Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Core Infrastructure Initiative (CII), Crypto AG, More Issues

Filed under
Linux
Security
  • Security updates for Tuesday

    Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and webkit2), openSUSE (firefox, nextcloud, and thunderbird), Oracle (firefox and ksh), Red Hat (curl, java-1.7.0-openjdk, kernel, and ruby), Scientific Linux (firefox and ksh), SUSE (sudo and xen), and Ubuntu (clamav, php5, php7.0, php7.2, php7.3, postgresql-10, postgresql-11, and webkit2gtk).

  • The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security

    The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), today announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

    This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

    “The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

  •                    

  • [Attackers] are demanding nude photos to unlock files in a new ransomware scheme targeting women

                         

                           

    The malware doesn’t appear to be the first to demand explicit images: In 2017, security firm Kaspersky reported another type of ransomware that demanded nude photos in exchange for unlocking access to infected computers. In other cases, scammers on dating apps have requested nude photos from would-be suitors, then held them for ransom by threatening to leak the photos.

  • Alarming ‘Hidden’ Cyber Attack Leaves Millions Of Windows And Linux Systems Vulnerable [Ed: Misleading headline from decades-long Microsoft booster. This isn't an OS level issue.]

    Vulnerabilities that can be hidden away out of sight are amongst the most-coveted by cyber-criminals and spooks alike. That's why zero-day vulnerabilities are deemed so valuable, and cause so much high-level concern when they are exposed. It's also why the CIA secretly purchased an encryption equipment provider to be able to hide backdoors in the products and spy upon more than 100 governments.

    While we are almost accustomed to reading government warnings about vulnerabilities in the Windows operating system, Linux cybersecurity threat warnings are less common. Which is partly why this report on the hidden exploit threat within both Linux and Windows systems caught my eye. The Eclypsium researchers concentrated on unsigned firmware as this is a known attack vector, which can have devastating implications, yet one in which vendors have appeared to be slow taking seriously enough. The unsigned firmware in question was found in peripherals used in computers from Dell, Lenovo and HP as well as other major manufacturers. They also demonstrated a successful attack using a network interface card with, you guessed it, unsigned firmware that is used by the big three server manufacturers. "Despite previous in-the-wild attacks," the report said, "peripheral manufacturers have been slow to adopt the practice of signing firmware, leaving millions of Windows and Linux systems at risk of firmware attacks that can exfiltrate data, disrupt operations and deliver ransomware."

    The truth is that, as far as cybersecurity is concerned, much of the defensive effort is focused on the operating system and applications. Hardly surprising, given these are the most visible attack surfaces. By not adding firmware into the threat prevention model, however, organizations are leaving a gaping hole just waiting to be filled by threat actors. "This could lead to implanted backdoors, network traffic sniffing, data exfiltration, and more," says Katie Teitler, a senior analyst at TAG Cyber. "Unfortunately, though, firmware vulnerabilities can be harder to detect and more difficult to patch," she says, "best practice is to deploy automated scanning for vulnerabilities and misconfigurations at the component level, and continuously monitor for new issues or exploits."

  • The Week in Internet News: CIA Had Encryption Backdoor for Decades

    The U.S. CIA secretly had an ownership stake in Swiss encryption company Crypto AG for decades and was able to read encrypted messages sent using the company’s technology, the Washington Post reports. West German intelligence agencies worked with the CIA. Forbes columnist Jody Westby called for a congressional investigation.

  • Insights from Avast/Jumpshot data: Pitfalls of data anonymization

    There has been a surprising development after my previous article on the topic, Avast having announced that they will terminate Jumpshot and stop selling users’ data. That’s not the end of the story however, with the Czech Office for Personal Data Protection starting an investigation into Avast’s practices. I’m very curious to see whether this investigation will confirm Avast’s claims that they were always fully compliant with the GDPR requirements. For my part, I now got a glimpse of what the Jumpshot data actually looks like. And I learned that I massively overestimated Avast’s success when anonymizing this data.

