Language Selection

English French German Italian Portuguese Spanish

Programming Leftovers

Filed under
Development
  • How C++ Modify Arrays in Function

    Arrays have been widely known among programmers and developers. We have been using arrays in almost every structural language to object-oriented language. As we know, arrays store more than one value in their indexes, and we also modify the arrays. So, in today’s article, we will be deliberating how to modify the arrays in functions of C++. Start by logging in from the Linux system and launching the terminal with the “Ctrl+Alt+T” shortcut.

  • Digging into Julia's package system [LWN.net]

    We recently looked at some of the changes and new features arriving with the upcoming version 1.7 release of the Julia programming language. The package system provided by the language makes it easier to explore new language versions, while still preserving multiple versions of various parts of the ecosystem. This flexible system takes care of dependency management, both for writing exploratory code in the REPL and for developing projects or libraries.

    [...]

    For a while I've thought that the Plots package needed a particular feature. This morning I cloned the project to my computer, added the feature, made a pull request on GitHub, made a change suggested by one of the maintainers, and got it approved. The entire elapsed time for this process was about five hours. In this section I'll describe two more package system commands that make it easier to hack on public packages.

    In the REPL, I entered package mode, then executed develop Plots. This command, which can be shortened to dev, clones the named package's Git repository to the user's machine in the directory .julia/dev/. Since Plots is a big package with many source files, this took about two minutes.

    This command also alters the environment so that using Plots imports from the version under development, rather than the official version. The command free Plots returns to using the official version. One can switch back and forth between these two incarnations of the package freely, as subsequent dev commands won't download anything, but simply switch back to the development version.

    I entered the development directory and created a branch for my feature with the git checkout ‑b command. The package manager doesn't require this; it's happy to let you mangle the master branch. But I had plans to ask that my feature be merged into master, and needed to create a branch for it. Packages under develop are loaded from the file tree, not from the Git repository.

    Then I wanted to edit the function to add my feature. But where is it? Plots has 37 files in its src tree. Because of multiple dispatch, each function can have dozens of methods associated with it, all with the same name. This makes finding a particular method in the source difficult to accomplish with simple grep commands.

  • A QEMU case study in grappling with software complexity [LWN.net]

    There are many barriers to producing software that is reliable and maintainable over the long term. One of those is software complexity. At the recently concluded 2021 KVM Forum, Paolo Bonzini explored this topic, using QEMU, the open source emulator and virtualizer, as a case study. Drawing on his experience as a maintainer of several QEMU subsystems, he made some concrete suggestions on how to defend against undesirable complexity. Bonzini used QEMU as a running example throughout the talk, hoping to make it easier for future contributors to modify QEMU. However, the lessons he shared are equally applicable to many other projects.

    Why is software complexity even a problem? For one, unsurprisingly, it leads to bugs of all kinds, including security flaws. Code review becomes harder for complex software; it also makes contributing to and maintaining the project more painful. Obviously, none of these are desirable.

    The question that Bonzini aimed to answer is "to what extent can we eliminate complexity?"; to do that he started by distinguishing between "essential" and "accidental" complexity. The notion of these two types of complexity originates from the classic 1987 Fred Brooks paper, "No Silver Bullet". Brooks himself is looking back to Aristotle's notion of essence and accident.

    Essential complexity, as Bonzini put it, is "a property of the problem that a software program is trying to solve". Accidental complexity, instead, is "a property of the program that is solving the problem at hand" (i.e. the difficulties are not inherent to the problem being solved). To explain the concepts further, he identified the problems that QEMU is solving, which constitute the essential complexity of QEMU.

  • Notes from the Git Contributors' Summit 2021, virtual, Oct 19/20
    
    we held our second all-virtual Summit over the past two days. It was the
    traditional unconference style meeting, with topics being proposed and
    voted on right before the introduction round. It was really good to see
    the human faces behind those email addresses.
    
    32 contributors participated, and we spanned the timezones from PST to
    IST. To make that possible, the event took place on two days, from
    1500-1900 UTC, which meant that the attendees from the US West coast had
    to get up really early, while it was past midnight in India at the end.
    
    I would like to thank all participants for accommodating the time, and in
    particular for creating such a friendly, collaborative atmosphere.
    
    A particular shout-out to Jonathan Nieder, Emily Shaffer and Derrick
    Stolee for taking notes. I am going to send out these notes in per-topic
    subthreads, replying to this mail.
    
    
  • Notes from the 2021 Git Contributors' Summit

    For those who are curious about where the development of Git is headed: Johannes Schindelin has posted an extensive set of notes from the just-concluded Git Contributors' Summit.

