Language Selection

English French German Italian Portuguese Spanish

Proprietary Microsoft and IBM Leftovers

More in Tux Machines

Programming Leftovers

  • What is Python Used For? Top 10 Real-World Applications of Python in 2022

    An object-oriented programming language can model real-world data, while a functional language focuses on functions (code that can be reused). Python supports both object-oriented and functional programming features. It is portable and highly flexible, meaning, a Python code written for a Windows machine or a Linux machine can also run-on iOS, and vice versa you don’t need to make any alterations in the code. This article lists the top 10 real-world applications of Python in 2022.

  • 10 Python IDEs Every Programmer Should Know

    Python powers some of the most sophisticated server-side programs and daily web applications available today. Python, as a language, is used extensively with its numerous libraries. These libraries support developers in scientific and mathematical research, AI/ML (Artificial Intelligence and Machine Learning, respectively) programming, robotics, and much more. If you're a frequent Python user, you might have realized the importance of IDEs and their usage while coding. IDEs are code editors with extra built-in tools that pave the way for efficient and effective development. If you've grown tired of using the default Python text editor, you should check out these Python editors every developer should know.

  • GNU Linux bash – add some color to the console script scripts (colored text output)
  • Coding bootcamps won't make you a developer: Here's what will | TechBeacon

    The headlines are hard to resist. Salaries for programmers are said to be soaring. Annual paychecks for AI experts are topping $1 million. Why dream of winning the lottery when coding bootcamps are springing up with promises to teach everyone what they need to get a ticket on the gravy train? The good news is that schools and camps often deliver enough knowledge to turn some people into great programmers. The bad news is that the lessons alone are far from enough. Programming isn't a least-resistance path to a more secure, better-paying, work-life balanced job. It's a difficult occupation that not everyone is suited for. If it were easy, everyone could do it—and then it wouldn't be as valuable.

  • Top 10 DevOps Programming Languages You Should Learn in 2022

    Earlier, IT companies faced significant problems to deliver optimal services with agility and accuracy. But the integration of DevOps has simplified this process and has yielded several solutions that can be used by IT companies to deliver engaging services and products seamlessly. Over the past couple of years, the adoption of DevOps technologies has exponentially increased as it can bring together all functions of the organisation and provide reliable software with better quality and faster delivery. Operational automation is one of the key advantages of DevOps, but it requires the engineers to possess robust programming and scripting skills. Programming languages are used in the core development of DevOps systems, hence, it can be rightly said that the DevOps professionals require the knowledge of the right programming languages that can be used in these systems. In this article, we have listed the top programming languages that professionals working in DevOps should learn in 2022.

  • Why does a 5431 character story about Atari’s 2 KB game Pong need a 3.08 MB download to be read? An environmental plea for readability *and* more static web sites

    Not too long ago, someone on Twitter shared a story about the creation of Atari’s classic video game Pong — The Lies that Powered the Invention of Pong — IEEE Spectrum. I love stories about the dawn of home computing, so I curiously opened the link on my phone.

  • Dirk Eddelbuettel: qlcal 0.0.2 on CRAN: Updates

    The second release of the still fairly new qlcal package arrivied at CRAN today. qlcal is based on the calendaring subset of QuantLib. It is provided (for the R package) as a set of included files, so the package is self-contained and does not depend on an external QuantLib library (which can be demanding to build). qlcal covers over sixty country / market calendars and can compute holiday lists, its complement (i.e. business day lists) and much more.

  • Online Tool Turns STLs Into 3D ASCII Art | Hackaday

    If you look hard enough, most of the projects we feature on these pages have some practical value. They may seem frivolous, but there’s usually something that compelled the hacker to commit time and effort to its doing. That doesn’t mean we don’t get our share of just-for-funsies projects, of course, which certainly describes this online 3D ASCII art generator. But wait — maybe that’s not quite right. After all, [Andrew Sink] put a lot of time into the code for this, and for its predecessor, his automatic 3D low-poly generator. That project led to the current work, which like before takes an STL model as input, this time turning it into an ASCII art render. The character set used for shading the model is customizable; with the default set, the shading is surprisingly good, though. You can also swap to a black-on-white theme if you like, navigate around the model with the mouse, and even export the ASCII art as either a PNG or as a raw text file, no doubt suitable to send to your tractor-feed printer.

Security Leftovers

  • Real-time Analytics News for Week Ending January 22 - RTInsights

    Canonical, the company behind Ubuntu, announced Ubuntu Security Guide tooling for compliance with the DISA Security Technical Implementation Guide (STIG) in Ubuntu 20.04 LTS. The new automated tooling builds on Canonical’s work designing Ubuntu for high security and regulated workloads, powering U.S. government agencies, prime contractors, and service providers.

  • Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

    The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC’s powers for disclosing data breaches and leaks to customers and federal agencies of “customer proprietary network information.” The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said. At the moment, companies have to wait seven business days before they can disclose a data breach to their customers. Under the new plan, the waiting period will be scrapped altogether so people can be notified sooner.

  • Ukraine arrests 5 over ransomware gang suspicions • The Register

    Ukrainian police have arrested five people on suspicion of operating a ransomware gang, including a husband-and-wife team, following tipoffs from UK law enforcement. "The organizer of the group, a 36-year-old resident of Kyiv, together with his wife and three acquaintances carried out cyberattacks on foreign companies," cops alleged in a characteristically blunt statement (in Ukrainian). They claimed "more than 50" companies were targeted by the alleged gang, causing damage estimated at "more than one million US dollars."