    [...]

    The data I saw was an example that Jumpshot provided to potential customers: an excerpt of real data for one week of 2019. Each record included an exact timestamp (milliseconds precision), a persistent user identifier, the platform used (desktop or mobile, which browser), the approximate geographic location (country, city and ZIP code derived from the user’s IP address), a guess for user’s gender and age group.

    What it didn’t contain was “every click, on every site.” This data sample didn’t belong to the “All Clicks Feed” which has received much media attention. Instead, it was the “Limited Insights Pro Feed” which is supposed to merely cover user’s shopping behavior: which products they looked at, what they added to the cart and whether they completed the order. All of that limited to shopping sites and grouped by country (Germany, UK and USA) as well as product category such as Shoes or Men’s Clothing.

    This doesn’t sound like there would be all too much personal data? But there is, thanks to a “referrer” field being there. This one is supposed to indicate how the user came to the shopping site, e.g. from a Google search page or by clicking an ad on another website. Given the detailed information collected by Avast, determining this referrer website should have been easy – yet Avast somehow failed this task. And so the supposed referrer is typically a completely unrelated random web page that this user visited, and sometimes not even a page but an image or JSON data.

    If you extract a list of these referrers (which I did), you see news that people read, their web mail sessions, search queries completely unrelated to shopping, and of course porn. You get a glimpse into what porn sites are most popular, what people watch there and even what they search for. For each user, the “limited insights” actually contain a tiny slice of their entire browsing behavior. Over the course of a week this exposed way too much information on some users however, and Jumpshot customers watching users over longer periods of time could learn a lot about each user even without the “All Clicks Feed.”

  • Byos Cautions RSA Conference 2020 Attendees, Travelers and General Public to “Dirty Half-Dozen” Public Wi-Fi Risks

    Byos, Inc., an endpoint security company focused on concept of Endpoint Microsegmentation through Hardware-Enforced Isolation, recommends caution for attendees of major conferences and events such as the RSA Conference 2020, a leading cybersecurity conference in San Francisco, February 24-28, and travelers in general risks of Free Wi-Fi. Many attendees will access the Internet via multiple free Wi-Fi connection points from Hotels, Airports, Coffee Shops and the Conference itself, and every free Wi-Fi access presents security risks for users that Byos calls “The Dirty Half-Dozen.”

    [...]

    The Dirty Half-Dozen risks are:

    Scanning, enumerating, and fingerprinting
    Eavesdropping
    Evil-Twin Wi-Fi
    Exploits
    Lateral network infections
    DNS hijacking

The Linux Foundation identifies most important open-source...

  • The Linux Foundation identifies most important open-source software components and their problems

    Red Hat recently reported open-source software now dominates the enterprise. Actually, it does more than that. Another older study found open-source software makes up 80% to 90% of all software. You may not know that, because many of these programs are built on deeply buried open-source components. Now, The Linux Foundation's Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have revealed -- in "Vulnerabilities in the Core, a preliminary report and Census II of open-source software" -- the most frequently used components and the vulnerabilities they share.

The Linux Foundation reveals the most commonly open-source

  • The Linux Foundation reveals the most commonly open-source software components

    The Linux Foundation is addressing structural and security complexities in today’s modern software supply chains with the release of the ‘Vulnerabilities in the Core,’ a preliminary report and census II of open-source software.

    The report was put together by the Linux Foundation’s Core Infrastructure Initiative and the Laboratory for Innovation Science at Harvard (LISH).

LWN's mention of it

The Trouble with Free and Open Source Software

  • The Trouble with Free and Open Source Software

    Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes.
    A wide-ranging study by researchers at the Linux Foundation and the Laboratory for Innovation Science at Harvard has yielded vital new information on the most widely used free and open source software (FOSS) within enterprises — and potential security risks related to that use.

