Skip to main content

Cerca

Elementi taggati con: programming


 

Implications of Rewriting a Browser Component in Rust

Over the course of its lifetime, there have been 69 security bugs in Firefox’s style component. If we’d had a time machine and could have written this component in Rust from the start, 51 (73.9%) of these bugs would not have been possible.
https://hacks.mozilla.org/2019/02/rewriting-a-browser-component-in-rust/

#programming #rust


 

New crate: oslobike v0.1.0


Wohoo! Just published my first crate. Very simple, and not quite finished, but at least it's there. If you for some reason would want to know which city bike stations in Oslo has any bikes available, and want to find out using Rust – I've got you covered :)

#programming #oslo #citybike #rust #api


 
For anyone #teaching #programming, this is excellent.

Ten quick tips for teaching programming


https://journals.plos.org/ploscompbiol/article?id=10.1371/journal.pcbi.1006023

Full citation:

Brown, Neil C. C., and Greg Wilson. “Ten Quick Tips for Teaching Programming.” PLOS Computational Biology 14, no. 4 (April 5, 2018): e1006023. https://doi.org/10.1371/journal.pcbi.1006023.

#research #scientificComputing


 
For anyone #teaching #programming, this is excellent.

Ten quick tips for teaching programming


https://journals.plos.org/ploscompbiol/article?id=10.1371/journal.pcbi.1006023

Full citation:

Brown, Neil C. C., and Greg Wilson. “Ten Quick Tips for Teaching Programming.” PLOS Computational Biology 14, no. 4 (April 5, 2018): e1006023. https://doi.org/10.1371/journal.pcbi.1006023.

#research #scientificComputing


 
For anyone #teaching #programming, this is excellent.

Ten quick tips for teaching programming


https://journals.plos.org/ploscompbiol/article?id=10.1371/journal.pcbi.1006023

Full citation:

Brown, Neil C. C., and Greg Wilson. “Ten Quick Tips for Teaching Programming.” PLOS Computational Biology 14, no. 4 (April 5, 2018): e1006023. https://doi.org/10.1371/journal.pcbi.1006023.

#research #scientificComputing


 

1991 - A server-side web framework written in Forth

The year is 1991. The World Wide Web has just seen public release. 1991 looks to ease your interactions with the new web using cutting edge programming techniques in Forth (well, Gforth).
http://www.1-9-9-1.com/

This actually looks quite nice!

#programming #forth #webdev


 
Если клиентская часть открыта, а серверная закрыта, очевидно, что это не делает само программное обеспечение открытым. Но рекламная кампания мессенджера телеграм почему-то заявляет, что это программное обеспечение на 100% открыто.
Изветсный ленинградский аналитик пишет:
Проиграв первый год кибервойны с маленькой тарнснациональной корпорацией Телеграм, оно (правительство РФ) решило на кампанию 2019 года повысить ставки и выделило 20 000 000 000 рублей на освоение
В данный момент поддерживаю два тематических транспорта между централизованным телеграмом и децентрализованными сетями обмена мгновенными сообщениями. В западных тематических телеграм чатах количество участников в среднем в 5 раз больше чем в irc (не IT-тематики). Я общался с американцами и бразильцами (в Бразилии телеграмм особо популярен, как я понял) - подавляющее большинство избрали доверить ему свои личные данные и переписки как раз благодаря этой войне, развязанной правительством РФ.
Так что если учитывать, что http://www.dld-conference.com/speakers/digital-business/pavel-durov_aid_3087.html" target="_blank">в последний год своего обучения Дуров закончил профессиональную подготовку на факультете военного обучения СПбГУ по специализации «Пропаганда и психологическая война», по окончании которой получил звание лейтенанта запаса и сразу по окончании вуза он создал «ВКонтакте», крупнейшую на данный момент социальную сеть в России, то можно сказать что Павел справился с поставленной задачей весьма неплохо и уже давно не лейтенант.
С теми, кто публично и искренне идёт против нынешнего правительства РФ, известно что случается: Политковская, Литвиненко. Последнему даже британская протекция не помогла.
Если бы земляк почти всего состава кооператива Озеро, Павел Дуров, искренне воевал с правительством РФ - его бы скорее всего ждала похожая участь. Или Павел просто отрабатывает свою профессию? Судя по количеству пользователей его проприетарного мессенджера, вокруг которого создана иллюзия открытости - отрабатывает он весьма успешно.
Если вы пользуетесь телеграмом для того, чтобы скрыть какие-то данные от американских спецслужб, скорее всего - это бесполезная затея. Ведь рекламная операция по блокировке мессенджера началась вскоре после визита глав российских спецслужб в Вашингтон (даже несмотря на то, что некоторые из них были в санкционных списках, фактически нарушая американское законодательство). Скорее всего доступ к личным данным пользователя мессенджера согласован.
#conspiracy #hoax #telegram #usa #russia #uk #nsa #fsb #cia #programming #metaprogramming #software #property


