Language Selection

English French German Italian Portuguese Spanish

Development: bzip2, curl, debci and programming leftovers (C++, Python etc.)

Submitted by Roy Schestowitz on Friday 21st of June 2019 05:02:35 PM Filed under
Development
  • Preparing the bzip2-1.0.7 release

    From bzip2-1.0.1 (from the year 2000), until bzip2-1.0.6 (from 2010), release tarballs came with a special Makefile-libbz2_so to generate a shared library instead of a static one.

    This never used libtool or anything; it specified linker flags by hand. Various distributions either patched this special makefile, or replaced it by another one, or outright replaced the complete build system for a different one.

  • Bzip2 Is About To See Its First Real Update In Close To A Decade

    The Bzip2 open-source compression program is about to see its first real release since September 2010. This new version brings new build systems, security fixes, and much more. 

    Earlier this month we wrote about Bzip2 seeing a revival under new maintainership. With Federico Mena-Quintero having taken the reigns from Bzip2 creator Julian Seward, he's busy working on this imminent 1.0.7 release as well as longer-term plans like potentially porting parts of the program to Rust.

  • Kids can be so crurl: Lead dev unchuffed with Google's plan to remake curl in its own image

    Google is planning to reimplement parts of libcurl, a widely used open-source file transfer library, as a wrapper for Chromium's networking API – but curl's lead developer does not welcome the "competition".

    Issue 973603 in the Chromium bug tracker describes libcrurl,"a wrapper library for the libcurl easy interface implemented via Cronet API".

    Cronet is the Chromium network stack, used not only by Google's browser but also available to Android applications.

  • Java and JavaScript remain the most popular programming languages

    That's according to State of Developer Ecosystem report out of JetBrains, which saw the firm survey 7,000 coders about key industry trends. The main takeaways are that Java is the most popular primary programming language; JavaScript is the most used overall; Go is the most promising; and Python is the most studied.

    69 per cent of developers (nice) have used JavaScript over the past 12 months, followed by HTML/CSS (61 per cent), SQL (56 per cent), Java (50 per cent), Python (49 per cent) and Shell scripting languages (40 per cent).

  • Candy Tsai: Outreachy Week 5: What is debci?

    After being asked sooo many times what am I doing for this internship, I think I never explained it well enough so that others could understand. Let me give it a try here.

    debci is short for “Debian Continuous Integration”, so I’ll start with a short definition of what “Continuous Integration” is then!

  • Token Based Authentication for Django Rest Framework

    Django is of the popular web development framework based on python having a large community and is used by many top websites presently. And Django Rest Framework, one of the most popular python package meant for Django to develop rest api’s and it made things really easier from authentication to responses each and everything.

  • Report from February 2019 ISO WG21 C++ Standards Committee Meeting

    The February 2019 ISO C++ meeting was held in Kailua-Kona, Hawaii. As usual, Red Hat sent three of us to the meeting: I attended in the SG1 (parallelism and concurrency) group, Jonathan Wakely in Library, and Jason Merrill in the Core Working Group (see Jason’s report here). In this report, I’ll cover a few highlights of the meeting, focusing on the papers that were discussed.

    The first part of the week in SG1 was spent primarily on papers related to the Executors proposal (p0443). First up was “Integrating executors with the parallel algorithms” (p1019). SG1 also saw this paper at the Fall WG21 meeting in San Diego (see my Fall 2018 trip report). Much of the discussion around this paper in Kona centered on whether supplying an executor to an algorithm required that the algorithm must execute on the supplied executor. Currently, execution policies are just hints to the algorithm, and the algorithm is free to ignore the hint (e.g., some algorithms have no profitable parallelization, or parallelization may not be profitable for small input ranges, so an algorithm may ignore the user’s request for parallelization).

    We also spent some time trying to get a clearer definition of what counts as a Thread of Execution (ToE) in the context of p1019 (e.g., does a ToE imply TLS? What about fibers, SIMD lanes, etc.?) and the standard parallel algorithms, as well as how exceptions might be handled. Currently, exceptions in parallel algorithms terminate the calling program. The consensus was that we’d like to aim for executors supplied to algorithms to require that the algorithm strictly execute on the supplied executor. The author was asked to work on a subsequent revision of the paper with this guidance in mind. No conclusions were reached on the topic of exception propagation or what specifically constitutes a ToE in this context.

