Language Selection

English French German Italian Portuguese Spanish

Programming Leftovers

Filed under
Development
  • Daniel Aleksandersen: Closing the open redirect in the Libravatar ecosystem

    Libravatar is a decentralized open-source alternative to Gravatar – the avatar image service. Last week, I noticed an URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability (CWE-601) in the Libravatar application programming interface (API) specification.

    [...]

    An attacker can use the redirect to leech off the reputation of a Libravatar server’s domain. An open redirect can be used to obscure a link’s true destination, or help a spam or phishing message to sneak past filters.

    An open redirect is a common vulnerability, but the security community tries to shut them down whenever they’re discovered. What’s making this one noteworthy is that you can auto-discover Libravatar servers using DNS service discovery (DNS-SD) by querying domains for the DNS SRV records.

    I DNS-SD queried the web’s top 5,1 million domains (Tranco list #44KX) to see how many Libravatar instances and open redirects I could find. In total, I discovered 18 instances (unique IP addresses) on 23 distinct domain names. 11 instances were vulnerable (13 domain names).

    Notably, the servers operated by academic institutions were not vulnerable. These institutions are likely running custom software solutions on top of their staff and student databases to generate the avatars.

  • Hacks Decoded: Seyi Akiwowo, Founder of Glitch

    I’m not, I don’t think I want to “keep going” anymore. I grew my organization by 50% in terms of income and more in terms of staff and diversified our income streams before we hit the two-year mark — during a pandemic! I’m ready to rest, I’m ready to sleep more, I’m ready to do work that is still great with minimum viable effort. That’s the sweet spot I’m looking for.

  • A Super Speedy Lightweight Lossless Compression Algorithm | Hackaday

    [Dominic Szablewski] was tinkering around with compressing RGB images, when he stumbled upon idea of how to make a simple lossless compression algorithm, resulting in the Quite OK Image Format, which seems to offer comparable file sizes to the PNG format but is so simple it runs up to 50 times faster for compression and up to four times faster for decompression. Implementation can be achieved with a miniscule 300 lines of C. Need a bit more detail on the real-world performance? Well [Dominic] has that covered too, with a complete set of benchmarks for your perusal.

  • HLK-W801 board features Alibaba Xuantie XT804 based MCU with WiFi 4, Bluetooth LE 4.2 - CNX Software

    But the company has a nearly identical WinnerMicro W801 microcontroller that bumps the internal flash to 2MB, and more importantly adds a 2.4 GHz radio with WiFi 4 and Bluetooth LE 4.2 connectivity, and HiLink also released the HLK-W801 board that’s nearly identical to HLK-W806, except for some extra LEDs, a USB-C port instead of a Micro USB port, and a longer form factor to make space for the PCB antenna.

  • Running the MIXAL Insertion Sort | Adam Young’s Web Log

    With the information gained in last posts investigations, I now know how to turn the smaple code of the insertion sort out of TAOCP into runnable code.

    The key insight I had was that the Accumulator was operating on the whole value it would fetch or store, and the I# registers were just used for counters. Thus, the buffer needed to be of word length elements. For MIX that means 5 characters long.

  • Russell Coker: Your Device Has Been Improved

    By “stability improved” they mean “fixed some bugs that made it unstable” and no technical person would imagine that after a certain number of such updates the number of bugs will ever reach zero and the tablet will be perfectly reliable. In fact if you should consider yourself lucky if they fix more bugs than they add. It’s not THAT uncommon for phones and tablets to be bricked (rendered unusable by software) by an update. In the past I got a Huawei Mate9 as a warranty replacement for a Nexus 6P because an update caused so many Nexus 6P phones to fail that they couldn’t be replaced with an identical phone [1].

    By “security improved” they usually mean “fixed some security flaws that were recently discovered to make it almost as secure as it was designed to be”. Note that I deliberately say “almost as secure” because it’s sometimes impossible to fix a security flaw without making significant changes to interfaces which requires more work than desired for an old product and also gives a higher probability of things going wrong. So it’s sometimes better to aim for almost as secure or alternatively just as secure but with some features disabled.

  • All change at JetBrains: Remote development, new IDE preview • The Register

    JetBrains has introduced remote development for its range of IDEs as well as previewing a new IDE called Fleet, which will form the basis for fresh tools covering all major programming languages.

    JetBrains has a core IDE used for the IntelliJ IDEA Java tool as well other IDEs such as Android Studio, the official programming environment for Google Android, PyCharm for Python, Rider for C#, and so on. The IDEs run on the Java virtual machine (JVM) and are coded using Java and Kotlin, the latter being primarily a JVM language but with options for compiling to JavaScript or native code.

  • PHP Foundation Looks to Fund Open Source Language Development

    The PHP Foundation is gearing up as a new organization to help fund and support the continued development of the open source PHP programming language.

  • 1.57.0 pre-release testing

    The 1.57.0 pre-release is ready for testing. The release is scheduled for this Thursday, December 2nd. Release notes can be found here.

  • Combinations from 2 lists: speed trials

    This post was inspired by a recently published scientific paper describing how Python was used to build a list of a million scientific names. Each name was composed of parts taken from a list, and combinations of those parts were generated.

    The result was something like a Cartesian product, about which I've blogged before. This time I was interested in performance: how does the time required to get a result vary with the number of combinations to be built?

  • MONKEY-SEE-NO-CROSSPRODUCT | Playing Perl 6␛b6xA Raku

    The challenge of the week is screaming: “Nest all the loops!”. I don’t like being yelled at, so I refuse to use any nested for/while/loop. The rules don’t require to put the two sub-challenges into separate files, so I won’t.

  • Excellent Free Tutorials to Learn Raku - LinuxLinks

    Raku is a member of the Perl family of programming languages. Formerly known as Perl 6, it was renamed in October 2019. Raku introduces elements of many modern and historical languages. Compatibility with Perl was not a goal, though a compatibility mode is part of the specification.

  • It’s that time of the year… again – Raku Advent Calendar

    And we’re still around and kicking new advent posts with the best, the nicest and the merely possible in the Raku realm.

    Also the 13th year in a row for this calendar, and also 6th year since what was then called Perl 6 was released. Raku is now faster, it’s already in production in a number of places, and it’s got a healthy ecosystem with lots of useful modules. Who would wish for more? Well, we wish for a dozen and a again (possibly) baker’s dozen of articles for everyone to enjoy.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.