Programming On Linux – Greguti http://greguti.com/ Sun, 09 Jan 2022 02:26:15 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://greguti.com/wp-content/uploads/2021/05/cropped-icon-32x32.png Programming On Linux – Greguti http://greguti.com/ 32 32 Bittorrent client qBittorrent 4.4.0 released with torrent v2 support https://greguti.com/bittorrent-client-qbittorrent-4-4-0-released-with-torrent-v2-support/ Sun, 09 Jan 2022 02:26:15 +0000 https://greguti.com/bittorrent-client-qbittorrent-4-4-0-released-with-torrent-v2-support/

The developers of qBittorrent, a popular cross-platform Bittorrent client, have released qBittorrent 4.4.0 to the public.

The new version introduces support for a Qt6 version for Windows 10 and later, which promises better HiDPI compatibility according to the developers. The qBittorrent 4.4.x release branch could be the last to support Qt5, and that would also mean it would be the last branch to support Microsoft’s Windows 7 and 8 operating systems. The releases will continue at least until the summer of 2022.

Windows 10 and 11 users can choose to install Qt5 version by then or upgrade to Qt6 version at any time.

An AppImage is provided for qBittorrent under Linux. It “uses the latest versions of Qt6, libtorrent, boost, openssl” and is built on Ubuntu 20.04. The developers note that it is not well tested at this point.

Mac OS X versions are not yet available, but a release is slated for the next few days.

qBittorrent 4.4.0

The new version of the torrent client includes several new features and improvements. In addition to the additional support for Qt6, qBittorrent 4.4.0 introduces support for torrents v2 and libtorrent 2.0.x.

The Bittorrent v2 protocol improves the standard by introducing new features. Among the changes, torrents use SHA-256 hashes instead of SHA-1. The new torrent version is not backward compatible, which means that two different versions of an offer are created when version 1 and version 2 torrent files are downloaded or created. The possibility of creating hybrid torrents is however provided.

Another option introduced is the ability to download files from multiple torrents reliably through single file hashes.

The introduction of v2 torrent support ensures that qBittorrent users will not experience any issues while downloading these new torrent versions.

QBittorrent 4.4.0 includes a new option to set the temporary folder by torrent or category, and an option to ignore hash checks for watched folders. Another folder-specific improvement is support for folder-based user interface themes.

Existing installations can be upgraded to the new version as usual. Interested users will find the full changelog, listing all new features, improvements, and bug fixes here.

Closing words

Support for Windows 7 and 8 will expire later this year when qBittorrent 4.4.x reaches end of life. Users of these systems can use older versions, but they will no longer receive feature updates, bug fixes, or security fixes once development has moved to a new version.

Now you: do you use torrent clients? If so, which one and why this one?

Summary

Bittorrent client qBittorrent 4.4.0 released with torrent v2 support

Article name

Bittorrent client qBittorrent 4.4.0 released with torrent v2 support

The description

The developers of qBittorrent, a popular cross-platform Bittorrent client, have released qBittorrent 4.4.0 to the public.

Author

Martin brinkmann

Editor

Ghacks Technology News

Logo

Advertising

]]>
Top cloud computing jobs currently available in January 2022 https://greguti.com/top-cloud-computing-jobs-currently-available-in-january-2022/ Fri, 07 Jan 2022 09:26:38 +0000 https://greguti.com/top-cloud-computing-jobs-currently-available-in-january-2022/

by Sayantani Sanyal
January 7, 2022

cloud computing has become one of the most integral parts of business operations

The emergence of cloud computing has revolutionized the way we think about computing for all these years. With the increasing adoption of digital infrastructure in modern businesses, the use of cloud technology has become integral. Currently, there are several tech aspirants in the industry who are ready to try their hand at a career in cloud computing. Cloud computing jobs range from architects to developers and data scientists. To become a successful professional in this field, aspirants must have a more in-depth understanding of the fundamentals of cloud technology, as well as a variety of programming, DevOps, and database skills. In this article, we’ve listed the best cloud computing jobs that aspirants can apply for in January 2022.

Chief Software Engineer – Cloud Computing

Offered by: Kyndryl

Site: Bangalore, India

Responsibilities:

  • Drive the architecture, design, development, deployment and delivery of new product features
  • Own and drive product evolution from product architecture design
  • Maintain effective communication with other Customer Support, SQA and Engineering teams to move class-based recovery planning and automation products towards customer service profitability.