    The researchers found that a lack of a standardized naming scheme for FOSS components has made it hard for organizations and other stakeholders to quickly and precisely identify questionable or vulnerable components.

    They also discovered that accounts belonging to developers contributing most actively to some of the most widely deployed open source software need to be secured much better. A third finding was that legacy packages within the open source space are becoming riskier by the day, just like any other older hardware or software technology.

    "FOSS components underpin nearly all other software out there — both open and proprietary — but we know so little about which ones might be the most widely used and most vulnerable," says Frank Nagle, professor at Harvard Business School and co-author of the report. "Given the estimated economic impact of FOSS, far too little attention is paid to systematic efforts to support and maintain this core infrastructure," he says.

    For the study, the researchers from the Linux Foundation and Harvard analyzed enterprise software usage data provided by, among others, software composition analysis firms and application security companies such as Snyk and the Synopsys Cybersecurity Research Center. In trying to identify the most widely used open source software, the researchers considered all of the dependencies that might exist between a FOSS package or component and other enterprise applications and systems.

Linux Foundation Works With -- and For -- Microsoft Proxies

Linux Foundation study throws the open source sustainability

  • Linux Foundation study throws the open source sustainability debate into question

    Open source developers, it turns out, tend to be well paid. That's one possible conclusion to be drawn from a recent Linux Foundation report (PDF), which found that over 75% of the top maintainers for the 200 most active open source projects are paid to work on open source full or part-time. This isn't a new development (I wrote about it back in 2008), but it bears repeating since we are apparently in the midst of an open source sustainability crisis (again).

    As Luis Villa has suggested, "getting paid" isn't the same thing as "comfortable work," which can lead to burnout. But it does suggest we may need to approach the conversation with more data and less hand waving.

Census For Open Source Software Security Released

  • Census For Open Source Software Security Released

    “The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation.

    “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software,” Zemlin added.

Top 10 Most Used Open Source Software: Linux Foundation Report

  • Top 10 Most Used Open Source Software: Linux Foundation Report

    Accounting for 80-90 percent of all software, Free and Open Source Software (FOSS) ecosystem is booming with high dependency usage by all sector companies.

    Accordingly, The Linux Foundation’s Core Infrastructure Initiative (CII) in collaboration with Harvard’s Lab for Innovation Science has released a census report titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software.”

Linux Foundation in 2020 still amplifies stigma that FOSS is bad

  • 7 of the World’s Top 10 Open Source Packages Come with This Warning

    “Changes to code under the control of these individual developer accounts are significantly easier to make, and to make without detection”

    Of the world’s top 10 most-used open source packages, seven are hosted on individual developer accounts, the Linux Foundation’s Core Infrastructure Initiative has warned, saying this could pose a security risk to code at the heart of the global economy.

    The finding came as the CII delivered the first major census of the free and open source software (FOSS) components that are most widely used in production applications.

  • The great big open-source census: Most-used libraries revealed – plus 10 things developers should be doing to keep their code secure

    With modern applications now composed of 80 to 90 per cent Free and Open Source Software (FOSS), the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) on Wednesday published their second open-source census to promote better security and code management practices.

    The first such report appeared in 2015, and focused on enumerating critical components in the Debian GNU/Linux distribution. The latest one, "Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," examines the most commonly used FOSS packages in production applications with an eye toward potential vulnerabilities so organizations can develop better management and security tools

"Linux Foundation’s recipe for security disaster"

  • Individual accounts, missing naming standards, and legacy – Linux Foundation’s recipe for security disaster [Ed: Another new example of Linux Foundation (LF) speaking against FOSS on behalf of companies like Snyk that work for Microsoft and sell proprietary software. LF: Join Microsoft GitHub today and pay Black Duck/Snyk for their proprietary software for 'security' (they pay us to market them).]

    The Linux Foundation has, together with Harvard’s Lab for Innovation Science, released its second go at a FOSS census, attempting to identify the most used open source components and their potential vulnerabilities.

