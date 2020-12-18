Programming Leftovers Advent of Rust, Day 20 and 21: Stumped by Sea Monsters Unlike in the past puzzles, I have no idea how to tackle this problem, so I start just by reading in the data. I’ll create a struct Tile to hold the data. I don’t have to store the actual image data, just the borders, so I can compare them to the borders of the other tiles. There are eight borders — one on each of the four sides, plus the tiles may also be flipped, so the same borders again but reversed. I’ll store each border as a u16 bit pattern for easy comparing, in an array of length 8.

Learn Rust by writing a simple game Start programming with a simple game you can try in multiple languages.

Josef Strzibny: Serve Django static assets with Gunicorn Serving static assets by the application server such as Gunicorn is usually not a good idea. We should prefer a web server with a better performance, but what if you want to serve the assets directly with the Django application?

Joachim Breitner: Don’t think, just defunctionalize CPS-conversion and defunctionalization can help you to come up with a constant-stack algorithm.

Go 1.16 Beta 1 is released We have just released go1.16beta1, a beta version of Go 1.16. It is cut from the master branch at the revision tagged go1.16beta1. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

Two more months until Go: 1.16 beta offers improved tooling up for a test-drive With two more months until the final Go 1.16 release, the Go team has called upon developers to start testing the newly cut first beta version of the programming language. However, those looking to play with new language features might have to sit this one out, as work has mainly been done on the tooling and infrastructure front this time around. Most changes can be found in the go command which now allows the embedding of static files and file trees into executables through a new //go:embed directive, and has become module-aware by default. To support the latter, go install has learned to accept arguments with version suffixes for installing packages in module mode without taking the go.mod file into account.

[Older] Jakarta EE 9 provides new baseline for evolution of platform The Eclipse Foundation has announced the release of Jakarta EE 9, which provides a new baseline for the evolution of the platform. According to the Eclipse Foundation, the major change in Jakarta EE 9 is the completion of the transition from the javax.* package namespace to the jakarta.* namespace. The foundation explained this namespace change establishes Jakarta EE 9 as a foundation to develop enterprise Java applications on.

Proprietary Software Failures and Security Leftovers Microsoft rushes out fix for critical Windows 10 bug A new critical bug appears to have emerged in Windows 10, which is crashing some computers when they run the chkdsk command. It appears that this bug is affecting Windows 10 running the latest update (December 2020), which was released by Microsoft to fix numerous problems. Instead, as Windows Latest reports, some users have found that when they run the Check Disk tool (also known as chkdsk), their PCs crash, and the dreaded Blue Screen of Death appears.

Microsoft Azure breach left thousands of customer records exposed Thanks to questionable security practises by an app developer, more than half a million sensitive documents of its customers were exposed on the Internet. The documents were housed in an unprotected Microsoft Azure blob storage and could be viewed by anyone with the direct address of the files, without any kind of authentication. Azure Blob storage is a feature of Microsoft Azure that allows users to store large amounts of unstructured data on Microsoft's data storage platform. The unsecured blob was managed by Surrey-based app developer Probase and according to The Register, it contained 587,000 files, ranging from backed-up emails to letters, spreadsheets, screenshots, and more.

Security updates for Tuesday Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark, ceph, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2, firefox, java-1_7_0-ibm, java-1_7_1-ibm, PackageKit, and thunderbird).

But, what about root passwords? If you’ve walked long enough into your enterprise identity management journey you might reach this question: How will root passwords be managed? Having centralized user and group IDs, your access policies—Host Based Access Control (HBAC) and Role Based Access Control (RBAC)—in Red Hat Identity Management (IdM) or any similar solution might still leave root passwords unmanaged. [...] While there is a resemblance in some of these examples and the public cloud’s approach in having no root password set, and shifting the privileged access to users other than root, there is one big difference. Many physical and virtual provisioning workflows for on-prem will include setting up a default root password for a variety of reasons, but those reasons are beyond the scope of this blog post.

Kali Linux: The Last 12 Months (2019/2020) & Looking forwards (2021) As the end of the year is coming up (some may say not quickly enough), we want to take a few minutes and recap on our roadmap 2019/2020 post. At a higher level, the last 12 months of Kali Linux (outside of the normal release items – e.g. packages updates), Kali has had various refreshes, switches and additional new features added.

Josh Bressers: Episode 248 – Door 23: How to report 1000 security flaws Josh and Kurt talk about how to file 1000 security flaws. One is easy, scale is hard.

The State of Safety Certification of Platforms A lot has been written about safety “certification” of platforms. As the number of applications involving human safety increases in markets such as avionics, automotive, industrial, etc., the importance of the functional safety certification of software that controls key functions has never been greater. There are several standards that govern the safety certification of software like DO-178, SEAL, ISO26262, and IEC61508. It is the best known and perhaps the most rigorous is the DO-178 standard that is governed by the FAA for commercial avionics software. A look “under-the-hood” into the process of safety certification reveals many interesting facts. As the leader of an engineering team that is working on certifying code for deployment on big programs like the Joint Strike Fighter, I thought it would be interesting to share the next level of what is involved. Let me start with a datapoint. The average time to get a single line of source certified to DO-178 DAL A Standard (used for the most critical system functions in aircraft and helicopters) may take 2-3 hours. So, that means that every 2,000 lines of code takes one year to certify. How many applications these days have as little as 2,000 lines of code?