Required Skills :

  • Over 12 years of hands-on experience in the architecture or design of quality software products
  • Strong experience in cloud automation, virtualization based solutions, orchestration
  • Experience in product development using backup or storage replication technologies
  • Understanding of the disaster recovery industry
  • Experience with Red Hat Enterprise Linux.

Qualification:

  • Bachelor’s degree in IT, computer science or a related field
  • Master’s degree in computer science, computer science or a related field
  • E, B.Tech or MCA diploma from any reputable institute.

Cloud Computing Expert

Offered by: EducazionePvt. Ltd.

Site: Calcutta, India (remote)

Responsibilities:

The company is looking for a candidate who is a masterpiece in CS, IT or EC, and who has the strength to work as a cloud administrator.

Required skills:

  • AWS or other managed services
  • Serverless computing
  • Docker and containers
  • DevOps on AWS or any other
  • Good knowledge of Windows server, Linux server upgrade installation, configuration and administration on Linux and Windows environments.

Qualifications:

This is a full-time home-based job opportunity for candidates qualified in CS, IT or EC, or any other equivalent field.

Cloud Systems Engineer

Offered by: Base Brix

Site: Bangalore, India (remote)

Responsibilities:

  • Operation and maintenance of large-scale cloud infrastructure and servers in global data centers
  • Work on various Linux server projects alongside multiple departments
  • Migration of customer on-premises servers to the cloud via replication or data backups
  • Proactive monitoring of supported cloud instances.

Required Skills :

  • Strong experience with Linux and virtualization
  • Familiarity with virtualization technologies
  • Comfortable working in a fast paced work environment
  • Cloud computing experience in AWS, Azure, GCP and cloud experience in Rackspace, IBM Cloud, etc.
  • Experience with Cisco iOS, NX-OS or Juniper Junos
  • Excellent verbal and communication skills
  • Experience migrating to the cloud using Veeam, Acronis or similar software.

Google Cloud Platform Administration – Cloud Computing

Offered by: Huptech Consulting Services

Site: Bangalore, India

Responsibilities:

  • Provide detailed assessments of existing solutions and infrastructure to migrate to the cloud
  • Provide a migration strategy based on detailed analysis and implement application and data migration activities
  • Implement high-performance hosting solutions that meet the needs of today’s enterprise and digital applications in private and cloud technologies
  • Transform and migrate legacy infrastructure to drive next-generation business results.

Required Skills :

  • Minimum 6-8 IT experience supporting UNIX servers in a critical Sysops environment or AWS Certified Solution Architect
  • Excellent communication skills and must be a team player
  • Must be able to support IT infrastructure and be part of the Linux administration on-call rotation in Ubuntu, Redhat and others.
  • Expertise in executing public cloud solutions in public and hybrid cloud configuration management of cloud migration projects.

Qualifications

  • BCA, B.Sc., B.Tech or BE in any specialization
  • Post-graduation is any field relevant to the industry.

Associated with cloud support

Offered by: AISPL

Site: Hyderabad, India

Responsibilities:

  • Apply advanced troubleshooting techniques to provide unique solutions to individual customer needs
  • Animate the customer relationship during critical events
  • Lead with leading technologists around the world and resolve customer issues
  • Basic knowledge of networking and databases
  • High exposure to cloud computing.

Required Skills :

  • At least one year of experience in Linux, Windows Systems Administrator, Database Design, Big Data Analysis, DevOps or related fields
  • Programming and scripting experience
  • Excellent oral and written skills

Qualifications

  • Bachelor of Engineering or MCA
  • If he is a motivated person who is also enthusiastic about learning more about the technology.

Faculty of Cloud Computing

Offered by: Sharadha Skills Academy

Site: Coimbatore, India

Responsibilities:

  • Applicants will be responsible for communicating with potential learners, giving lectures and ensuring a smooth learning process
  • Must be comfortable delivering prerecorded live virtual conferences at home and keep students engaged

Required Skills

  • Excellent knowledge of cloud and DevOps
  • Familiarity with video recording, playback and downloading libraries
  • Good knowledge of Kubernetes and Docker
  • Good design aesthetics are a must.