 

Trriggy - A naive trigger/drum replacer in Rust


I've been needing somthing to replace drum sounds on recordings for quite some time, so with a bit of vacation time, I wrote my own drum replacer: https://code.volse.no/trriggy.git

It's extremely naive, but seems to work well on the few tracks I've thrown at it for now.

#programming #audio #drums #rust


 
regular reminder (especially to #Electron fans) that not caring about your code's performance means that you are excluding poor people from using it

#programming


 
Hey everyone, I’m #newhere and the creator of a very occasional blog about programming and problem solving called REINDEEREFFECT. There's a new article in the works (on recursive descent parsing), and I look forward to announcing its release soon. Meanwhile, there are a few articles already up. Have a look! I hope you find them useful.

I’m interested in #coffee, #programming, #python, and #science. Also, #rum.


 
Hey everyone, I’m #newhere and the creator of a very occasional blog about programming and problem solving called REINDEEREFFECT. There's a new article in the works (on recursive descent parsing), and I look forward to announcing its release soon. Meanwhile, there are a few articles already up. Have a look! I hope you find them useful.

I’m interested in #coffee, #programming, #python, and #science. Also, #rum.


 

A Guide to Undefined Behavior in C and C++


Understanding undefined behaviour is an essential part of mastering programming languages like C and C++. Still most books I've seen teaching these languages don't touch on it at all, or gloss over it very quickly. Those that do cover it in some way seem to mostly focus on the technicality. This three part series goes a bit deeper and explains the reasoning behind undefined behaviour and why it's important to a much greater extent. This should be essential reading for anyone serious about programming in C or C++.

https://blog.regehr.org/archives/213

#programming #cpp #c #undefinedbehaviour


 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption


 
Hey everyone, I’m #newhere. I’m interested in #android, #climatechange, #debian, #doctorwho, #dragon, #linux, #opensource, #opensuse, #programming, #python, #raspberrypi, #science, #siduction, and #tesla.

Well, this has perked my interest. Let's see where it goes. There seems to be a few alternatives to G-Plus, but pluspora seems to be the most active.


 
Hey everyone, I’m #newhere. I’m interested in #android, #climatechange, #debian, #doctorwho, #dragon, #linux, #opensource, #opensuse, #programming, #python, #raspberrypi, #science, #siduction, and #tesla.

Well, this has perked my interest. Let's see where it goes. There seems to be a few alternatives to G-Plus, but pluspora seems to be the most active.


 
Hi and welcome! I share your interests in #python, #programming and #freesoftware :)


 
Hey everyone, I’m #newhere. I’m interested in #anime, #bash, #crystal, #debian, #doctorwho, #freesoftware, #go, #googleplus, #gplusrefugee, #linux, #madpagan11, #mastodon, #newhere, #opensuse, #podcasts, #programming, #python, #raspberrypi, #reddit, #ruby, #rust, #rwby, #savegoogleplus, #shell, #siduction, #solus, #startrek, #twitter, #utau, #vocaloid, and #youtube...among other things.