    The preliminary report titled “Vulnerabilities at the core” is a product of the foundation’s Core Infrastructure Initiative, which was started in 2014 in the wake of an OpenSSL security bug, which had an impact on about half a million secure web servers. Members of the CII now provide funding and support for critical open source infrastructure projects in the hopes of preventing a rerun of the so-called Heartbleed vulnerability.

Harvard as FUD vendor for proprietary software companies

  • Linux Foundation & Harvard carry out open source ‘security census’

    The Linux Foundation’s Core Infrastructure Initiative (CII) is a project designed to support best practices with a key eye on the security of critical open source software projects.

    The CII team has this month worked with the Laboratory for Innovation Science at Harvard (LISH).

  • The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security

    The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), today announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

    This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

Linux and LISH release census for open source security

  • Linux and LISH release census for open source security

    The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.

    This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open-source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

"Key Lessons from a Major Open Source Census"

  • Vulnerabilities in the Core: Key Lessons from a Major Open Source Census

    A major new Open Source census has identified the Top 20 most commonly used free and open source software (FOSS) components in production applications.

    The Linux Foundation/ Laboratory for Innovation Science at Harvard (LISH) “Census II” report, published this week, represents what it describes as the “first steps toward addressing the structural issues that threaten the FOSS ecosystem.”

More bad press

  • What Are The Most Common Issues With Free Open Source Software?

    Free and Open Source Software (FOSS) has become a prominent aspect of the new age global economy. It has been analysed that FOSS makes up about 80-90% of any particular piece of today’s software. It is to be noted that software is an increasingly-critical resource in almost all businesses, both public and private. But, there are many issues with FOSS, according to the Linux Foundation.

    The Linux Foundation established the Core Infrastructure Initiative (CII) in 2014 as a part of which its members gave funding and support for FOSS projects, which are important to worldwide data and information infrastructure. In 2015, CII finished the Census Project (“Census I”) to find out which software packages in the Debian Linux distribution had been the most important to the kernel’s overall security.

    While the Census I project emphasised on analysing the Linux kernel distribution packages, it did not go deep into which software was utilised in production applications. That’s where Census II comes in.

LF as Spokesperson of Foes of FOSS

  • Linux Foundation and LISH publish latest open-source census with suggestions to boost security

    The latest open-source census has been published by the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) with some interesting observations.

    Now in its second edition, the census examines the current state of open-source software. The latest report, catchily titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," focuses on common Free and Open Source Software (FOSS) used in production applications.

Linux Foundation 'research' still in 'the news'

  • The Elements And Benefits Of Open-Source Compliance [Ed: Linux Foundation 'research' is an attack on Free software. It's like it's run for Microsoft, Oracle etc.]

    The goal of the Linux Foundation’s[1] OpenChain Project, and the specification[2] it maintains, is to promote predictability and uniformity in the management of open source. The project also aims to create consistency in how critical open-source compliance information is collected and retained so that it may be properly communicated to others. The specification is gaining momentum and will likely be adopted by the International Organization for Standardization by mid-2020. With open-source use on the rise and more and more demanding proof of compliance becoming mainstream, this is a perfect time to reevaluate how you address compliance. But first, let’s explore....

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Kernel: XFS and WiMAX in Linux

  • Prepare To Re-Format If You Are Using An Older XFS Filesystem - LinuxReviews

    Linux 5.10 brings several new features to the XFS filesystem. It solves the year 2038 problem, it supports metadata checksumming and it has better metadata verification. There's also a new configuration option: CONFIG_XFS_SUPPORT_V4. Older XFS filesystems using the v4 layout are now deprecated and there is no upgrade path beyond "backup and re-format". The Linux kernel will support older XFS v4 filesystems by default until 2025 and optional support will remain available until 2030. A new CONFIG_XFS_SUPPORT_V4 option in Linux 5.10. In case you want to.. still be able to mount existing XFS filesystems if/when you upgrade to Linux 5.10. We previously reported that XFS patches for Linux 5.10 delay the 2038 problem to 2486. That's not the only new feature Linux 5.10 brings to the XFS filesystem when it is released early December: It supports metadata checksumming, it has better built-in metadata verification and there is a new CONFIG_XFS_SUPPORT_V4 configuration option. Make sure you don't accidentally say N to that one if you have an older XFS filesystem you'd like to keep using if/when you upgrade your kernel.