  • How to find a substring in Python

    Python is a versatile language having many built in methods and libraries. Strings and substrings are an important part of every programming language; python provides different methods to deal with strings and substrings, we check if a python string has a substring for a variety of reasons, but conditional statements are the most typical application. To find substrings in a string, python language provides many predefined methods.

  • How to find the average of a list in Python

    Average (Arithmetic mean) is a mathematical function which is calculated by adding the numeric values in the list and dividing them by the count of numbers of the list. Python provides several built-in mathematical functions; consequently it provides different ways to calculate the average of a list.

  • Ian Jackson: Going to work for the Tor Project

    I have accepted a job with the Tor Project.

    I joined XenSource to work on Xen in late 2007, as XenSource was being acquired by Citrix. So I have been at Citrix for about 14 years. I have really enjoyed working on Xen. There have been a variety of great people. I'm very proud of some of the things we built and achieved. I'm particularly proud of being part of a community that has provided the space for some of my excellent colleagues to really grow.

  • This Week In Rust: This Week in Rust 413
  • Oracle Releases GraalVM 21.3 With Java 17 Support, Other Enhancements

    Oracle has published its latest quarterly update to GraalVM, the open-source Java JVM/JDK implemented in Java that also supports other execution modes and programming languages from Python to R to Ruby.

    Given last month's release of Java 17 / OpenJDK 17, GraalVM 21.3 has added Java 17 support. Plus there are many other improvements to its various language front-ends and other components. Some of the GraalVM 21.3 highlights include:

    - Java 17 support with GraalVM builds based on Oracle Java 17 and OpenJDK 17. OpenJDK 11 also continues to be supported while OpenJDK 8 is no longer supported by GraalVM.

  • Security updates for Thursday

    Security updates have been issued by Debian (python-babel, squashfs-tools, and uwsgi), Fedora (gfbgraph and rust-coreos-installer), Mageia (aom, libslirp, redis, and vim), openSUSE (fetchmail, go1.16, go1.17, mbedtls, ncurses, python, squid, and ssh-audit), Red Hat (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (fetchmail, git, go1.16, go1.17, ncurses, postgresql10, python, python36, and squid), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-bluefield, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oem-5.10, and linux-oem-5.13).

More in Tux Machines

Programming Leftovers

  • What is Python Used For? Top 10 Real-World Applications of Python in 2022

    An object-oriented programming language can model real-world data, while a functional language focuses on functions (code that can be reused). Python supports both object-oriented and functional programming features. It is portable and highly flexible, meaning, a Python code written for a Windows machine or a Linux machine can also run-on iOS, and vice versa you don’t need to make any alterations in the code. This article lists the top 10 real-world applications of Python in 2022.

  • 10 Python IDEs Every Programmer Should Know

    Python powers some of the most sophisticated server-side programs and daily web applications available today. Python, as a language, is used extensively with its numerous libraries. These libraries support developers in scientific and mathematical research, AI/ML (Artificial Intelligence and Machine Learning, respectively) programming, robotics, and much more. If you're a frequent Python user, you might have realized the importance of IDEs and their usage while coding. IDEs are code editors with extra built-in tools that pave the way for efficient and effective development. If you've grown tired of using the default Python text editor, you should check out these Python editors every developer should know.

  • GNU Linux bash – add some color to the console script scripts (colored text output)
  • Coding bootcamps won't make you a developer: Here's what will | TechBeacon

    The headlines are hard to resist. Salaries for programmers are said to be soaring. Annual paychecks for AI experts are topping $1 million. Why dream of winning the lottery when coding bootcamps are springing up with promises to teach everyone what they need to get a ticket on the gravy train? The good news is that schools and camps often deliver enough knowledge to turn some people into great programmers. The bad news is that the lessons alone are far from enough. Programming isn't a least-resistance path to a more secure, better-paying, work-life balanced job. It's a difficult occupation that not everyone is suited for. If it were easy, everyone could do it—and then it wouldn't be as valuable.

  • Top 10 DevOps Programming Languages You Should Learn in 2022

    Earlier, IT companies faced significant problems to deliver optimal services with agility and accuracy. But the integration of DevOps has simplified this process and has yielded several solutions that can be used by IT companies to deliver engaging services and products seamlessly. Over the past couple of years, the adoption of DevOps technologies has exponentially increased as it can bring together all functions of the organisation and provide reliable software with better quality and faster delivery. Operational automation is one of the key advantages of DevOps, but it requires the engineers to possess robust programming and scripting skills. Programming languages are used in the core development of DevOps systems, hence, it can be rightly said that the DevOps professionals require the knowledge of the right programming languages that can be used in these systems. In this article, we have listed the top programming languages that professionals working in DevOps should learn in 2022.