  • Red Cross cyberattack affects 'highly vulnerable people' • The Register

    Humanitarian organization the International Red Cross disclosed this week that it has fallen foul of a cyberattack that saw the data of over 515,000 "highly vulnerable people" exposed to an unknown entity. The target of the attack was the organisation's Restoring Family Links operation, which strives to find missing persons and reunite those separated from their families due to armed conflict, migration, disaster, detention and other catastrophic events. The service is free, but is currently offline.

  • What is fuzz testing? What is it used to test for?

    Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment.

  • Ukraine blames Belarus for PC-wiping malware attack • The Register [Ed: Microsoft Windows TCO]

    After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have pointed the finger at Belarus.

  • Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

    US companies should be on the lookout for security nasties from Ukrainian partners following the digital graffiti and malware attack launched against Ukraine by Belarus, the CISA has warned. In a statement issued on Tuesday, the Cybersecurity and Infrastructure Security Agency said it "strongly urges leaders and network defenders to be on alert for malicious cyber activity," having issued a checklist [PDF] of recommended actions to take. "If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," added CISA, which also advised reviewing backups and disaster recovery drills.

  • Google announces Scorecard V4 in partnership with GitHub and OpenSSF [Ed: Proprietary Microsoft lock-in and more fake security with Microsofters involved]

    The Open Source Security Foundation (OpenSSF), GitHub, and Google announced on Wednesday the launch of Scorecards V4, which includes larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation.

  • For security alone, we could try paying open source projects properly [Ed: ZDNet keeps promoting this bogus, phony narratives wherein the security deficit comes not from proprietary software with back doors but from Free software]
  • Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more [Ed: Today's WWW is inherently incompatible with security because Web browsers are allowing remote sites do far too much on one's computers]

    An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers. The vulnerability was discovered by fraud detection service Fingerprint JS, which has contacted the WebKit maintainers and provided a public source code repository. As of 28 November last year, the issue had not been fixed, so the team at Fingerprint JS decided to make the finding public to encourage the expedition of its repair. The commonly used low-level JavaScript API, called IndexedDB, follows same-origin policy, meaning documents or scripts associated with one origin should not interact with resources associated with other origins. A webpage opened in one tab of the browser should not be able to share data with the next tab, for obvious reasons, such as if one tab was used to access a user's bank and the other a malicious website.

  • Open Source Democratized Software. Now Let’s Democratize Security

    Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity? In other words, what if anyone could contribute to security initiatives and help build a cybersecurity culture without requiring privileged access or specialized expertise? To explore those questions, it’s worth considering the way that open source has democratized software development and comparing it to the potential we stand to realize by democratizing security.

  • Using Open Source to Secure Software Supply Chains - DevOps.com

    Recently, there’s been a lot of attention paid to software supply chain security. In particular, here’s a quote from the May 2021 presidential executive order on improving the nation’s cybersecurity: “The Federal government must … advance toward zero trust architecture; accelerate movement to secure cloud services, including … platform as a service (PaaS).” There are two parts necessary to create a truly trusted software supply chain; securing the non-technical areas and securing the technical areas. Non-technical aspects of any secure software supply chain involve having individuals or teams focused on security and audit compliance. Internal company policies that act as a regulatory system and set standards for developers are a must, as are efforts to enforce compliance with security best practices. While this can bode well for large organizations, small software engineering teams and startups do not have the bandwidth, budget or culture to make this a reality.

The 5 Best Pomodoro Apps to Maximize Your Productivity on Linux

Have you ever found yourself lacking motivation for doing even the simplest of tasks? The Pomodoro technique is a well-known time management system you can use to get things done, within the time limit you set for yourself. But getting a tomato-shaped timer is a task you might add to your "not today" list, which completely defeats the purpose of the technique. Lucky for you, you don't need to rely on a physical timer to fix your time management skills, as several Pomodoro apps are available on the internet for free. In this article, we'll take a look at some of the best Linux Pomodoro apps anyone can use to take their productivity to the next level. Read more

The post-2020 Linux server landscape metamorphosis

It used to be that you could leisurely deploy a L.A.M.P. server, and stop caring about it for years because PHP’s releases, and the dependency changes in web applications, were happening really slowly. Not so anymore. With the 7.x and 8.x series, PHP has considerably sped up its releasing cadence, and shortened the shelf life of releases. I’ve seen a drastic shift happen in the policies of web application developers, including Matomo (née Piwik) and Kanboard. Even WordPress, one of the most conservative behemoths of the industry (understandable, given that they power roughly half of the websites in the world), requires PHP 7.4 and no longer runs on PHP 5.x. “Just put everything in containers and continous-deploy all that shit!” I hear you say, “It’s the future!” But I’m not a sysadmin, I’m not day-in-day-out into that crap, and the only reason I run a dedicated server machine in the office is because Matomo doesn’t scale well on shared hosting and their SaaS prices are quite expensive for an individual when you don’t like being artificially capped to a certain number of visitors per month, and, y’know, “How hard can it be, really?”… but I am happiest when I never have to touch/upgrade that server and don’t have to learn rocket science to deploy something. I understand now how infrastructure work would eventually turn you into a Bastard Operator from Hell™. Circa 2014, I deployed CentOS 7 on my personal server to be able to run Matomo with better performance, because the Pitivi website had a lot of visitors (which is useful to derive knowledge such as “what screen resolutions do people actually use and what can we afford for our UI’s design?”) and its Matomo database weighted multiple gigabytes. Fast forward a couple of years, and I’ve fallen behind on Matomo updates because, in part, of newer PHP requirements needing me to resort to third-party repositories to get a recent-enough version of PHP to run it. But I eventually did, and it worked, for a time. Read more