Share this article

Share

About the Author

More info about the author

]]>
Charles Hoskinson reveals more ambitious plans for Cardano in 2022 https://greguti.com/charles-hoskinson-reveals-more-ambitious-plans-for-cardano-in-2022/ Wed, 05 Jan 2022 02:25:00 +0000 https://greguti.com/charles-hoskinson-reveals-more-ambitious-plans-for-cardano-in-2022/

Cardano has big plans for 2022, according to the roadmap established by its CEO, Charles Hoskinson, in a educational vlog on Twitter.

Cardano has big plans for this year

According to him, the main goal of blockchain this year is to improve the capabilities of smart contracts on Cardano. After upgrading from Alonzo last year, blockchain has become capable of supporting smart contracts, but Hoskinson believes it can do better.

This will be possible with an extended UTXO model, which will position Cardano midway between EVM and Bitcoin smart contracts.

Hoskinson explained the difference between Bitcoin smart contracts and Ethereum smart contracts in the educational vlog, stating that Bitcoin and EVM are very far apart.

With eUTXO, Cardano intends to create smart contract capabilities that eliminate unnecessary EVM functionality for Challenge and decentralized applications. By doing this, Cardano’s smart contract model will be a basic functional model.

This plan is in line with past developments on Cardano which has most of its coding for the blockchain in Haskell. Haskell is a programming language chosen by its parent company, Input-Output Global, which prefers to use functional languages ​​because they are more resistant to human error and ambiguity and can be easily verified mathematically.

Hoskinson mentioned that the eUTXO deployment “must be done by October” and that the process will take place in three hard forks scheduled for February, June and October. The company already has 100 engineers working on the project.

With the scientific part of the project already done according to Hoskinson, only the coding remains and the company is working with 15 outside companies to provide the code.

Cardano sees Africa in expansion plans

In other YouTube video streaming on Christmas Eve, Hoskinson spoke of Cardano’s success, saying the network “has reached about two million people.” He further mentioned that part of his plan for 2022 is to have a “formal open source project structure that is going to be formed, much like Hyperledger to Linux.”

Additionally, he discussed blockchain plans for African countries stating that “My goal for the second half of 2022 is to figure out how to put all the pieces together to get an end-to-end microfinance transaction on Cardano so that a real person in Kenya or somewhere with blockchain based identity and credit score, stablecoin on the other side, Cardano is the settlement rail.

]]>
Huawei OpenHarmony 3.1 Beta released with new system capabilities https://greguti.com/huawei-openharmony-3-1-beta-released-with-new-system-capabilities/ Sun, 02 Jan 2022 13:21:07 +0000 https://greguti.com/huawei-openharmony-3-1-beta-released-with-new-system-capabilities/

The OpenAtom foundation has released OpenHarmony 3.1 beta for the open source community. The OpenHarmony 3.1 beta will further pave the way for Huawei HarmonyOS operating system developers and industry partners to develop new applications that run on the latest changes and performance enhancements made by contributors.

In October, Huawei introduced OpenHarmony 3.0, which is a new version, and improvements have been made to OpenHarmony 2.2 Beta 2. Then this new beta is based on OpenHarmony 3.0 LTS and brings a bunch of new changes:

Improved core capabilities of the standard operating system:

Kernel improves CMA usage characteristics, graphics support RenderService back-end rendering engine, short distance communication supports STA (Station) and SoftAP core functionality, supports interface geomagnetic field algorithm and improves the capability of sensor drive models.

Support for querying and subscribing app account information, global feature support, compilation and build support, unified build model, front-end compilation toolchain for Windows / macOS / Linux when compiling and running, preview JS runtime support, new support for JSON processing, 6 JS third-party libraries including Eventbus, Vcard, Protobuf, RxJS, LibphoneNumber, new time and time zone handling and DFX support HiSysEvent components to provide request and subscription interfaces.

Improved distributed capacities:

including new support for distributed DeviceProfile features, support for distributed data management for synchronization and subscription between devices, support for distributed software bus for network switching networking, Distributed file system support for Statfs API capabilities etc.

The capabilities of the standard system application framework are improved: new ArkUI custom drawing capabilities and Lottie animation capabilities, new package management, hidden request and installation of multi-happy packages, rights management to support notifications from ‘events, notification vibration settings, notification sound settings and requests, do not disturb notifications, session notifications, etc.