  • Why does a 5431 character story about Atari’s 2 KB game Pong need a 3.08 MB download to be read? An environmental plea for readability *and* more static web sites

    Not too long ago, someone on Twitter shared a story about the creation of Atari’s classic video game Pong — The Lies that Powered the Invention of Pong — IEEE Spectrum. I love stories about the dawn of home computing, so I curiously opened the link on my phone.

  • Dirk Eddelbuettel: qlcal 0.0.2 on CRAN: Updates

    The second release of the still fairly new qlcal package arrivied at CRAN today. qlcal is based on the calendaring subset of QuantLib. It is provided (for the R package) as a set of included files, so the package is self-contained and does not depend on an external QuantLib library (which can be demanding to build). qlcal covers over sixty country / market calendars and can compute holiday lists, its complement (i.e. business day lists) and much more.

  • Online Tool Turns STLs Into 3D ASCII Art | Hackaday

    If you look hard enough, most of the projects we feature on these pages have some practical value. They may seem frivolous, but there’s usually something that compelled the hacker to commit time and effort to its doing. That doesn’t mean we don’t get our share of just-for-funsies projects, of course, which certainly describes this online 3D ASCII art generator. But wait — maybe that’s not quite right. After all, [Andrew Sink] put a lot of time into the code for this, and for its predecessor, his automatic 3D low-poly generator. That project led to the current work, which like before takes an STL model as input, this time turning it into an ASCII art render. The character set used for shading the model is customizable; with the default set, the shading is surprisingly good, though. You can also swap to a black-on-white theme if you like, navigate around the model with the mouse, and even export the ASCII art as either a PNG or as a raw text file, no doubt suitable to send to your tractor-feed printer.

Security Leftovers

  • Real-time Analytics News for Week Ending January 22 - RTInsights

    Canonical, the company behind Ubuntu, announced Ubuntu Security Guide tooling for compliance with the DISA Security Technical Implementation Guide (STIG) in Ubuntu 20.04 LTS. The new automated tooling builds on Canonical’s work designing Ubuntu for high security and regulated workloads, powering U.S. government agencies, prime contractors, and service providers.

  • Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

    The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC’s powers for disclosing data breaches and leaks to customers and federal agencies of “customer proprietary network information.” The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said. At the moment, companies have to wait seven business days before they can disclose a data breach to their customers. Under the new plan, the waiting period will be scrapped altogether so people can be notified sooner.

  • Ukraine arrests 5 over ransomware gang suspicions • The Register

    Ukrainian police have arrested five people on suspicion of operating a ransomware gang, including a husband-and-wife team, following tipoffs from UK law enforcement. "The organizer of the group, a 36-year-old resident of Kyiv, together with his wife and three acquaintances carried out cyberattacks on foreign companies," cops alleged in a characteristically blunt statement (in Ukrainian). They claimed "more than 50" companies were targeted by the alleged gang, causing damage estimated at "more than one million US dollars."

  • Red Cross cyberattack affects 'highly vulnerable people' • The Register

    Humanitarian organization the International Red Cross disclosed this week that it has fallen foul of a cyberattack that saw the data of over 515,000 "highly vulnerable people" exposed to an unknown entity. The target of the attack was the organisation's Restoring Family Links operation, which strives to find missing persons and reunite those separated from their families due to armed conflict, migration, disaster, detention and other catastrophic events. The service is free, but is currently offline.

  • What is fuzz testing? What is it used to test for?

    Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment.

  • Ukraine blames Belarus for PC-wiping malware attack • The Register [Ed: Microsoft Windows TCO]

    After last week's website defacements, Ukraine is now being targeted by boot record-wiping malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have pointed the finger at Belarus.

  • Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

    US companies should be on the lookout for security nasties from Ukrainian partners following the digital graffiti and malware attack launched against Ukraine by Belarus, the CISA has warned. In a statement issued on Tuesday, the Cybersecurity and Infrastructure Security Agency said it "strongly urges leaders and network defenders to be on alert for malicious cyber activity," having issued a checklist [PDF] of recommended actions to take. "If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," added CISA, which also advised reviewing backups and disaster recovery drills.

  • Google announces Scorecard V4 in partnership with GitHub and OpenSSF [Ed: Proprietary Microsoft lock-in and more fake security with Microsofters involved]

    The Open Source Security Foundation (OpenSSF), GitHub, and Google announced on Wednesday the launch of Scorecards V4, which includes larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation.

