The in-person talks from DEF CON 29 are now live on the DEF CON YouTube Channel! Time to catch up on some mighty fine panels and unique content you had to be in Vegas to see..UNTIL NOW!
|
|
In this post, we’ll take a quick look at how malicious packages are used in software supply chain attacks, and then we’ll look at how Snyk can help in preventing them.
|
|
An application security assessment is the process of testing applications to find threats and determining the measures to put in place to defend against them.
|
|
I recently wanted to share a code-snippet with a colleague. I decided to use Gitlab Snippets for this. However the snippet was more of some hundred lines of code in a text-file which I didn’t want to simply copy-paste. Lucky for me I had python-gitlab installed, a Python library and CLI -tool to interact with Gitlab instances. # Copy the contents of an existing file (readme.md) into a new snippet with the title "title" and filename "r..
|
|
What is Azure Video Analyzer? Azure Video Analyzer for Media (also called Video Indexer) is part of Azure Applied AI services. This application is built on Azure Cognitive Services (including Computer Vision, Translator, Face, and Speech) and Azure Media Services. It lets you gather information for your videos through the use of Video Analyzer for Media audio and video models. To begin gathering insights with Video Analyzer for Media, you ....
|
|
There was a need to iterate over the hosts in an Ansible inventory-file (don’t ask). After fiddling around with grep and sed, I found an easier method: ansible-inventory --list all | jq " ._meta.hostvars| keys[]" ansible-inventory --list all lists all hosts including their variables in a nice big json response. jq " ._meta.hostvars" then filtersonly for these variables: { "host01": { "list_variable": [ "195.13.41.220", "195.13.41...
|
|
Quantile estimators based on k order statistics, Part 5: Improving trimmed Harrell-Davis quantile estimator
-
aakinshin.net
-
4 years ago
-
eng
During the last several months, I have been experimenting with different variations of the trimmed Harrell-Davis quantile estimator. My original idea of using the highest density interval based on the fixed area percentage (e.g., HDI 95% or HDI 99%) led to a set of problems with overtrimming . I tried to solve them with manually customized trimming strategy, but this approach turned out to be too inconvenient; it was too hard to come u....
|
|
Quantile estimators based on k order statistics, Part 5: Improving trimmed Harrell-Davis quantile estimator
-
aakinshin.net
-
4 years ago
-
eng
During the last several months, I have been experimenting with different variations of the trimmed Harrell-Davis quantile estimator. My original idea of using the highest density interval based on the fixed area percentage (e.g., HDI 95% or HDI 99%) led to a set of problems with overtrimming . I tried to solve them with manually customized trimming strategy, but this approach turned out to be too inconvenient; it was too hard to come u....
|
|
Repository: @knadh/indexed-cache GitHub release page: v0.1.1 Full Changelog : https://github.com/knadh/indexed-cache/compare/v0.1.0...v0.1.1
|
|
Content warning: programmer discussing text editors. I have been down a path spurred primarily by 2 events: Development of the Atom editor becoming uncertain after microsoft acquired github and thinking it likely there was no room for both VS Code and Atom, and thus Atom would be sunset My rage quitting of workflowy after staring at the damn loading spinner and general disgust/contempt for the web as a platform that takes a todo list ap....
|
|
Learn how Twilio’s Product Security manages security ownership to make sure code is secure at all stages of design and deployment.
|
|
Repository: @knadh/indexed-cache GitHub release page: v0.1.0 Full Changelog : https://github.com/knadh/indexed-cache/commits/v0.1.0
|
|
Two Fridays ago on the twentieth of August I did something on this blog I thought I would never do: I published two posts on one day.
|
|
Taking shortcuts? Leaving edge-cases unconsidered and unhandled? Is this engineering?! My approach to programming and software engineering has been shaped by years of building open source compilers and libraries , where those edge cases matter, reliability is crucial and flexibility is important. It’s been a breath of fresh air to take a step back and stop thinking about every detail, and instead write code that works for a specific se....
|
|
I have thought about this for a while now, and after collecting most of my considerations in a private chat with some other people, I realized I could as well make a blog post of this… T.: I realized that. That one mustve been one of ur longest messages so far lmao, so I was like "dudette, why don't ya write a blog post?". … fair. Anyway, our problem is that we used to be relatively certain we wanted to study computer science, however....
|
|
Table of Contents The ResourceBundleProvider Interface Resource Bundle Providers Running on the Classpath Discussion and Wrap-Up The ResourceBundle class is Java’s workhorse for managing and retrieving locale specific resources, such as error messages of internationalized applications. With the advent of the module system in Java 9, specifics around discovering and loading resource bundles have changed quite a bit, in part..
|
|
Table of Contents The ResourceBundleProvider Interface Resource Bundle Providers Running on the Classpath Discussion and Wrap-Up The ResourceBundle class is Java’s workhorse for managing and retrieving locale specific resources, such as error messages of internationalized applications. With the advent of the module system in Java 9, specifics around discovering and loading resource bundles have changed quite a bit, in part..