  • The Linux Kernel Looks To Eventually Drop Support For WiMAX

    With the WiMAX 802.16 standard not being widely used outside of the Aeronautical Mobile Airport Communication System (AeroMACS) and usage in some developing nations, the Linux kernel may end up dropping its support for WiMAX but first there is a proposal to demote it to staging while seeing if any users remain. Longtime kernel developer Arnd Bergmann is proposing that the WiMAX Linux kernel infrastructure and the lone Intel 2400m driver be demoted from the networking subsystem to staging. In a future kernel release, the WiMAX support would be removed entirely if no active users are expressed. The Linux kernel WiMAX infrastructure is just used by the Intel 2400m driver for hardware with Sandy Bridge and prior, thus of limited relevance these days. That Intel WiMAX implementation doesn't support the frequencies that AeroMACS operates at and there are no other large known WiMAX deployments around the world making use of the frequencies supported by the 2400m implementation or users otherwise of this Linux kernel code.

  • Linux Is Dropping WiMAX Support - LinuxReviews

    It's no loss. There is a reason why you have probably never seen a WiMAX device or heard of it, WiMAX was a wireless last-mile Internet solution mostly used in a few rural areas in a limited number of countries between 2005 and 2010. There is very little use for it today so it is almost natural that Linux is phasing out support for WiMAX and the one WiMAX device it supports. WiMAX is a wireless protocol, much like IP by Avian Carriers except that it has less bandwidth and significantly lower latency. WiMAX (Worldwide Interoperability for Microwave Access) is a set of wireless standards that were used to provide last-mile Internet connectivity where DSL and other solutions were unavailable. WiMAX can work over long distances (up to 50 km), something WiFi can't. The initial design could provide around 25 megabit/s downstream, which was competitive when WiMAX base-stations and modems become widely available around 2005. That changed around 2010 when 4G/LTE become widely available. The WiMAX Forum, who maintains the WiMAX standard, tried staying relevant with a updated standard called WiMAX 2 in 2011. Some equipment for it was made, but it never became a thing. WiMAX was pretty much dead by the time WiMAX 2 arrived. The standard NetworkManager utility GNU/Linux distributions come with supported WiMAX until 2015. The Linux kernel still supports it and exactly one WiMAX device from Intel as of Linux 5.9, but that's about to change.

Fedora Elections and IBM/Red Hat Leftovers

  • Fedora 33 elections nominations now open

    Candidates may self-nominate. If you nominate someone else, please check with them to ensure that they are willing to be nominated before submitting their name. The steering bodies are currently selecting interview questions for the candidates. Nominees submit their questionnaire answers via a private Pagure issue. The Election Wrangler or their backup will publish the interviews to the Community Blog before the start of the voting period. Fedora Podcast episodes will be recorded and published as well. Please note that the interview is mandatory for all nominees. Nominees not having their interview ready by end of the Interview period (2020-11-19) will be disqualified and removed from the election.

  • 12 Tips for a migration and modernization project

    Sometimes migration/modernization projects are hard to execute because there are many technical challenges, like the structure of legacy code, customer environment, customer bureaucracy, network issues, and the most feared of all, production bugs. In this post I'm going to explain the 12-step migration / modernization procedure I follow as a consultant using a tip-based approach. I have some experience with this kind of situation because I’ve already passed by different kinds of projects with several kinds of problems. Over time you start to recognize patterns and get used to solving the hard problems. So, I thought: Wouldn't it be cool to create a procedure based on my experience, so that I can organize my daily work and give the transparency that the customers and managers want? To test this out, I did this for one customer in my hometown. They were facing a Red Hat JBoss EAP migration/modernization project. The results of the project were outstanding. The customer said they were even more satisfied with the transparency. The project manager seemed really comfortable knowing all about the details through the project and pleased with reducing the risk of unexpected news.

