Best Programming Master

The Apache Software Foundation (ASF) has released a new report examining key metrics, specific vulnerabilities and top security issues across its projects last year. The new report also notes all of the major security events that posed risks to its projects.  According to the report, t he first serious security event last year was an issue in Tomcat, CVE-2020-1938 that was later named “Ghostcat,” which affected Tomcat installations that exposed an unprotected AJP Connector to untrusted networks. Now, various proof-of-concept exploits are public for this issue, including a Metasploit exploit.  In May, the The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2017-5638, the remote command execution (RCE) vulnerability in Apache Struts 2 disclosed and fixed in 2017 to the list of Top 10 Routinely Exploited Vulnerabilities list.  In July, versions of Apache Guacamole 1.1.0 were found to be vulnerable to issues in RDP, notably when a user connected to a malicious or compr

Security Compass has announced a hands-on training lab for balanced development automation. The new interactive virtual lab offers training across multiple exploit scenarios to help developers understand common vulnerabilities and how to build secure software, the company explained.  The training lab can now be added to existing subscriptions for the Software Security Practitioner (SSP) Suites, a role-based e-learning program, or Full Library, which has  35 on-demand courses for required education or personal interest. “Professionals are increasingly seeking innovative ways to learn new skills, and test this knowledge in a safe environment,” said Lauren Park, the director of training at Security Compass. “We are committed to providing new ways for developers to gain this knowledge, and are proud to launch our hands-on training lab as the latest resource for customers to improve their security posture.” Capacitor Core plugin changes As of Capacitor 3.0 beta, all officially supported

Data helps organizations make a number of important decisions, every day. It can be used to measure ROI of marketing campaigns and even aggregate user habits. It can also be used to better your DevOps team.  In a Power Talk with SD Times, Steve Boone, DevOps head of product management at HCL Software , and Bryant Schuck, Accelerate product manager at HCL Software, explained how DevOps teams can use data to influence people, processes, and technology in order to build a more data-driven organization. According to Boone, there is no shortage of data that a DevOps organization produces. He recommends starting with data-driven DevOps by asking questions like: “How are we interacting as a team? How are we processing work? How do we handle work? How do we track work?” When working with customers, he starts off by looking into source code and management tools and trying to make correlations between the code that is being written and the business value it brings.  “Just by looking at th

Hello everyone, In this article we will see how string trimming can be done in C++. Let us first understand what is trimming and where it can be of importance. Trim: Trimming is a string operation where we remove extra whitespaces from the start and end of a string and if some spaces are present in between the string those won’t be removed with the operation. For e.g. “ Hello world  “ will become “Hello world”. Now where and how trimming a string can be useful? Trimming is done in forms where user type some information which is then sent to servers. So if your email address is abc@xyz.com and you mistakenly typed a space at last that should be removed before sending it to the server. C++ String Trim – 3 Ways to Trim String Method 1: Writing Own Trim Function We can write our function for trimming a string, we just have to identify the number of spaces present at beginning before any non-space character and same from the end. The function to do the same is illustrated below: 

Microsoft has expanded the scope of Win32 APIs beyond support for C and C++, with added support for C# and Rust through the win32metadata project now available in preview on GitHub. Other languages will follow, according to the Windows development team.  Previously, developers using languages other than C and C++ had to use wrappers or bindings in order to access these APIs, which increases the chances of an error and doesn’t scale to broad API coverage, according to Microsoft.  This has prompted several community projects to try to provide a more strongly typed and idiomatic representation of those wrappers and bindings to provide an improved developer experience such as PInvoke for .NET and winapi-rs for Rust. However, since these projects are all manually maintained, the Windows SDK team said it started its own version to take some of the burden off of the community. “The goal of the win32metadata project is to provide a complete description of the Win32 API surface in metadata

In response to Elastic changing its license for Elasticsearch and Kibana products, Amazon has responded with plans to create and maintain an Apache License, Version 2.0 fork of the open-source products.  Elastic announced earlier this week that it would be moving from the Apache 2.0 license to a dual license for Elasticsearch and Kibana, which includes the Elastic License and Server Side Public License (SSPL). “We think that Amazon’s behavior is inconsistent with the norms and values that are especially important in the open source ecosystem. Our hope is to take our presence in the market and use it to stand up to this now so others don’t face these same issues in the future,” Shay Banon, founder and CEO of Elastic, explained in a post .  Amazon now argues that doing this means Elasticsearch and Kibana will no longer be open sourced and that the Elastic License limits how the code can be used while the Server Side Public License makes it unacceptable to the open-source community. 

Datatron released a new governance dashboard that allows data scientists and analysts to monitor and optimize their AI solutions.  The new offering provides AI and machine learning model transparency risk management to help organizations comply with regulations while optimizing for business outcomes through visualizations and key metrics.  “Just as cyberattacks can be devastating to companies, so can poorly governed AI models,” said Rachel Moore Weller, a Datatron board member. “Datatron is solving this problem by democratizing AI governance, establishing trust and transparency, and mitigating risks and fines.” DevOps Institute announces new growth and expanded team  DevOps Institute announced a 57% growth in staff with the addition of eight new team members and said that this would help them keep up with the high demand for events, resources and membership participation. This will result to a new crowd-sourced, vendor neutral DevOps Capability Assessment (DOCA), as well as a tier

