= 2010-09-09 = * [https://docs.google.com/present/view?id=ddqtts2d_396cf7pj4g8 Web Tools for Blended Learning: Experiences in a real-world teaching] - 分享如何用 Web 2.0 的工具來提昇教學品質 == Embedded Virtualization and Security == * [http://embeddedinnovator.com/securing-smart-grid-devices Securing Smart Grid Devices - Using Virtualization to Protect the Grid] * 智慧電網的資料風險包括: - Data at risk includes: * 診斷資訊 Diagnostic information * 維護資訊 Maintenance information * 身份識別 Identification (potentially including personal information) * 帳單資訊 Billing data * 系統狀態 System status * 降低風險方案一:建立實體隔離的網路 - build physically separate secure and non-secure devices and networks. - 缺點:佈署成本太高!! * 降低風險方案二:透過嵌入式虛擬化進行隔離 - leverage embedded virtualization to run both secure and non-secure software on the same device. * 優點一:降低佈署成本 * 優點二:縮短系統安全驗證時間與人力成本 - Validating system security is a tedious, costly, and time-consuming task, and the effort required grows considerably for complex systems. A secure hypervisor can simplify matters by separating security-critical functions into trusted partitions and less critical software into non-trusted partitions. * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-1_thumb.png)]] * 虛擬化資安隔離需要內部通訊 - Communication between partitions is a key requirement for virtualized systems since there is always a need to transfer data and control from trusted partitions to non-trusted partitions. * 因此 hypervisor 必須提供 Secure Inter-Process Communication (Secure IPC or SIPC) * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-2.png)]] * 外部通訊部份則需要 Multiple Single-Level (MSL) networking. 像是 802.1Q for virtual LANs 會使用類似 QoS 的 Tag 封包,讓不同機敏性的資料縱使在同一個實體網路傳輸,也是安全的。 * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-3_thumb.png)]] == Source Code Analysis == * 在去年第八屆開放系統論壇有一場關於『[http://www.cosa.org.tw/public_files/OSSForum/OSSF8/Slides/06-%E6%AF%8F%E6%97%A5%E8%87%AA%E5%8B%95%E5%8C%96%E5%BB%BA%E7%BD%AE%E3%80%81%E6%B8%AC%E8%A9%A6%E8%88%87%E7%A8%8B%E5%BC%8F%E7%A2%BC%E8%A4%87%E9%9B%9C%E5%BA%A6%E5%88%86%E6%9E%90%28%E6%A5%8A%E6%9D%B1%E5%9F%8E%29.pdf 每日自動化建置、測試與程式碼複雜度分析]』的演講,裡面介紹了大型軟體專案的品質控管,底下紀錄一下幾個相關自由軟體: * http://cruisecontrol.sourceforge.net/ * http://findbugs.sourceforge.net/ * http://pmd.sourceforge.net/ * [http://www.campwoodsw.com/sourcemonitor.html Source Monitor]