MatrixAdapt | Logiciel de gestion d'Entreprise, Création et référencement des sites web

Seo Master present to you: A few months ago, we challenged you to discover exploits in the Native Client system and more than 600 of you decided to take us up on our invitation. We're very pleased with the results: participants found bugs that enabled some really clever exploits, but nothing that pointed to a fundamental flaw in the design of Native Client. Our judges reviewed all entries very carefully and have selected five teams as the winners of the Native Client Security Contest.

The big winner of the contest was the team "Beached As", consisting of IBM researcher Mark Dowd and independent researcher Ben Hawkes. "Beached As" reported 12 valid issues, including vulnerabilities in the validator and multiple type-confusion attacks. The team "CJETM" (Chris Rohlf, Jason Carpenter, Eric Monti — all security professionals with Matasano Security) came in second by reporting three issues with a common theme of memory related defects, including an uninitialized vtable entry, an exception condition during new(), and a double delete bug. Gabriel Campana from Sogeti ESEC R&D Labs was selected as the third place, while for the fourth and fifth place we had a tie between independent researcher Daiki Fukumori and Rensselaer Polytechnic Institute student Alex Radocea. You can find a listing of all the issues the teams submitted at the Native Client Security Contest site.


Winning teams were attracted to the contest by the potential of the Native Client technology. Mark Dowd, member of the winning team "Beached As", commented, "When I saw the press release announcing the product, I was intrigued by some of the ideas mentioned in the article. After reviewing the architecture a little, I thought the project adopted a novel approach to solving the problem of running native code securely, and was keen to take a closer look." Curiosity about what the technology could achieve also motivated the CJETM team, according to Chris Rohlf.

The real-world relevance of Native Client made this contest more interesting and challenging for participants. Contestant Alex Radocea stated, "Unlike most security challenges out there, the set of problems were not crafted. The tasks at hand were real and complex, as the real world is. I have no doubt that many unknown people eyed the code or attacked the applications and, frustratingly, found absolutely nothing wrong." Mark Dowd agreed: "Our goal was to create a convincing lead, to try and take the victory, and I think we did that. Having said that, the field was not soft. There were some tough contestants who were able to uncover a variety of interesting vulnerabilities."

We would like to thank all the contestants, the jury chair Ed Felten and all the security experts that judged the contest for helping us improve the security of our system. This contest helped us discover implementation errors in Native Client and some areas of our codebase we need to spend more time reviewing. More importantly, that no major architectural flaws were found provides evidence that Native Client can be made safe enough for widespread use. Toward that end, we're implementing additional security measures, such as an outer sandbox, but you can help by continuing to file bugs in Native Client. Community support and scrutiny has helped and will continue to help make Native Client more useful and more secure.

By Henry Bridge and Brad Chen, Native Client Team2013, By: Seo Master

Seo Master present to you: By Dion Almaer, Google Developer Programs

One of the core pieces of infrastructure at Google is something called Protocol Buffers. We are really pleased to be open sourcing the system, but what are these buffers?

Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data – think XML, but smaller, faster, and simpler. You define how you want your data to be structured once, then you can use special generated source code to easily write and read your structured data to and from a variety of data streams and using a variety of languages. You can even update your data structure without breaking deployed programs that are compiled against the "old" format

It is probably best to take a peak at some code behind this. The first thing you need to do is define a message type, which can look like the following .proto file:

message Person {
  required string name = 1;
  required int32 id = 2;
  optional string email = 3;

  enum PhoneType {
    MOBILE = 0;
    HOME = 1;
    WORK = 2;
  }

  message PhoneNumber {
    required string number = 1;
    optional PhoneType type = 2 [default = HOME];
  }

  repeated PhoneNumber phone = 4;
}

There is detailed documentation on this language for you to learn more.

Once you have defined a message type, you run a protocol buffer compiler on the file to create data access classes for your platform of choice (Java, C++, Python in this release).

Then you can easily work with the data, for example in C++:

Person person;
person.set_name("John Doe");
person.set_id(1234);
person.set_email("jdoe@example.com");
fstream output("myfile", ios::out | ios::binary);
person.SerializeToOstream(&output);

We sat down with Kenton Varda, a software engineer who worked on the open source effort, to get his take on Protocol Buffers, how we ended up with them, how they compare to other solutions, and more:

2013, By: Seo Master

Seo Master present to you:
By Jason Robbins, Google Project Hosting Team

Faster is better, especially for tedious tasks. Even though software development can be creative and exciting, it certainly has its share of tedious tasks. For example, that open source application library you developed that got users so excited? Well, now it is generating dozens of defect reports and enhancement requests for you and your teammates to sift through. Is your team growing? Are you planning a major release? Is it time to finally clean up obsolete issues? It’s awesome to be organized, but keeping up with all your issues can become tedious: click, click, click, click, click.

Today we’re launching a new issue tracking feature that allows quick edits in the issue preview window. It’s a happy medium between viewing one issue in detail and doing a bulk edit. Unlike the familiar forms-based UX that we normally use, quick edits are more command-like, keyboard-oriented, and emphasize the ability to repeat recent commands.


Previewing issues works about 40% faster than our normal issue detail page, so you can skim fast enough to achieve oneness with your backlog, then punch in some quick edits to show it who’s boss. When you’re in the zone, that click, click, click is replaced with something more like h, e, j, j, e, j, j, 2, e, j, e, j, j, j, 1, e, done! Here’s your cheat sheet:

Keystroke	Action
h	Toggle the issue preview window.
j or k	Select the next or previous issue.
f, n, p, l	Scroll to the first, next, previous, or last comment in an issue.
1, 2, 3, 4, 5	Select a recent command. If you modify the command or comment, it will be stored in that numbered slot for later reuse.
m	Focus on the command text field.
e	Execute the command and show the issue comment that it generated.

Not ready to go all-keyboard? Just turn on the user preference for issue preview when mousing. Then, you can do your most common and repetitive issue edits by just hovering over an ID number and clicking the Execute button.


Jason Robbins founded the ArgoUML and ReadySET open source projects as a result of his research into the cognitive challenges of software engineering tool UIs. He’s worked on Google Project Hosting since 2005. Over the years he’s been a contestant, coach, and judge for the ACM International Collegiate Programming Contest.

Posted by Scott Knaster, Editor

2013, By: Seo Master