OpenHarmony 3.1.  Beta

Better application capabilities:

input method apps support text input and horizontal screen display, SMS app information management, contact app call records and keyboard display of dialing, application setup and other setup items.

Lightweight system capacity:

Lightweight HiStreamer supports customizable media pipeline framework, Linux init version supports hot swap, kernel boot optimization and operating system light driver, support bootability fast.

OpenHarmony:

OpenHarmony is an open source project of the HarmonyOS operating system developed by Huawei and donated to the OpenAtom Foundation. The goal is to create a framework and platform for a smart terminal operating system and promote prosperity for a full story, fully connected and fully intelligent era.

]]>
Go, Rust, GitHub Lead 2021 Stories – The New Stack https://greguti.com/go-rust-github-lead-2021-stories-the-new-stack/ Sat, 01 Jan 2022 14:06:36 +0000 https://greguti.com/go-rust-github-lead-2021-stories-the-new-stack/

Well, well, well, here we are, we arrived in the last days of 2021 with nasal swabs sticking out of our noses, Zoom’s fatigue having turned into something more Zoom-existential-like- dread, and hopefully a method or two in place to prevent the eternal end roll that we’ve perfected in 2020. We made big plans, changed big plans, reflected on how exhausted we really were. , then we were told later that, don’t worry, we were back to pre-pandemic productivity levels.

It’s been a year, hasn’t it?

Each week I sit down and select what I think is the most interesting, important and interesting news, as well as topics that seem to be at the end of all languages, in the world of software development. (and its fields) and compile them in the This week column in this week’s programming. While the topics can vary greatly from week to week, some stories stick with us and are visited over and over again.

All of this to say that there have been, in my humble opinion, a few landmark stories from the past year, and I’m here to present them to you in no particular order – a brief recap and certainly not exhaustive, if you will, of some of the great stories of the past year in programming.

A decade (or more) later, Go gets generics

As we wrote in the very first weeks of 2021, the time has finally come for the Gophers to rejoice, “because the question of whether or not the Go programming language will adopt generics has finally, after many years of debate, been answered this week with the acceptance of a proposal made last month. In fact, the issue of generics has agitated the Golang community for so long that it was the very first topic we broached in this same column, and the same arguments about adding generics have been made long before and since. .

In the most recent proposal made earlier this year, Golang team member Ian Lance Taylor noted that credits have, in fact, been “one of the most requested language features” since release. language in 2009. To say that generics have been a constant subject of discussion and debate would be an understatement, and even Taylor recounted the troubled history of functionality in his latest proposal, writing that “One of the first attempts ( defective) of adding generics to Go dates back to 2010 “.

This most recent proposal, however, addressed enough issues to be accepted, and the December 2021 release of Go 1.18 Beta 1 was the first to offer access to the long-awaited feature.

As we noted in October, however, the Go team decided to put the brakes on generics a bit and not bring the feature directly into the main library. Instead, the proposed Rob pike, one of the original designers of Go, was to move the changes to the golang / x / exp repository for now, where they “can be tested in production, but can be changed, adapted, and developed for a cycle or two,” letting the whole community test them. According to a comment from Taylor, “The only public package that uses type parameters in 1.18 will be the constraint package.”

Nonetheless, the generics are indeed finally available, and there are a lot of people out there kicking the tires out and looking at when you might already want to use the new feature.

Of course, that’s not the only thing that happened in the Go realm this year – the project also quickly accepted the proposal to add fuzz to Go’s standard library, which was later released in beta in the Go development branch, dev.fuzz, in Go 1.17 – but credits were definitely the defining achievement for Go in 2021.

Rust is there to secure all the memory

2021 has been a big year for Rust, we would say.

In recent years, many headlines have been written about the difficulty of learning the language and the issues with its lack of tools, but 2021 has been more about the many advancements and developments in the popular language of open source systems.

In 2021, Rust becomes more and more synonymous with memory security and is also seen as the smart replacement for C and C ++, as well as new security-related applications. To quote a recent interview about choosing Rust, “If you want to go secure on this layer today, Rust is the language to use.” That’s it. […] If you start from scratch, which we did, you start with Rust.

But the proof is in the pudding, as they say, and it can be seen with a few important Rust adoption cases that really show the language’s maturity in the programming language landscape. For example, in 2021 Rust made serious forays into Windows and Linux.

