Language Selection

English French German Italian Portuguese Spanish

Programming Leftovers

Filed under
Development
  • New Tax Collection Tech Replaces 50-Year-Old System

    Fried said recent updates to the old system had fallen mainly to a single employee who had worked for the office for most of the five decades the system had been in place - and finding another programmer with similar skills would have been challenging. The old system used the COBOL programming language and a traditional mainframe computer, whereas the new system is cloud-based and can be managed entirely remotely.

  • Call for Code Daily: tech for the disabled, chatbots, and the final push to submission close
  • Godot Release candidate: 3.2.3 RC 3

    Godot 3.2.2 was released on June 26 with over 3 months' worth of development, including many bugfixes and a handful of features. Some regressions were noticed after the release though, so we decided that Godot 3.2.3 would focus mainly on fixing those new bugs to ensure that all Godot users can have the most stable experience possible.

    Here's a third Release Candidate for the upcoming Godot 3.2.3 release. Please help us test it to ensure that no new regressions have slipped through code review and testing.

    Note: The previous 3.2.3 RC 2 was actually not built from the intended commit, and reflected the same changeset as RC 1. Tests made on RC 2 are still valid and useful, but did not help validate the very latest commits, hence this third release candidate. The changes new in this build are thus the ones made between RC 1 and RC 3.

  • What Is Fuzz Testing? A Guide.

    Not all software testing techniques have origin stories, but fuzz testing does: On a stormy evening in 1988, Barton Miller, a computer science professor at the University of Wisconsin-Madison, was using a dial-up connection to work remotely on a Unix computer from his apartment. He was attempting to feed input information into a computer program, only to see the program repeatedly crash.

    He knew that the electrical noise from the thunderstorm was distorting his inputs into the program as they traveled through the phone line. The distorted inputs were different from what the software needed from the user, resulting in errors. But as he describes in his book, Fuzzing for Software Security Testing and Quality Assurance, Miller was surprised that even programs he considered robust were crashing as a result of the unexpected input, instead of gracefully handling the error and asking for input again.

    [...]

    Miller’s concern about what he saw during his thunderstorm experience extended beyond the annoyance of having applications crash unexpectedly. Applications that are not able to handle unexpected input also pose security concerns. Errors that aren’t handled by the program are vulnerabilities that attackers can exploit to hack into systems.

    In fact, attackers often use fuzz testing tools to locate vulnerabilities in applications, according to Jared DeMott, the CEO of VDA Labs security testing company and the instructor of several Pluralsight courses on testing.

    “If you follow what we call a secure development lifecycle… fuzzing is one piece of the lifecycle that relates to the testing portion of it,” DeMott said.

  • [Old] Infinite scrolling on the web is complexity layered on top of complexity layered on top of complexity

    Does all that stuff sound hard? Sorry, but it’s worse.

More in Tux Machines

Here’s Why Switching to Linux Makes Sense in 2021

Linux does have several benefits over Windows and macOS in certain areas. People are realizing it, and it is slowly gaining popularity in the desktop OS market. Of course, the majority of desktop users still swear by Windows or macOS, but a greater number of users are trying out new Linux distributions to see if they can switch to Linux. They may have heard good things about Linux as a desktop choice, or just want to try something different while confined to their homes. Who knows? Here, I will be presenting you all the good reasons why Linux makes more sense in 2021. Read more

today's leftovers

  • LHS Episode #416: The Weekender LXXIII

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Donation button removed

    Over the years, I have blown hot and cold over whether to have a donation button. Did take it down for awhile, about a year ago I think. I received an email asking if can send me a bank cheque, which reminded me about that donation button. I declined the offer. I really don't need donations. It is really my pleasure to upload blog reports about EasyOS, Puppy, DIY hiking gear, and all the rest that have posted about. Ibiblio.org is still very kindly hosting downloads, and I also went back to the Puppy Forum.

  • Akademy 2021 – I

    I am still digesting the load of information that Marc Mutz gave in his intense training session last night between 6 and almost 11 p.m. about C++/STL history, containers, iterators, allocators, the Non-Owning Interface Idiom and all that other good stuff. Great job Marc.