  • For security alone, we could try paying open source projects properly [Ed: ZDNet keeps promoting this bogus, phony narratives wherein the security deficit comes not from proprietary software with back doors but from Free software]
  • Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more [Ed: Today's WWW is inherently incompatible with security because Web browsers are allowing remote sites do far too much on one's computers]

    An improperly implemented API that stores data on browsers has caused a vulnerability in Safari 15 that leaks user internet activity and personal identifiers. The vulnerability was discovered by fraud detection service Fingerprint JS, which has contacted the WebKit maintainers and provided a public source code repository. As of 28 November last year, the issue had not been fixed, so the team at Fingerprint JS decided to make the finding public to encourage the expedition of its repair. The commonly used low-level JavaScript API, called IndexedDB, follows same-origin policy, meaning documents or scripts associated with one origin should not interact with resources associated with other origins. A webpage opened in one tab of the browser should not be able to share data with the next tab, for obvious reasons, such as if one tab was used to access a user's bank and the other a malicious website.

  • Open Source Democratized Software. Now Let’s Democratize Security

    Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity? In other words, what if anyone could contribute to security initiatives and help build a cybersecurity culture without requiring privileged access or specialized expertise? To explore those questions, it’s worth considering the way that open source has democratized software development and comparing it to the potential we stand to realize by democratizing security.

  • Using Open Source to Secure Software Supply Chains - DevOps.com

    Recently, there’s been a lot of attention paid to software supply chain security. In particular, here’s a quote from the May 2021 presidential executive order on improving the nation’s cybersecurity: “The Federal government must … advance toward zero trust architecture; accelerate movement to secure cloud services, including … platform as a service (PaaS).” There are two parts necessary to create a truly trusted software supply chain; securing the non-technical areas and securing the technical areas. Non-technical aspects of any secure software supply chain involve having individuals or teams focused on security and audit compliance. Internal company policies that act as a regulatory system and set standards for developers are a must, as are efforts to enforce compliance with security best practices. While this can bode well for large organizations, small software engineering teams and startups do not have the bandwidth, budget or culture to make this a reality.

The 5 Best Pomodoro Apps to Maximize Your Productivity on Linux

Have you ever found yourself lacking motivation for doing even the simplest of tasks? The Pomodoro technique is a well-known time management system you can use to get things done, within the time limit you set for yourself. But getting a tomato-shaped timer is a task you might add to your "not today" list, which completely defeats the purpose of the technique. Lucky for you, you don't need to rely on a physical timer to fix your time management skills, as several Pomodoro apps are available on the internet for free. In this article, we'll take a look at some of the best Linux Pomodoro apps anyone can use to take their productivity to the next level. Read more

The post-2020 Linux server landscape metamorphosis

It used to be that you could leisurely deploy a L.A.M.P. server, and stop caring about it for years because PHP’s releases, and the dependency changes in web applications, were happening really slowly. Not so anymore. With the 7.x and 8.x series, PHP has considerably sped up its releasing cadence, and shortened the shelf life of releases. I’ve seen a drastic shift happen in the policies of web application developers, including Matomo (née Piwik) and Kanboard. Even WordPress, one of the most conservative behemoths of the industry (understandable, given that they power roughly half of the websites in the world), requires PHP 7.4 and no longer runs on PHP 5.x. “Just put everything in containers and continous-deploy all that shit!” I hear you say, “It’s the future!” But I’m not a sysadmin, I’m not day-in-day-out into that crap, and the only reason I run a dedicated server machine in the office is because Matomo doesn’t scale well on shared hosting and their SaaS prices are quite expensive for an individual when you don’t like being artificially capped to a certain number of visitors per month, and, y’know, “How hard can it be, really?”… but I am happiest when I never have to touch/upgrade that server and don’t have to learn rocket science to deploy something. I understand now how infrastructure work would eventually turn you into a Bastard Operator from Hell™. Circa 2014, I deployed CentOS 7 on my personal server to be able to run Matomo with better performance, because the Pitivi website had a lot of visitors (which is useful to derive knowledge such as “what screen resolutions do people actually use and what can we afford for our UI’s design?”) and its Matomo database weighted multiple gigabytes. Fast forward a couple of years, and I’ve fallen behind on Matomo updates because, in part, of newer PHP requirements needing me to resort to third-party repositories to get a recent-enough version of PHP to run it. But I eventually did, and it worked, for a time. Read more