In April, we wrote that Microsoft was going Rusty, noting the company’s new Getting Started with Rust course with the first Rust preview for Windows, which allows developers to “use any Windows API. (past, present and future) directly and transparently via the Windows checkout. Microsoft previously touted Rust as the industry’s “best chance” when it comes to secure systems programming, discussing its intention to slowly move from C / C ++ to Rust to build its infrastructure software, and this year they have started doing it.

As for Linux, the idea of ​​the Linux kernel getting support in the tree was rather nascent in mid-2020, but by April 2021 it seemed increasingly likely that Rust was heading into the development branch. of the Linux kernel, and in December it was declared that Rust’s support was “pretty good”. Although support is “still considered experimental,” the maintainer of the Rust for Linux project, Miguel Ojeda, wrote that “the support is good enough that kernel developers can start working on Rust abstractions. for subsystems and write drivers and other modules “.

And, if you need further proof that Rust is good at this sort of thing, look no further than Amazon Web Services’ efforts with Bottlerocket, a Linux distribution for containers that is largely written in Rust.

GitHub uses all this training data (your code)

There is probably no company that we mention more in our weekly column This Week in Programming than GitHub, and this year was no exception.

One particular GitHub story, however, really stood out: the controversy surrounding GitHub Copilot, its perception of copyright infringement, and open source licensing considerations.

When GitHub first introduced Copilot in June, they revealed that it was built using the OpenAI codex and “trained over billions of lines of public code,” which many assumed included code. under the GPL virus license. The GPL license requires all derivative works to carry that same license, and accusations immediately surfaced that, at the very least, GitHub Copilot was in violation of copyright.

Unlike Intellisense, Copilot doesn’t just complete a single line of code, but rather suggests entire blocks of code, and it didn’t take long for the tool to be spotted spitting out entire chunks of code. easily identifiable. It’s not as if GitHub hasn’t thought about it, however, and GitHub CEO Nat Friedman has argued that the code most often suggested by Copilot has been transformed and is free to use, as reported. in an OpenAI article. Not only that, but, as a blog post pointed out, GitHub’s Terms of Service likely covered their use of any code they hosted to train the model. Another article argued that the easy way out of this conundrum would be for Copilot to simply offer attribution when it spits out text code.

On the other end of the spectrum, some have called on the Electronic Frontier Foundation (EFF) and the Free Software Foundation (FSF) to file class actions, and the FSF has called for papers, saying that Copilot ” as it stands is unacceptable and unfair. So far, however, no papers have been published, no actual lawsuits filed to our knowledge, or any real legal tests put to the test of GitHub’s “AI pair programmer”.

On the contrary, at least one report indicates that GitHub has seen a slight increase in the number of Copilot users, and the tool has extended its reach to IntelliJ and PyCharm versions of JetBrains 2021.2 and higher and Neovim 0.6 pre-release with Node. js, as well as the inclusion of support for multiline code completions for Java, C, C ++, and C #. And for those of you who find yourself with a bad taste in your mouth about it all, but puzzled nonetheless, there are still the many open source GitHub Copilot alternatives that you could give a whirlwind.

Overall, GitHub Copilot is just one (somewhat controversial) example of the various features that GitHub has offered since its acquisition by Microsoft – and more than 2021 – that appear to consolidate Microsoft ownership over many lifecycles of developers.

]]>
Amazing things happen when IT and business managers work together. Here is the data to prove it https://greguti.com/amazing-things-happen-when-it-and-business-managers-work-together-here-is-the-data-to-prove-it/ Thu, 30 Dec 2021 19:04:00 +0000 https://greguti.com/amazing-things-happen-when-it-and-business-managers-work-together-here-is-the-data-to-prove-it/

Over the past two years, businesses of all types and sizes have relied on their IT teams not only to help them overcome the challenges of COVID, but also to give them hope for a better future. . It means now.

Wonderful things are happening. Businesses appreciate the power of IT. This is now evident through a report released by PwC, which shows positive correlations when IT and business professionals put their heads together.