  • Stuck Updates Fix

    When rolling out a new feature that lets you skip (offline) updates on boot-up earlier this week we have messed up and also brought in a nasty bug that prevents updates from applying. Unfortunately we can’t automatically rectify this problem because, well, updates are never applied. In case you find Discover showing the same updates over and over again, even after rebooting to apply the update, you may be affected.

  • AWS SSM Parameters

    If you are not familiar with the Parameter Store it provides hierarchical storage for config data, strings, and other values. As well as being used for storing private information the parameter store provides a public namespace for SUSE, /aws/service/suse, which is now being leveraged to provide the latest image id’s for all active SUSE images.

Proprietary Software Leftovers

  • Steam on ChromeOS: Not a Rumor Anymore - Boiling Steam

    If you follow us or other sources like Chrome Unboxed you are by now aware that there’s ample rumors about Google/Valve working on bringing Steam on ChromeOS. We know the technology pieces are there, as recently discussed with Luke Short in our recent podcast. However, we are still waiting for an official announcement that would turn the expected rumors into reality.

  • First American Financial Pays Farcical $500K Fine

    In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

  • How Russian threats in the 2000s turned this country into the go-to expert on cyber defense

    Estonia is no stranger to the cyber threat posed by Russia. Back in 2007, a decision to relocate a Soviet-era war memorial from central Tallinn to a military cemetery sparked a diplomatic spat with its neighbor and former overlord. There were protests and angry statements from Russian diplomats. And just as the removal works started, Estonia became the target of what was at the time the biggest cyberattack against a single country.

    The Estonian government called the incident an act of cyberwarfare and blamed Russia for it. Moscow has denied any involvement.

    The attack made Estonia realize that it needed to start treating cyber threats in the same way as physical attacks.

  • Most Businesses That Pay Off After Ransomware Hack Hit With Second Attack: Study [iophk: Windows TCO]

    The study surveyed nearly 1,300 security professionals around the world and found that 80 percent of businesses that paid after a ransomware attack suffered a second attack. Of those hit a second time, 46 percent believed it came from the same group that did the first attack.

    Censuswide, which performed the study on behalf of the international cybersecurity company Cybereason, found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs.

Kernel: Oracle, UPower, and Linux Plumbers Conference

  • Oracle Sends Out Latest Linux Patches So Trenchboot Can Securely Launch The Kernel - Phoronix

    Trenchboot continues to be worked on for providing boot integrity technologies that allow for multiple roots of trust around boot security and integrity. Oracle engineers on Friday sent out their latest Linux kernel patches so it can enjoy a "Secure Launch" by the project's x86 dynamic launch measurements code. The latest kernel patches are a second revision to patches sent out last year around the Trenchboot launch support for enhancing the integrity and security of the boot process. This kernel work goes along with Trenchboot support happening for GRUB.

  • Nearly A Decade Later, UPower Still Working Towards 1.0 Release

    For nearly one decade there has been talk of UPower 1.0 while in 2021 that still has yet to materialize for this former "DeviceKit-Power" project but at least now there is UPower v0.99.12 as the first release in two years. UPower 1.0 has yet to materialize and it certainly isn't advancing these days like it was in the early 2010s. With Thursday's UPower 0.99.12 release the key changes to land over the past two years are supporting more device types and power reporting for newer Apple iPhone smartphones like the iPhone XR, XS, and other newer models.

  • Linux Plumbers Conference: Tracing Microconference Accepted into 2021 Linux Plumbers Conference

    We are pleased to announce that the Tracing Microconference has been accepted into the 2021 Linux Plumbers Conference. Tracing in the Linux kernel is constantly improving. Tracing was officially added to Linux in 2008. Since then, more tooling has been constantly added to help out with visibility. The work is still ongoing, with Perf, ftrace, Lttng, and eBPF. User space tooling is expanding and as the kernel gets more complex, so does the need for facilitating seeing what is going on under the hood.