|
|
Docker Learning Resources for Absolute Beginners Programming With Golang
-
bartlomiejmika.com
-
4 years ago
-
eng
Recently I was working on an open-source project which I wanted to dockerize - problem is I had no idea experience. In this post I’ll list all the resources I used to learn docker .
|
|
In this post, we will be talking about version control and the best practices when it comes to Django projects.
|
|
I happened across this book by pure chance. After having ice cream in our favourite place in Milano Marittima, my wife and I visited a small street market with all kinds of booths. Of course, there was a used book stand toward which I immediately gravitated. A quick scan revealed nothing of interest, so I moved along. But Serena, who arrived at the booth moments after I left, knew more. A simple, no-frills, cardboard-covered book which carr..
|
|
Often you need to record audio on a mobile device and send it to a server for further processing. In this article, I show you how to do that with React Native and Flask.
|
|
Medium difficulty 6-8 servings 30 min prep + 2 hours cooking time Requires 1 large pot, and one skillet that can handle high heat (=cast iron or carbon steel; no teflon or ceramics, or you will ruin it and your health!) Ingredients 1 large carrot + 1 additional carrot for later 2 onions 2-3 stalks of celery 1 leek a dozen or more button mushrooms 800 grams of boneless chicken
|
|
This an expansion on a comment I left on Lettuce’s gemlog post, “Personal Experiences and Opinions on Version Control Software”. I’ve seen similar questions posed several times recently, in essence people searching for a good git provider. The thing is you don’t need a git provider. Git is a shell command, and you can host a server yourself with almost no extra work. You can even host it off a system you don’t have administrative access..
|
|
This blog post tackles the odd topic of taking a Laravel application and converting it to a Shopify app. Overview Shopify is an ecommerce platform for building hosted shopping sites. With Shopify your whole ecommerce experience exists on a shopify url (whether the domain is .shopify.com or not; Shopify is serving everything and the underlying source of data is Shopify itself). Laravel is an MVC based framework for building web applicati....
|
|
Building With CircuitPython & Constraints of Python for Microcontrollers
-
realpython.com
-
4 years ago
-
eng
Can you make a version of Python that fits within the memory constraints of a microcontroller and have it still feel like Python? That is the intention behind CircuitPython. This week on the show, we have Scott Shawcroft, who is the project lead for CircuitPython.
|
|
How to read Windows-1252 encoded files with .NETCore and .NET5+
-
nicolaiarocci.com
-
4 years ago
-
eng
Another day, another lesson learned: modern .NET does not support the Windows-1252 encoding out of the box. Today my colleague was happily porting a legacy NET4+ app to NET6. As usual, the port was super-easy; it would compile and run just fine, so he was surprised when the app crashed reading a few specific XML files. That’s when I was called in. A closer inspection revealed a pattern: all those crashing files were Windows 1252-encoded (th..
|
|
The key to solving the cybersecurity workforce gap: Enlisting the world’s 27 million developers in the fight
-
snyk.io
-
4 years ago
-
eng
At Snyk, we are passionate about helping organizations of all sizes — both in the private and public sectors — modernize their security workforce through the right approaches and tooling. Our company was founded upon the belief that the legacy security industry was broken and old methods must rapidly evolve from an IT and security-centric perspective to a developer security approach.
|
|
A question I often see asked is one along the lines of How do I motivate myself do (something) … where something may be eat healthier, go to the gym, work on some project, study hard, &c. This idea of motivation is interesting. I think it in part comes from the school system, where teachers and parents often talk about motivating the children to study, perhaps with some sort of reward system. I haven’t been able to pinpoint exactly..
|
|
I write texts for myself. If someone finds what I write worthwhile, that is great, but that is not why I write. For the longest time, I didn’t even tell anyone I had written something. I just published it on the internet and gave nobody a link. Because readers aren’t the point, and I didn’t want them to become a factor. I build software for myself, unless someone pays me to build it for them. If someone finds use in my software, that is..
|
|
Respectable heads of state rarely admit to keeping company with gangsters. But in April 1927, about 15 years after the collapse of the last imperial dynasty, Chiang Kai-shek and China were at a crossroads. Chiang had followed a murky path to leadership of the Chinese Nationalist Party, the Kuomintang. Although the Kuomintang was rivaled by an assortment of warlords who ruled the provinces as their personal fiefdoms, in Chiang’s mind the gre....
|
|
I run into a task that I needed to do in Go, given a PFX file, I needed to get a tls.X509KeyPair from that. However, Go doesn’t have support for PFX. RavenDB makes extensive use of PFX in general, so that made things hard for us. I looked into all sorts of options, but I couldn’t find any way to manage that properly. The nearest find was the pkcs12 package, but that has support for only some DER format, and cannot handle common PFX file....
|
|
uttrakhand is the best tourist destination but every one what to make fun in colourfull life so if you are here and you want to get service with local hot female service girls this is the best place and best time to make it real.
|