PwC survey, based on responses from 1,040 business leaders and 210 IT managers, finds “digital IQ leaders” more likely to invest in cloud technologies, including enterprise applications , infrastructure and development platforms. These digital IQ leaders represent about one-fifth of all technical executives surveyed; PwC defines them as leaders “who agree with their peers. ”

“[Digital IQ leaders] has also invested significantly in process automation, putting the tools in the hands of employees to get things done faster, leaving more time to spend on value-driven and information-driven work, ”reports Jenny Koehler, PwC partner and author of the report.

Cloud investments
Leaders in digital IQ 65%
All other 33%
Adopt new technologies for internal use
Digital IQ leaders 40%
All other 25%
Back-office process
Digital IQ leaders 40%
All other 33%
Front-office process
Digital IQ leaders 28%
All other 19%

Source: PwC

These investments have paid off, as the PwC survey shows. Digital IQ leaders are more likely to see improved financial performance, as well as greater innovation and productivity.

Revenue growth of over 5% over the past three years
Digital IQ leaders 35%
All other 27%
Time devoted to innovation
Digital IQ leaders 68%
All other 54%
Employee productivity
Digital IQ leaders 77%
All other 57%
Create better customer experiences
Digital IQ leaders 79%
All other 64%
Improve business continuity
Digital IQ leaders 67%
All other 53%

Source: PwC

Another way that IT managers can step in is by helping their organizations adopt a platform strategy, which unlocks value creation beyond the walls of the company. In the digital world of the 2020s, more value comes from outside the business – from partners – made possible by the right technology framework, write Marshall W. Van Alstyne and Geoffrey G. Parker in Harvard Business Review.

This emerging model, which the co-authors call a “reverse business,” relies on a platform strategy. It means “providing the tools and the market to help partners grow. In contrast, incumbents typically use digital transformation to improve the efficiency of their current operations.”

How can this be resolved? “Digital investments must prepare the business to partner with users, developers and marketers, at scale, with a focus on value creation, which is the foundation for business reversal. . “

Van Alstyne and Parker cite a study of 179 companies which confirms the effectiveness of this inverted model. Companies that have used application programming interfaces (APIs) to open up services to external partners or customers “have grown an average of 38% over 16 years.”

“As an interface technology, APIs allow companies to modularize their systems for easy replacement and upgrades,” Van Alstyne and Parker explain. “APIs also serve as an ‘authorization’ technology that grants outsiders carefully measured access to internal resources. These functions not only allow a business to quickly reconfigure systems in response to problems and opportunities, but also allow outsiders to rely on the company’s digital real estate. . ”

Moving forward into the digitally driven 2020s means executives, managers and IT professionals will take on clear leadership roles within their companies. Their business leaders expect no less.

Based on the results of these surveys, which reflect the gains that IT teams can bring, industry analysts make the following recommendations:

Engage the whole company well beyond IT

“Tech leaders should proactively engage their peers,” urges PwC’s Koehler. Call on “financial, operational, risk and tax managers.” Engage with security and risk managers early on so that security, compliance and governance are built into the fabric of your cloud transformation, building trust with your customers ”.

Take advantage of the network effect

“Among reverse businesses, the network effects that arise when partners create value for each other are a major source of growth in intangibles,” Van Alstyne and Parker say. “Adding the ability to coordinate the creation and exchange of value – user-to-user, partner-to-partner, and partner-to-user – is one way traditional businesses are transforming. It also provides the means to evolve. Turning atoms into bits improves margins and range. . Transforming from the inside out magnifies ideas and resources. ”

Build a new story of value as cloud adoption accelerates

“Align the cloud promise with stakeholders in your business who reflect the industry you operate in and where you are on your journey,” says Koehler. “It requires making specific choices about how the cloud will help differentiate the business: what digital and technological capabilities you’ll develop, the customer issues you’ll solve, and the role your business plays in the industry or industry. other ecosystems. “

]]>
Log4j deadly hole expands victims’ vulnerability https://greguti.com/log4j-deadly-hole-expands-victims-vulnerability/ Tue, 28 Dec 2021 20:12:00 +0000 https://greguti.com/log4j-deadly-hole-expands-victims-vulnerability/

Watch out for the Log4j vulnerability! This nasty software bug is freaking out much of the IT world as it follows us into the New Year.

Undoubtedly, many organizations and SMEs without IT staff have no idea of ​​its existence. But ignoring Log4j only makes them more vulnerable to attack. They remain helpless.

Log4j is a very common section of code that helps software applications keep track of their past activities. Code writers are building on this recurring code rather than reinventing the software wheel by creating more logging or record-keeping programs to duplicate the same functions.

