NxtGen Fest 09

Last Friday I attended the NxtGen Fest 09 event at Microsoft Research, Cambridge. This consisted of a day of generally interesting talks on a variety of topics.
The keynote and the first talk were on the subject of machine learning using probabilistic models. Microsft Research have just released a beta of Infer.NET, a library that lets the user set up a probabilistic model; results can then be fed into the model and the Infer.NET framework will back-propagate the data values to infer more accurate probability distributions. For a simple example, there’s a model for throwing two coins in the documentation here with an explanation here. This type of technology has been used in TrueSkill for ranking players on XBox.
The next talk was on Silverlight 3. I’d seen this talk already at WebDD, where Mike Taulty presented a list of Silverlight improvements in version 3. The first item on the list was the ability to set an application running out of browser. At WebDD this demo failed and at Fest 09 there seemed to be problems uninstalling the application after it had been installed out of browser.
Dinis Cruz  followed up with a great talk on using analysis tools for detecting security problems in web applications. He talked a little about CAT.NET and then went on to demonstrate a tool on which he’d been working, which is part of OunceOpen. As well as static analysis, he was interested in analysing dynamic traces of call paths through the application – to do this he had taken the Microsoft managed debugger sample (Mdbg) and written code on top of that to install breakpoints on the application code and capture the trace. The emphasis was on having rules that detected exploitable pieces of code, say execution of a dynamcially generated SQL query in a function that took a string parameter which was concatenated with other strings to make the query, and then analysing the code to find entry points to the application that could pass in a value that found its way to this call site.
Chris Hay did a good talk on the way Silverlight applications can communicate with the host web site. His talk mentioned NPAPI and showed that some of the limitations in the communication from a Silverlight application were down to the need to run on top of this api.
The last talk by Alisson Sol was fantastic. He discussed some of the practices inside Microsoft for categorising and handling bugs. The talk had a few interesting examples of subtle bugs, which would be very tricky to find… this was one motivation for freezing code early and releasing in large beta programs to allow the code to be tested on a wide variety of machines. He also suggested that some technical interviews concentrate on the wrong things – who cares if some whiteboard code contains an off-by-one error. That is the kind of things that testers are going to find. The talk made a lot of interesting observations.
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s