    Next, there was a brief discussion on an experience report I wrote for the Fall meeting (p1192). I had no new information on this paper for Kona but expect to bring either an update or a new paper based on work I will be doing to replace the default execution backend of the libstdc++ implementation of parallel algorithms from Intel’s Thread Building Blocks to a backend based on OpenMP.

  • 3D – Interactions with Qt, KUESA and Qt Design Studio, Part 1

    I’m a 3D designer, mostly working in blender. Sometimes I come across interesting problems and I’ll try to share those here. For example, trying to display things on low-end hardware – where memory is sometimes limited, meaning every polygon and triangle counts; where the renderer doesn’t do what the designer wants it to, that sort of thing. The problem that I’ll cover today is, how to easily create a reflection in KUESA or Qt 3D Studio.

    Neither KUESA or Qt 3D Studio will give you free reflections. If you know a little about 3D, you know that requires ray tracing software, not OpenGL. So, I wondered if there would be an easy way to create this effect. I mean, all that a reflection is, is a mirror of an object projected onto a plane, right? So, I wondered, could this be imitated?

  • Linear Regression in Python

    Linear Regression is a supervised statistical technique where we try to estimate the dependent variable with a given set of independent variables. We assume the relationship to be linear and our dependent variable must be continuous in nature.

  • Announcing GitLabracadabra 0.2.1

    Mid-October I started at work a tool in Python to create and update our projects hosted in our GitLab instance.

  • Kubernetes 1.15 Releaased, Offensive Security Reveals the 2019-2020 Roadmap for Kali Linux, Canonical Releases a New Kernel Live Patch for Ubuntu 18.04 and 16.04 LTS, Vivaldi 2.6 Now Available, and Mathieu Parent Announces GitLabracadabra

    Mathieu Parent today announces GitLabracadabra 0.2.1. He started working on the tool to in Python to create and update projects in GitLab. He notes that "This tool is still very young and documentation is sparse, but following the 'release early, release often' motto I think it is ready for general usage."

  • Let’s Build A Simple Interpreter. Part 15.

    Before moving on to topics of recognizing and interpreting procedure calls, let’s make some changes to improve our error reporting a bit. Up until now, if there was a problem getting a new token from text, parsing source code, or doing semantic analysis, a stack trace would be thrown right into your face with a very generic message. We can do better than that.

    To provide better error messages pinpointing where in the code an issue happened, we need to add some features to our interpreter. Let’s do that and make some other changes along the way. This will make the interpreter more user friendly and give us an opportunity to flex our muscles after a “short” break in the series. It will also give us a chance to prepare for new features that we will be adding in future articles.

»

More in Tux Machines

today's howtos

GNOME Asia Summit 2019 Announced for GNOME 3.36 "Gresik" Desktop in Indonesia

Every year, the GNOME developers and contributors gather together for the GUADEC (GNOME Users And Developers European Conference) and GNOME Asia Summit events to plan the next major release of their beloved, open-source desktop environment for Linux-based operating systems. While the GUADEC 2019 conference will kick off this summer between August 23rd and 28th, in Thessaloniki, Greece, for the upcoming GNOME 3.34 "Thessaloniki" desktop environment, the GNOME Asia Summit 2019 event will take place between October 11th and 13th, 2019, in Gresik, Indonesia. Read more

CentOS 7 and RHEL 7 Get Important Linux Kernel Update to Patch SACK Panic Flaws

The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value. "While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented," reads Red Hat's security advisory. "Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments." Read more

Security: Updates, Holes, FUD and Primers

  • Security updates for Friday
  • Critical Firefox vulnerability fixed in 67.0.3
  • NASA Lab Hacked Using A $25 Raspberry Pi Computer
    Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi. The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen. [...] Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.
  • DragonFlyBSD 5.6.1 Released To Fix TTM & OpenSSH Problems
    There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel. That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.
  • Google Accidentally Releases July 2019 Pixel Update In June
    Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly. As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.
  • 100 Million Dell [Microsoft Windows-laden] PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software
    The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not. Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.
  • Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs [Ed: Attributing dumb people installing malicious files on their disk to "Linux".]
    One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good. The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.
  • New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
    A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.
  • Understanding Public Key Infrastructure and X.509 Certificates
    Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates. This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors. As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6