience
on their way of acquiring knowledge. on their way of acquiring knowledge.
Currently more than 60 learning exercises based on this framework are available on Currently more than 60 learning exercises based on this framework are available on

View File

@ -17,8 +17,8 @@ The most important feature of the framework is it's messaging system.
Basically what we need is a system where processes running inside a Docker container Basically what we need is a system where processes running inside a Docker container
would be allowed to communicate with eachother. would be allowed to communicate with eachother.
This is easy with lots of possible solutions (named pipes, sockets or shared memory to name a few). This is easy with lots of possible solutions (named pipes, sockets or shared memory to name a few).
The hard part is that frontend components running inside a web browser -- which could be The hard part is that frontend components running inside a web browser --- which could be
potentially on the other side of the planet -- would also need to partake in said communication. potentially on the other side of the planet --- would also need to partake in said communication.
So what we need to create is something of a hybrid between an IPC system and something So what we need to create is something of a hybrid between an IPC system and something
that can communicate with JavaScript running in a browser connected to it. that can communicate with JavaScript running in a browser connected to it.
The solution the framework uses is a proxy server, which connects to frontend components The solution the framework uses is a proxy server, which connects to frontend components
@ -74,7 +74,7 @@ RabbitMQ%
ZMQ does not require a daemon (message broker process) and as such ZMQ does not require a daemon (message broker process) and as such
has a much lower memory footprint while still providing various messaging has a much lower memory footprint while still providing various messaging
patterns and bindings for almost any widely used programming language. patterns and bindings for almost any widely used programming language.
An other -- yet untilized -- capability of this solution is that since ZMQ is capable An other --- yet untilized --- capability of this solution is that since ZMQ is capable
of using simple TCP sockets, we could even communicate with processes running on remote of using simple TCP sockets, we could even communicate with processes running on remote
hosts using the framework. hosts using the framework.
@ -83,13 +83,13 @@ ZMQ which were also considered during the desing process of the framework at som
A few examples of top contenders and reasons for not using them in the end: A few examples of top contenders and reasons for not using them in the end:
\begin{itemize} \begin{itemize}
\item The handling of raw TCP sockets would involve lot's of boilerplate logic that \item The handling of raw TCP sockets would involve lot's of boilerplate logic that
already have quality implementations in messaging libraries: i.e. making sure that already have quality implementations in messaging libraries: i.e.\ making sure that
all bytes are sent or received both require checking the return values of the all bytes are sent or received both require checking the return values of the
libc \texttt{send()} and \texttt{recv()} system calls, while ZMQ takes care of this libc \texttt{send()} and \texttt{recv()} system calls, while ZMQ takes care of this
extra logic involved and even provides higher level messaging patterns such as extra logic involved and even provides higher level messaging patterns such as
subscribe-publish, which would need to be implemented on top of raw sockets again. subscribe-publish, which would need to be implemented on top of raw sockets again.
\item Using something like gRPC% \item Using something like gRPC\footnote{\href{https://grpc.io}{https://grpc.io}}
\footnote{\href{https://grpc.io}{https://grpc.io}} or plain HTTP (both of which or plain HTTP (both of which
are considered to be higher level than ZMQ sockets) would require are considered to be higher level than ZMQ sockets) would require
all processes partaking in the communication to be HTTP servers themselves, all processes partaking in the communication to be HTTP servers themselves,
which would make the framework which would make the framework