  • Awards roll call: June 2020 to October 2020

    We are nearly at the end of 2020 and while the pace continues to increase, we want to take a moment to acknowledge and celebrate some of the successes of Red Hat's people and their work. In the last four months, several Red Hatters and Red Hat products are being recognized by leading industry publications and organizations for efforts in driving innovation.

  • How developers can build the next generation of AI advertising technology – IBM Developer

    As we look across the most rapidly transforming industries like financial services, healthcare, retail – and now advertising, developers are putting open source technologies to work to deliver next-generation features. Our enterprise clients are looking for AI solutions that will scale with trust and transparency to solve business problems. At IBM®, I have the pleasure of focusing on equipping you, the developers, with the capabilities you need to meet the heightened expectations you face at work each day. We’re empowering open source developers to drive the critical transformation to AI in advertising. For instance, at the IBM Center for Open source Data and AI Technologies (CODAIT), enterprise developers can find open source starting points to tackle some of your thorniest challenges. We’re making it easy for developers to use and create open source AI models that can ultimately help brand marketers go deeper with AI to reach consumers more effectively.

Programming: Qt, PHP, JS and Bash

  • Qt 6 To Ship With Package Manager For Extra Libraries - Phoronix

    Adding to the list of changes coming with the Qt 6 toolkit, The Qt Company has now outlined their initial implementation of a package manager to provide additional Qt6 modules.

  • Qt for MCUs 1.5 released

    A new release of Qt for MCUs is now available in the Qt Installer. If you are new to Qt for MCUs, you can try it out here. Version 1.5 introduces new platform APIs for easy integration of Qt for MCUs on any microcontroller, along with an in-depth porting guide to get you going. Additionally, it includes a set of C++ APIs to load new images at runtime into your QML GUI. As with every release, 1.5 also includes API improvements and bug fixes, enhancing usability and stability.

  • KDDockWidgets v1.1 has been released! - KDAB - KDAB on Qt

    KDDockWidgets v1.1 is now available! Although I just wrote about v1.0 last month, the 1.1 release still managed to get a few big features.

  • KDAB TV celebrates its first year - KDAB

    A year ago KDAB started a YouTube channel dedicated to software development with Qt, C++ and 3D technologies like OpenGL. We talked to Sabine Faure, who is in charge of the program, about how it worked out so far and what we can expect in the future.

  • How to build a responsive contact form with PHP – Linux Hint

    Contact forms are commonly used in web applications because they allow the visitors of the website to communicate with the owner of the website. For most websites, responsive contact forms can be easily accessed from various types of devices such as desktops, laptops, tablets, and mobile phones. In this tutorial, a responsive contact form is implemented, and the submitted data is sent as an email using PHP.

  • Applying JavaScript’s setTimeout Method

    With the evolution of the internet, JavaScript has grown in popularity as a programming language due to its many useful methods. For example, many websites use JavaScript’s built-in setTimeout method to delay tasks. The setTimeout method has many use cases, and it can be used for animations, notifications, and functional execution delays.Because JavaScript is a single-threaded, translative language, we can perform only one task at a time. However, by using call stacks, we can delay the execution of code using the setTimeout method. In this article, we are going to introduce the setTimeout method and discuss how we can use it to improve our code.

  • Removing Characters from String in Bash – Linux Hint

    At times, you may need to remove characters from a string. Whatever the reason is, Linux provides you with various built-in, handy tools that allow you to remove characters from a string in Bash. This article shows you how to use those tools to remove characters from a string. [...] Sed is a powerful and handy utility used for editing streams of text. It is a non-interactive text editor that allows you to perform basic text manipulations on input streams. You can also use sed to remove unwanted characters from strings. For demonstration purposes, we will use a sample string and then pipe it to the sed command.