The Apache Foundation (ASF) has announced the open-source project Apache Superset is now a top-level project. Reaching top-level status indicates that the project has graduated from Apache’s incubation program and meets specific ASF requirements.  Apache Superset is designed as a modern data exploration and visualization platform that enables users to build and explore dashboards through a no-code visualization builder and SQL editor. It was first developed in 2015 at Airbnb, and joined Apache in 2017.  “It’s been amazing to be an active part of growing a welcoming, diverse and engaged community over the past five years while following the ASF principles around inclusion, openness and collaboration,” said Maxime Beauchemin, vice president of Apache Superset. “At the scale and level of diversity that the Superset project has achieved, it’s critical to have a solid governance model in place like the one prescribed by the ASF.” The latest version of the project, version 1.0, provides a

For years, technology enthusiasts have used tools such as extreme injector to create DLL libraries to carry out specific jobs or processes. The main purpose of these types of libraries is to hijack the software it is being used on. Many gamers who want a competitive edge use these DLL injection tools to alter certain parts of the game to make it easier to win. If you are a software or game developer, you need to find ways to avoid DLL hijacking and the problems it can cause. While this may sound like a relatively easy process, it is anything but. The tools that hackers use to infiltrate software and wreak havoc changes constantly. This is why you have to stay on the cutting edge of technology when trying to keep your games and software safe and functional. Below are some things you can do to keep your software safe from DLL hijacking. Understand Phantom DLL Hijacking Cyber attacks cost the global economy more than $600 billion a year . The key component of preventing any type of

Today’s release includes 24 new UI components across all Kendo UI libraries as well as support for Angular 11 and React 17. Kendo UI for Angular introduces components including DropDownTree, MultiColumnComboBox, TileLayout, FloatingActionButton and more while KendoReact includes many of the same alongside added built-in keyboard navigation and UI enhancements. Kendo UI for Vue and jQuery also come packed with new components to enable developers to quickly build high-performance responsive web applications, according to Progress in a   post . Platform9 announces new DevOps productivity capabilities  Platform9’s announced new features for its platform including multi-version Kubernetes support, enhanced cluster deployment options, and upgraded manageability. DevOps teams can now run multiple versions of managed Kubernetes across staging, production and development environments and can decide which upgrades and patches to perform and time them when convenient.  “Focused on offering

Today financial services firms face unprecedented consumer expectations. The pressure is on to produce always-on apps that deliver whenever and however users need it.  Organizations are responding to this pressure by choosing to focus on DevOps, agile development and other initiatives that can accelerate time to market, boost performance and improve efficiency. Those producing the best outcomes, though, have one additional thing in common. They are modernizing testing.  Why is test modernization so important? Just consider the experiences of one, large financial services enterprise, who had adopted proprietary test tools that were costly to maintain. Test scripts were developed manually, resulting in long delays as development teams waited for code to be tested. There simply was no way to integrate and deliver code continuously at speed without sacrificing quality.  The dilemma is all too common. Application testing simply hasn’t kept pace with market demands. Many organizations are

Red Hat has announced a number of new updates coming to Red Hat Enterprise Linux (RHEL) to make it more accessible to developers and development teams. “Just as in the past, we’re committed to making the RHEL ecosystem work for as broad a community as we can, whether it’s individuals or organizations seeking to run a stable Linux backend; community projects maintaining large CI/Build systems; open source developers looking toward “what’s next;” educational institutions, hardware, and software vendors looking to bundle solutions; or enterprises needing a rock-solid production platform,” Red Hat wrote in a post .  First, it is introducing a no-cost version for small production workloads. According to Red Hat, no-cost RHEL currently exists through the Red Hat Developer program, but the program’s terms limited it such that it could only be used by single-machine developers. Now, the no-cost RHEL can be used for up to 16 systems.   This expanded Red Hat Developer program can also be use

Microsoft has revealed its plans for the Entity Framework Core 6.0. The company plans on working on the most requested features, based on user feedback through the project’s GitHub page. Current features planned include SQL Server temporal tables, JSON columns, and the ability to have arbitrary ordering of columns when creating a table with Migrations.  There are also a number of performance enhancements planned, including improving the infrastructure for performance tests, compiled models that will improve startup performance, matching Dapper performance on the TechEmpower Fortunes benchmark, and making EF Core work better with linkers and AOT.  Microsoft also plans to offer better support for managing migrations and deploying databases. It will focus on two major areas of improvement: migrations bundles and managing migrations. In addition, it will work on improving existing features, such as EF6 query parity, value objects, Cosmos database provider, and more. Other areas Micros

Elastic is the latest company changing its software licensing model to protect its open-source code from cloud providers. The company announced its Apache 2.0-licensed source code in Elasticsearch and Kibana will now be moving to a dual license under the Server Side Public License (SSPL) and the Elastic License. This means users can choose which license is best for them, and can have access to use, modify, redistribute and collaborate on code. Elastic founder and CEO Shay Banon explained while this change will most likely have little to zero effort on its user community, cloud customers or self-managed software customers, he felt the change was necessary.  RELATED CONTENT:  New software licenses aim to protect against cloud providers Making open source work for you and your business “So why the change? AWS and Amazon Elasticsearch Service. They have been doing things that we think are just NOT OK since 2015 and it has only gotten worse. If we don’t stand up to them now, as a succe

The newly announced Splice Machine Feature Store is designed to help companies implement machine learning in their operations by providing data scientists with actionable real-time data and by reducing the complexity of feature engineering.  “The old way of doing things meant data science operations were simply not scalable. The Splice Machine Feature Store enables you to harness complex analytics in real time and transform real-time data into features, so your models are never uninformed. It also stores feature history making training set creation a single click,” said Monte Zweben, the CEO of Splice Machine.  By reusing features and avoiding duplicative feature engineering, AI/ML can be put into production up to 80% faster. Additional details are available here . Command PATH security fix in Go The new Go security release fixes an issue involving PATH lookups in untrusted directories that can lead to remote execution during the go get command. The go command was also able to ex