3 years ago
Today we continue a series of publications of master classes of our educational projects and we present to yours a post based on Dmitry Sklyarov's performances which he carried out in the Technosphere and Tekhnotreke. A performance subject — Digital Rights Management. You watch video of performance at IT.MAIL.RU, and the text — further.
The idea of this performance increased from the paper which I read at the DEFCON conference in 2001 then I and at the company in which I worked (ElcomSoft) had some legal difficulties. In 1,5 years after this performance in the USA the court as a result of which the company found not guilty on all five counts took place, but history was rather loud. Years later I decided to make the new version of that report, having added information on new tendencies in the field of Digital Rights Management (DRM).
DRM in the field of audio and video
I will tell how there was an idea of DRM. Everything began with the household videorecorder of the Betamax system which the Sony company put on the market in 1975. It became the first device allowing to write independently television air for the subsequent viewing. And in 1976 Sony received a legal claim from Universal Studios and The Walt Disney Company in which it was said that use of technologies of household video violates copyright. That is I can write the movie from the TV, and after that, for example, sell it or allow to look to somebody who has no relation to television, or something like that. Means, the Sony company is in advance guilty that it created such device, and similar devices it is necessary it is necessary to prohibit.
On Wednesday, December 2, we invite frontend-developers in our Moscow office to share experience and to discuss nuances of work. Developers of the Mail and Main Page projects will tell how they in Mail.Ru Group optimize a code of client part of applications what features of implementation of component approach they faced and what tools used. Guests are also waited by a master class on which speakers will show methods of acceleration of development process, support and integration.
We are glad to report about the beginning of the scheduled international championship on programming of artificial intelligence — Russian AI Cup. This time the championship received the name CodeRacing. To men of courage who will venture to take part, it is necessary to program artificial intelligence for control of the racing car. But he will have to not just play a role of the driver, but also at the same time shoot rivals. In the "game" world four types of units are provided: kodemobil, shells, bonuses and pools of fuel oil. The "dirtiest" acceptances on a trass will only be encouraged: it is possible to push someone else's machines, to damage them and to break.
3 years ago
Breakdown on pages is a method of memory management, selected for the user processes. All accesses of processes to memory are virtual, and conversion of their addresses to addresses of physical memory is executed by OS and hardware MMU.
At breakdown on pages memory is divided into blocks of fixed size. In Linux on x86/64-platforms the size of pages usually makes 4 KB. Each process comprises the table in which information on compliance of addresses of the page and physical memory — an element of the table of pages (page table entry) is stored. That OS did not climb in this table at each storage access (otherwise for processing of each request for storage access it will be required to address it twice), the small cache — the buffer of associative broadcasting is applied (Translationlookaside Buffer, TLB). This hardware component is in MMU and works extremely quickly and effectively. The system scans TLB for the purpose of search of record about compliance of addresses of the page and physical memory. If the necessary record does not appear there, then the kernel of OS should address memory, to look for the necessary compliance and to update information in TLB to obtain data necessary to us from memory.
If you want to learn more about virtual memory management, then can study this publication. For now let's sort as in PHP 7 work with big pages (Huge Page) is arranged.
With ICQ it is recently awarded the nominations Editors' Choice in Google Play. This nomination is, perhaps, the most significant in a stor from those that pass manual moderation. Let's try to tell how we received current "The New ICQ" and what it is necessary to pay attention to if you want to receive a badge of "Editors' Choice" on your application too.
On November 3 in our Moscow office there took place the meeting of community #PostgreSQLRussia. This time participants discussed nuances of transition to PostgreSQL from other DBMS. In Russia already several years are observed a tendency to failure from proprietary DBMS. Some large companies already migrated or are in process of migration on PostgreSQL. Their experience is interesting not only from the point of view of the process of migration. Large projects which passed to Postgres can share new unique experience that, certainly, is useful also for those who use Postgres long ago. You watch our report from conference under a cat.
3 years ago
In this article we will consider two methods of search by means of regular expressions. One is widespread and is used in standard interpreters of many languages. The second is applied in few places, generally in implementations of awk and grep. Both approaches strongly differ on the performance:
In the first case search occupies A? time nAn, in the second — An.
Degrees designate recurrence of lines, that is A? is 3A3 the same, as A? A? A? AAA. Diagrams reflect time demanded for search through regular expressions.
Pay attention that in Perl search of a line from 29 characters requires more than 60 seconds. And at the second method — 20 microseconds. It is not an error. By search of 29-character string of Thompson NFA works approximately a million times quicker. If it is necessary to find 100-character string, then Thompson NFA will cope less than for 200 microseconds, and Perl is required more 1015. And it is taken only for an example, in many other languages the same picture — in Python, PHP, Ruby etc. is observed. Below we will consider this question in more detail.
For certain it is difficult for you to believe the provided data. If you worked with Perl, then hardly noticed behind it poor performance during the work with regular expressions. The matter is that in most cases Perl treats them quickly enough. However, as appears from the diagram, it is possible to face so-called pathological regular expressions on which Perl begins to slip. At the same time Thompson NFA have no such problem.
There is a logical question: and why in Perl not to use the Thompson NFA method? It is possible and it is necessary to do, and about it the speech will go further.
In this post I would like to tell about approaches, acceptances and means of preparation of tests. I will tell how not to write superfluous, to duplicate less a code, to write tests so that they were easy to be supported and how to win in performance in some situations.
To whom will it be interesting?
If you began to write tests recently.
If you write tests and consider that in them there is a lot of kopipasta, or it is possible to improve them considerably.
If you write tests occasionally or do not write absolutely as it is not pleasant to you or consider that it long.
If you the master in writing of tests. Perhaps, you learn some subtleties or will find several useful trifles.
3 years ago
Five years I publish regular reviews of fresh articles on a subject of interfaces, new tools and collections of patterns, interesting cases and historical stories. From tapes of several hundred thematic subscriptions about 5% of the standing publications which are interesting for sharing are selected. Previous materials: April 2010 September, 2015.
On October 22 in our office there passed the next Security Meetup. At a meeting there were five reports devoted to different vulnerabilities. Such questions as a reverse engineering in Enterprise and the related business processes (on the example of Qiwi payment service provider), unsafe deserialising of data in PHP, degree of reliability of two-factor authentication in mobile applications, work for money for bug bounty, and also possibility of attack by means of the "dangerous" video file were opened.