Many of you might remember me from popular social networks, such as:
Google+
Twitter
Mastodon
MeWe
Minds
YouTube: jpyper <- Go here for playlists of things that interest me.
YouTube: MaDpAGaN11 <- Go here for MaDpAGaN11 Vocaloid group, which I am a member of, and consultant for.
Instagram


 

A Minimal C64 Datasette Program Loader

The Commodore Datasette recording format is heavily optimized for data safety and can compensate for many typical issues of cassette tape, like incorrect speed, inconsistent speed (wow/flutter), and small as well as longer dropouts. This makes the format more complex and way less efficient than, for example, “Turbo Tape” or all other custom formats used by commercial games. Let’s explore the format by writing a minimal tape loader for the C64, optimized for size, which can decode correct tapes, but does not support error correction.
https://www.pagetable.com/?p=964

!{retrocomputing@silverhaze.eu} #c64 #programming #history


 

#Going #Linux


Immagine/foto
http://goinglinux.com/screencasts.html
This site has both podcasts, as well as Tutorials.

#Linux Voice


Immagine/foto
https://www.linuxvoice.com/category/podcasts/
(Note, they have free downloads of back ‘print’ issues, as well…)

#Linux #Programming and #Scripting PDFs


 

#Linux #Programming and #Scripting PDFs



Here is the .iso and .zip versions containing the following:

https://archive.org/details/LinuxUnixPDFs

with…

#Bash #Cook #Book.pdf

Bash It Out Strengthen Your Bash knowledge with 17 Scripting Challenges (2017).pdf

Bash #Pocket #Reference.pdf

C Programming A Modern Approach.pdf

Certified Ethical #Hacker.pdf

Computer #Security Fundamentals.pdf

From Bash to Z #Shell.pdf

Gray Hat Hacking Third Edition.pdf

Grep Pocket Reference.pdf

Hack X Crypt.pdf

Hacking Vim.pdf

Hacking for Beginners The Ultimate #Guide For Newbie Hackers.pdf

How Linux Works.pdf

Just Say No To Microsoft.pdf

Learning Bash Shell.pdf

Learning C by Example.pdf

Linux #Command Line and Shell Scripting #Bible.pdf

Linux Essentials.pdf

Linux Shell Scripting #Cookbook.pdf

Linux The Ultimate Step by Step Guide.pdf

Linux Utilities Cookbook.pdf

Oreilly Linux Cookbook.pdf

Pocket Reference.pdf

Practical Linux Security Cookbook.pdf

Quick Hacks For The Command Line.pdf

#Sed and #Awk.pdf

Shell Scripting Guide.pdf

Shell Scripting.pdf

#Shell #Tutorial.pdf

Simple Steps To Data #Encryption.pdf

TLCL.pdf

The Linux Command Line.pdf

#UNIX and Linux System Administration Handbook (4th Ed).pdf

UNIX and Linux System Administration Handbook (5th Ed)(gnv64).pdf

WiFi Hacking for Beginners Learn Hacking by Hacking WiFi networks (2017).pdf

Wicked Cool Shell Scripts.pdf


 

The pain of HSTS and the ever expanding list of TLD's...


HTTP Strict Transport Security is a very nice feature. By returning a response with this header set from a properly configured HTTPS site, you instruct the browsers to don't try to contact your server over unsecured channels again. At least until the validity of the header times out. Even better, by submitting your domain to google, they'll put it on a list that is embedded by all the major browsers, so that the browser will insist on using a secured channel even the first time it connects to your server. Great stuff, you should use it!

Now I maintain the code for a few web sites, and as a precaution against my own fuck-ups, I have set up a virtual mirror of my hosting environments as a staging area. That is where I deploy my code once I think I have done something useful to it, and if it works there, I go on and deploy it to the actual production servers. Again, VirtualBox makes this easy and straight forward to do.

The final piece of the puzzle is of course to hack the hosts file on my system so that Server Name Indication (SNI) works as it should on my virtual staging boxes. Since I don't want to block access to the production servers I have created my own internal TLD (.dev as it happens,) and use names under that TLD to reach my staging setups. This has worked flawlessly for a long time.