Python Programming

  • Dissecting a Web stack - The Digital Cat

    Having recently worked with young web developers who were exposed for the first time to proper production infrastructure, I received many questions about the various components that one can find in the architecture of a "Web service". These questions clearly expressed the confusion (and sometimes the frustration) of developers who understand how to create endpoints in a high-level language such as Node.js or Python, but were never introduced to the complexity of what happens between the user's browser and their framework of choice. Most of the times they don't know why the framework itself is there in the first place. The challenge is clear if we just list (in random order), some of the words we use when we discuss (Python) Web development: HTTP, cookies, web server, Websockets, FTP, multi-threaded, reverse proxy, Django, nginx, static files, POST, certificates, framework, Flask, SSL, GET, WSGI, session management, TLS, load balancing, Apache. In this post, I want to review all the words mentioned above (and a couple more) trying to build a production-ready web service from the ground up. I hope this might help young developers to get the whole picture and to make sense of these "obscure" names that senior developers like me tend to drop in everyday conversations (sometimes arguably out of turn). As the focus of the post is the global architecture and the reasons behind the presence of specific components, the example service I will use will be a basic HTML web page. The reference language will be Python but the overall discussion applies to any language or framework. My approach will be that of first stating the rationale and then implementing a possible solution. After this, I will point out missing pieces or unresolved issues and move on with the next layer. At the end of the process, the reader should have a clear picture of why each component has been added to the system.

  • Introducing AutoScraper: A Smart, Fast and Lightweight Web Scraper For Python | Codementor

    In the last few years, web scraping has been one of my day to day and frequently needed tasks. I was wondering if I can make it smart and automatic to save lots of time. So I made AutoScraper!

  • django-render-block 0.8 (and 0.8.1) released!

    A couple of weeks ago I released version 0.8 of django-render-block, this was followed up with a 0.8.1 to fix a regression. django-render-block is a small library that allows you render a specific block from a Django (or Jinja) template, this is frequently used for emails when you want multiple pieces of an email together in a single template (e.g. the subject, HTML body, and text body), but they need to be rendered separately before sending.

  • Pyston v2: 20% faster Python | The Pyston Blog

    We’re very excited to release Pyston v2, a faster and highly compatible implementation of the Python programming language. Version 2 is 20% faster than stock Python 3.8 on our macrobenchmarks. More importantly, it is likely to be faster on your code. Pyston v2 can reduce server costs, reduce user latencies, and improve developer productivity. Pyston v2 is easy to deploy, so if you’re looking for better Python performance, we encourage you to take five minutes and try Pyston. Doing so is one of the easiest ways to speed up your project.

  • Pyston v2 Released As ~20% Faster Than Python 3.8 - Phoronix

    Version 2.0 of Pyston is now available, the Python implementation originally started by Dropbox that builds on LLVM JIT for offering faster Python performance. Pyston developers believe their new release is about 20% faster than the standard Python 3.8 and should be faster for most Python code-bases.

  • Python int to string – Linux Hint

    Python is one of the universal languages that support various types of data types like integer, decimal point number, string, and complex number. We can convert one type of data type to another data type in Python. This data type conversion process is called typecasting. In Python, an integer value can easily be converted into a string by using the str() function. The str() function takes the integer value as a parameter and converts it into the string. The conversion of int to string is not only limited to the str() function. There are various other means of int to string conversion. This article explains the int to string conversion with various methods.

  • Python isinstance() Function – Linux Hint

    Python is one of the best and efficient high-level programming languages. It has a very straightforward and simple syntax. It has very built-in modules and functions that help us to perform the basic tasks efficiently. The Python isinstance() function evaluates either the given object is an instance of the specified class or not.