View File

@ -9,8 +9,8 @@ While we are enjoying the comfort that information technology provides us, we of
about the risks involved in relying so much on software in our everyday lives. about the risks involved in relying so much on software in our everyday lives.
When taking a look on recent events, such as a cyber arms race taking place between leading When taking a look on recent events, such as a cyber arms race taking place between leading
powers, 50 million Facebook accounts being breached powers, 50 million Facebook accounts being breached
due to the incorrect handling of access tokens \cite{FacebookBreach}, due to the incorrect handling of access tokens\cite{FacebookBreach},
or how China is building an Orwellian state of total digital surveillance or how China is building an Orwellian state of total digital surveillance%
\cite{ChinaSurv}\cite{ChinaCredit}, \cite{ChinaSurv}\cite{ChinaCredit},
it becomes clear that security and privacy in the IT sector it becomes clear that security and privacy in the IT sector
is more important now than ever. is more important now than ever.
@ -29,7 +29,7 @@ Often when large and reputable companies in the industry such as
CloudFlare\cite{CloudFlareLeak} or eBay\cite{EBayGit} can fail to get it right at times CloudFlare\cite{CloudFlareLeak} or eBay\cite{EBayGit} can fail to get it right at times
is when people start to grasp how difficult it actually is. is when people start to grasp how difficult it actually is.
This is why unless we want to disconnect all our devices from all networks and ban USB This is why unless we want to disconnect all our devices from all networks and ban USB
sticks, the best lines of defense are going to be people -- a new generation sticks, the best lines of defense are going to be people --- a new generation
of \emph{security conscious} users and developers. of \emph{security conscious} users and developers.
Among many other things outside IT, this is only possible with education\cite{ITSecEdu}. Among many other things outside IT, this is only possible with education\cite{ITSecEdu}.
@ -42,7 +42,7 @@ The only thing we can hope and work for is to become better and better as time
and generations pass. and generations pass.
We \emph{must} do better, and education is the way forward. We \emph{must} do better, and education is the way forward.
The short term goal of this project -- and the goal of this thesis -- is to provide The short term goal of this project --- and the goal of this thesis --- is to provide
a new angle in the education of software engineering, especially secure software a new angle in the education of software engineering, especially secure software
engineering based on the aspirations above, with the long term goal of bringing engineering based on the aspirations above, with the long term goal of bringing
something new to the table in the matter of IT education as a whole something new to the table in the matter of IT education as a whole
@ -72,9 +72,9 @@ These kind of exercises offer great flexibility to reflect real world security i
more complex challenges users might be required to exploit multiple vulnerabilites for success, more complex challenges users might be required to exploit multiple vulnerabilites for success,
and understand the ways they augment each other. and understand the ways they augment each other.
We often recreate real world scenarios based on incident reports released by companies for We often recreate real world scenarios based on incident reports released by companies for
added authenticity and relevance \cite{AkosFacebook}. added authenticity and relevance\cite{AkosFacebook}.
Our challenges usually involve some sort of website acting as frontend for the vulnerable Our challenges usually involve some sort of website acting as frontend for the vulnerable
application, or require the user to connect using SSH. application, or require the user to connect using SSH\@.
\pic{figures/avatao_challenge.png}{An offensive challenge on the Avatao platform} \pic{figures/avatao_challenge.png}{An offensive challenge on the Avatao platform}
@ -100,7 +100,7 @@ of challenges for QA\footnote{Quality Assurrance} and demo purposes%
\footnote{I used to record short videos or GIFs to showcase my content to management}. \footnote{I used to record short videos or GIFs to showcase my content to management}.
In a certain scenario I was required to integrate a web based terminal emulator in a In a certain scenario I was required to integrate a web based terminal emulator in a
frontend application to improve user experience by making it possible to use a shell frontend application to improve user experience by making it possible to use a shell
right on the website rather than having to connect through SSH. right on the website rather than having to connect through SSH\@.
After I got this working I was looking into writing hacky bash scripts to automate the steps After I got this working I was looking into writing hacky bash scripts to automate the steps
required to complete the challenge in order to make it easier for me to record the solution, required to complete the challenge in order to make it easier for me to record the solution,
as I have often found myself recording over and over again for a demo without any mistakes. as I have often found myself recording over and over again for a demo without any mistakes.
@ -135,12 +135,12 @@ would help formulate the idea of the project \emph{Tutorial Framework} or just \
\section{Vision of the Tutorial Framework} \section{Vision of the Tutorial Framework}
The whole ''challenges that solve themselves'' thing seemed like an idea that has great The whole ``challenges that solve themselves'' thing seemed like an idea that has great
potential if developed further. potential if developed further.
We have envisioned something that resembles a learning video, but it is real, actual We have envisioned something that resembles a learning video, but it is real, actual
software running and interacting with itself to showcase different topics to the user. software running and interacting with itself to showcase different topics to the user.
Something that would allow the users to stop at any given time, take a breath, interact Something that would allow the users to stop at any given time, take a breath, interact
with the environment on their own (i.e. take a look a the directory structure or a file, with the environment on their own (i.e.\ take a look a the directory structure or a file,
try what happens if a command is executed somewhat differently, etc.) and then try what happens if a command is executed somewhat differently, etc.) and then
continue on with the tutorial. continue on with the tutorial.
We wanted to create something that would feel like if an actual teacher was standing We wanted to create something that would feel like if an actual teacher was standing
@ -178,7 +178,7 @@ To achieve our goals we would need:
\begin{itemize} \begin{itemize}
\item a way to keep track of user progress \item a way to keep track of user progress
\item a way to to handle various events (i.e. we can react when \item a way to to handle various events (i.e.\ we can react when
the user has edited a file, or has executed a command in the terminal) the user has edited a file, or has executed a command in the terminal)
\item a highly flexible messaging system, in which processes and \item a highly flexible messaging system, in which processes and
frontend components (running in a web browser) could communicate with eachother frontend components (running in a web browser) could communicate with eachother