Just this weekend I had to pick up an old project for some fairly simple fixes. The code changes didn't take much time, deploying to the staging server is always more painful, but not more than usual. It's when I point my web browser to the staging site to see that everything works the pain begins... Firefox helpfully informs me that the site is using HSTS, so a self signed cert will not do, thank you! Qutebrowser just hangs around and does nothing... Curl is happy giving me the site, as long as I tell it to not be too picky about the cert. So I know the server is working, and as expected the returned headers don't mention anything at all about HTTP Strict Transport Security. No matter how sternly I frown, nothing can convince Firefox or Qutebrowser to show me my site.

Checking https://hstspreload.org to see if some nuthead has submittet my internal site to the HSTS preload list, and sure enough - there it is! That's when I discovered Google has registered the .dev top level domain, and I'll have to find myself another one for my internal tests. That means reconfiguring my staging vms, regenerating certs and changing my hosts files as well. Hopefully I can find something that will never be an official TLD, so nobody will submit any name that matches mine to the HSTS preload list.

Grumpf!

\#hsts #tld #webdev #tls #security #programming


 
Hi and welcome! I share your interest in #opensource and #programming


 

x86-64 Assembly Language Programming with Ubuntu


The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular…

HN Discussion: https://news.ycombinator.com/item?id=17884893
Posted by lainon (karma: 13181)
Post stats: Points: 129 - Comments: 46 - 2018-08-31T12:21:55Z

\#HackerNews #assembly #language #programming #ubuntu #with #x86-64
Article content:




[1]x86-64 Assembly Language Programming with Ubuntu Cover Page

The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular x86-64 class of processors using the Ubuntu 64-bit Operating System (OS). While the provided code and various examples should work under any Linux-based 64-bit OS, they have only been tested under Ubuntu 14.04 LTS (64-bit).

x86 Text, PDF Format: [2]x86-64 Assembly Language Programming with Ubuntu

References

Visible links
2. http://www.egr.unlv.edu/~ed/assembly64.pdf

HackerNewsBot debug: Calculated post rank: 101 - Loop: 282 - Rank min: 100 - Author rank: 54


 

x86-64 Assembly Language Programming with Ubuntu


The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular…

HN Discussion: https://news.ycombinator.com/item?id=17884893
Posted by lainon (karma: 13181)
Post stats: Points: 129 - Comments: 46 - 2018-08-31T12:21:55Z

\#HackerNews #assembly #language #programming #ubuntu #with #x86-64
Article content:




[1]x86-64 Assembly Language Programming with Ubuntu Cover Page

The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular x86-64 class of processors using the Ubuntu 64-bit Operating System (OS). While the provided code and various examples should work under any Linux-based 64-bit OS, they have only been tested under Ubuntu 14.04 LTS (64-bit).

x86 Text, PDF Format: [2]x86-64 Assembly Language Programming with Ubuntu

References

Visible links
2. http://www.egr.unlv.edu/~ed/assembly64.pdf

HackerNewsBot debug: Calculated post rank: 101 - Loop: 282 - Rank min: 100 - Author rank: 54


 

x86-64 Assembly Language Programming with Ubuntu


The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular…

HN Discussion: https://news.ycombinator.com/item?id=17884893
Posted by lainon (karma: 13181)
Post stats: Points: 129 - Comments: 46 - 2018-08-31T12:21:55Z

\#HackerNews #assembly #language #programming #ubuntu #with #x86-64
Article content:




[1]x86-64 Assembly Language Programming with Ubuntu Cover Page

The purpose of this text is to provide a reference for University level assembly language and systems programming courses. Specifically, this text addresses the x86-64 instruction set for the popular x86-64 class of processors using the Ubuntu 64-bit Operating System (OS). While the provided code and various examples should work under any Linux-based 64-bit OS, they have only been tested under Ubuntu 14.04 LTS (64-bit).

x86 Text, PDF Format: [2]x86-64 Assembly Language Programming with Ubuntu

References

Visible links
2. http://www.egr.unlv.edu/~ed/assembly64.pdf

HackerNewsBot debug: Calculated post rank: 101 - Loop: 282 - Rank min: 100 - Author rank: 54


