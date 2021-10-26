Programming Leftovers How we overcame performance nightmares in our monolith app – IBM Developer Subscriber and Subscription Management (SSM) is the system that funnels orders for IBM SaaS offerings offered through IBM and third-party marketplaces to the appropriate endpoints. This provisions orders for the customers and manages their entire subscriber and subscription lifecycle. It handles about 2,000 requests per hour. SSM is a legacy monolith app. However, dealing with such a mission-critical application with millions of lines of code can be a nightmare. Making it more complex is the transaction handling implemented at every smallest service layer unit. To support high-end business use cases, there are dozens of composite APIs that SSM supports. These composite APIs internally make calls to the smallest-unit APIs, holding multiple DB connections for a single composite API request.

BH 1.78.0-0: New Upstream, Two New Libraries Boost is a very large and comprehensive set of (peer-reviewed) libraries for the C++ programming language, containing well over 100 individual libraries. The BH package provides a sizeable subset of header-only libraries for (easier, no linking required) use by R. It is fairly widely used: the (partial) CRAN mirror logs (aggregated from the cloud mirrors) show over 40 million package downloads.

6 Excellent Free Books to Learn Racket - LinuxLinks Racket is a general-purpose, object-oriented, multi-paradigm, functional, imperative, logic based programming language based on the Scheme dialect of Lisp. It’s designed to be a platform for programming language design and implementation. Racket is also used to refer to the family of Racket programming languages and the set of tools supporting development on and with Racket. It has a powerful cross-platform GUI library built in. Racket’s core language includes macros, modules, lexical closures, tail calls, delimited continuations, parameters (fluid variables), software contracts, green and OS threads, and more. The language also comes with primitives, such as eventspaces and custodians, which control resource management and enables the language to act like an operating system for loading and managing other programs. Racket is often used for scripting, computer science education, and research. It’s an open-source project (Apache/MIT).

Qt Creator 6.0.1 released We are happy to announce the release of Qt Creator 6.0.1!

My Favorite Warnings: syntax Warnings category syntax contains a number of sub-categories representing possibly-problematic syntax. These include ambiguous syntax, problematic bareword usage, invalid printf conversions, and more. But there are also syntax diagnostics that do not fall under any of the sub-categories. These tend to be a miscellaneous group, and a normal-sized blog post can do no more than to give a sample.

Security Leftovers Security updates for Thursday Security updates have been issued by Debian (apache-log4j2 and mediawiki), Fedora (libmysofa, libolm, and vim), Oracle (httpd), Red Hat (go-toolset:rhel8), and Ubuntu (apache-log4j2 and mumble).

U.S. State Department’s new spyware report: a big step forward Access Now, Committee to Protect Journalists, Freedom House, and Human Rights First applaud the U.S. Congress for passing legislation that directs the U.S. State Department to develop a list of spyware purveyors with whom the Department should avoid doing business because of their poor human rights records. Included in the National Defense Authorization Act, this provision could provide greater transparency on invasive surveillance technologies, such as NSO Group’s Pegasus spyware, that are used against activists and journalists. The law mandates that the State Department submit the spyware company list annually to Congress for a period of five years. This report should inform inter-agency coordination, especially to ensure that the Commerce Department continues to add human rights-violating spyware firms to the Entity List. (In November, the Department added NSO Group and Candiru to the List.) It also sends a strong message to the spyware industry and their investors that their days of operating in the shadows with impunity are over. “For over a decade, the U.S. State Department has trumpeted internet freedom and human rights online, all while U.S. companies sold powerful surveillance technologies to the enemies of those cherished ideals,” said Jennifer Brody, U.S. Advocacy Manager at Access Now. “If leveraged to its full potential, the Department’s new spyware report will help to protect at-risk activists and journalists and safeguard freedom of expression in the most repressive environments. The U.S. must finally own its role in the global trade of these cyber weapons.”

PinePhone Malware Surprises Users, Raises Questions | Hackaday [Ed: If you actively install malicious code, it will do malicious things] On December 5th, someone by the IRC nickname of [ubuntu] joined the Pine64 Discord’s #pinephone channel through an IRC bridge. In the spirit of December gift-giving traditions, they have presented their fellow PinePhone users with an offering – a “Snake” game. What [ubuntu] supposedly designed had the potential to become a stock, out-of-the-box-installed application with a small but dedicated community of fans, modders and speedrunners. Unfortunately, that would not be the alternate universe we live in, and all was not well with the package being shared along with a cheerful “hei gaiz I make snake gaem here is link www2-pinephnoe-games-com-tz replace dash with dot kthxbai” announcement. Shockingly, it was a trojan! Beneath layers of Base64 and Bashfuscator we’d encounter shell code that could be in the “example usage” section of a modern-day thesaurus entry for the word “yeet“. [...] That’s true for a lot of places – GitHub and GitLab releases, DockerHub, NPM, RubyGems, browser extension stores, PyPi, and even some supposedly safe Linux repositories, like F-droid, are vulnerable. Providing sourcecode along a malicious package adds legitimacy, and takes away incentives for skilled people to check the binary in the first place – hey, the code’s there to see already! If [ubuntu] did just that, perhaps we’d be talking about this incident a few days later and in a more somber tone. Supply-chain attacks are the new hotness in 2020 and 2021. [...] The PinePhone community has implemented some new rules, some channeling into the “automation” territory. This will possibly help a specific kind of problem to be less impactful in the future – though I’d argue that institutional memory should play a larger part in this. Beware of Greeks bearing gifts… until they learn how to work around your Discord bot’s heuristics? I already have, for instance. This is a monumental topic with roots beyond the Great PinePhone Snake Malware of 2021, and this article isn’t even about that as much as it’s about helping you understand what’s up with important aspects of Linux security, or maybe even the security of all open source software.

Pegasus vs. Predator At the time of writing, we believe that Cytrox’s CEO is Ivo Malinkovksi, as stated on his LinkedIn page. Notably, Malinkovksi’s now-private Instagram account includes a 2019 image of him in front of the Pyramids of Giza in Egypt. A 2019 report in Forbes states that Cytrox was “rescued” by Tal Dilian, a former Israel Defence Forces (IDF) Unit 81 commander, whose company WiSpear (which appears to have been renamed Passitora Ltd.) is based in Limassol, Cyprus and reportedly acquired Cytrox in 2018 according to the Atooro Fund. Dilian is also known as the founder of Circles, a prominent cellular network surveillance company. In December 2020, the Citizen Lab published an investigation into Circles’ government clients. Dilian is also the founder and CEO of Intellexa.