 
Hacker Finds Hidden 'God Mode' on Old x86 CPUs https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
#risc #hacker #hacking #x86 #programming #computer #linux #cpu #secret #hidden #backdoor


 
Hi everyone! I’m #newhere.
I’m here to share my thoughts and snaps while I #travel and get inspiration for #cycling #camping #trekking or #backpacking. I’m in #it / #programming and always interested in #decentralization and rad #opensource projects. I’m from #germany but consider myself an #earthling. #antifascist

That should get me started?
#german #english #deutsch


 
Hi everyone! I’m #newhere.
I’m here to share my thoughts and snaps while I #travel and get inspiration for #cycling #camping #trekking or #backpacking. I’m in #it / #programming and always interested in #decentralization and rad #opensource projects. I’m from #germany but consider myself an #earthling. #antifascist

That should get me started?
#german #english #deutsch


 
Nuitka is a Python compiler I never heard of. It just achieved 3.7 compatibility. Cool!

> Right now Nuitka is a good replacement for the Python interpreter and compiles every construct that all relevant CPython version, and even irrelevant ones, like 2.6 and 3.2 offer. It translates the Python into a C program that then is linked against libpython to execute in the same way as CPython does, in a very compatible way.

> It is somewhat faster than CPython already, but currently it doesn't make all the optimizations possible, but a 258% factor on pystone is a good start (number is from version 0.3.11).

#python #programming #compiler #softwareengineering


 
In summary, it is possible to make C code run quickly but only by spending thousands of person-years building a sufficiently smart compiler—and even then, only if you violate some of the language rules. Compiler writers let C programmers pretend that they are writing code that is "close to the metal" but must then generate machine code that has very different behavior if they want C programmers to keep believing that they are using a fast language.
https://queue.acm.org/detail.cfm?id=3212479

A really interesting piece from AcmQueue. The headline first had me thinking "what nonsense is this?" But the article raises some very valid points and observations about the mismatch between the clean and simple abstract machine that C presents compared to how moderns hardware actually runs your code. Definitely a good read!

\#programming #c


 
What happens when a file gets executed in Linux? What does it mean that a file is executable? Can we only execute compiled binaries? What about shell scripts then? If I can execute shell scripts, what else can I execute? In this article we will try to answer those questions.
https://ownyourbits.com/2018/05/23/the-real-power-of-linux-executables/

Nice and thorough description of what's happening under the hood when Linux executes a binary (or anything else.)

\#linux #programming #sysadmin


 
So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).
https://floooh.github.io/2018/06/02/one-year-of-c.html

Interesting writeup.

\#programming #c #c++


 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption


 
Functional #Programming in #Erlang

Functional Programming in Erlang - Free online course

Learn the theory and practice of functional programming in Erlang, through practical exercises and suggested projects.


 
Bruce Schneier: The US government is coming for YOUR code, techies
Software flaws that may once have been capable of crashing applications have the potential to crash cars, planes, medical devices, appliances, and other connected infrastructure. As a result, Schneier contends, the restrictions and regulations that attempt to defend against real world risks will be placed on the tech world.

"What we're going to see is increased government involvement," Schneier said. "Because that's what happens in the world of dangerous things."

https://www.theregister.co.uk/2017/02/14/the_government_is_coming_for_your_code/

I don't think this is just about the US government, but US media seems to forget there is a world outside. I'm not sure it's necessarily a bad thing either, but as Schneier points out it all depends on how informed the agencies or institutions that constitute this involvement will be.

#programming #society

Bruce Schneier: The US government is coming for YOUR code, techies

Open source has won, but victory may be fleeting


 
Pathfinder, a Fast GPU-based Font Rasterizer in Rust

A very nice article explaining a lot of insights into the technicalities around font rendering. The post itself isn't really about rust, but shows you can do some really nice things in this language.

https://pcwalton.github.io/blog/2017/02/14/pathfinder/

#programming #fonts #rendering #rust