Earlier this month, cybersecurity experts discovered that by asking Log4j to log a line of malicious code, Log4j executes that code in the process. This allows bad actors to gain access to the control servers that are running Log4j.

This revelation put almost every major software company in crisis mode. They researched their products to see if the Log4j vulnerability affected them and if so, how could they fill the gap.

This vulnerability is a huge deal. Log4j has been around for almost a decade, noted Theresa Payton, former White House chief information officer and CEO of cybersecurity consulting firm Fortalice Solutions.

“Think of it as your library of everything that can be saved. We tell organizations [to] record everything [as] you may need it later for forensic medicine. Log4J is therefore often used by Java developers when they want to record that a person has logged in and can even use it to track access to applications, ”Payton told TechNewsWorld.

Many companies may not even know if they have used Log4j, making it even more difficult to know the extent of the problem. In order for them to find out, they would need a software engineer to browse the different systems to research usage and then look at the versions, she added.

“It can take a long time,” Payton noted, “and time is something you don’t have when you’re racing against time against bad actors looking to exploit these vulnerabilities.”

Backdoor for pirates

Think of a door lock used in a variety of security hardware installations in millions of places around the world. Some door locks have the same partial failure in a small pinion that allows almost any key to open the lock.

Changing your own lock is an easy fix if you are aware of the potential failure and have the tools to do the replacement job. To do this all over the world is an insurmountable task. This concept is what makes the Log4j debacle so threatening.

Log4j has been part of the Java programming language that has been used in writing software since the mid-1990s. The software running Log4j code drives business and consumer applications everywhere.

Cloud storage companies that provide the digital backbone for millions of other applications are also affected. Major vendors of software programs used in millions of devices are also involved.

Typically, when a security vulnerability is detected, the Information Security Officer (CISO) leads the load of updating and patching systems or implementing manual mitigation measures, a explained Payton. Log4j is more insidious and hidden and is not entirely under the control of the RSSI.

“Hunting and finding this vulnerability requires everyone who is a programmer. Where is development happening nowadays, everywhere! Developers can be internal staff, outsourced development, offshore development, and third-party vendors, ”she observed.

All of this represents an inexhaustible attack opportunity for hackers. Of course, not everyone will be hacked, at least not immediately. The big key question is whether your equipment is cluttered with the problematic code. Just finding out puts IT departments and software engineers in overload.

“The implications of exploiting this vulnerability are the subject of my nightmares. An unethical hacker with knowledge and access could use this vulnerability and target servers using this logging capability with remote code execution on the servers, ”Payton warned.

Expansion of attack vectors

Hackers are now fully aware of the Log4j vulnerability. Cyber ​​security hunters see many instances of bad guys expanding what they can do with their attacks.

The Blumira research team recently discovered an alternative attack vector in the Log4j vulnerability that relies on a basic JavaScript WebSocket connection to trigger the remote code execution (RCE) vulnerability locally via a drive-compromise. by. This discovery worsens the situation of vulnerability.

One of the first assumptions made by cybersecurity experts was that Log4j’s impact was limited to vulnerable exposed servers. This recently discovered attack vector means that anyone with a vulnerable version of Log4j can be exploited through the path of a listening server on their machine or local network by browsing a website and triggering the vulnerability.

WebSockets have been used in the past to analyze ports on internal systems, but this represents one of the first remote code execution exploits relayed by WebSockets, proposed Jake Williams, co-founder and CTO of the response company. BreachQuest incidents.

“That shouldn’t change anyone’s stance on vulnerability management, however. Organizations should strive to patch quickly and mitigate by preventing outbound connections from potentially vulnerable services where patching is not an option, ”he told TechNewsWorld.

While important, the attackers are likely to favor the remote exploit over the local exploit, added John Bambenek, senior threat hunter at Netenrich, an IT operations and digital security company. That being said, this news means that relying on the WAF or other network defenses is no longer effective mitigation.

“The fix remains the most important step an organization can take,” he told TechNewsWorld.

Log4Shell vulnerability

The Log4j vulnerability, dubbed Log4Shell, already provides a relatively easy exploitation path for threat actors, the Blumira report noted. It does not require authentication to take full control of the web servers.

Using this vulnerability, attackers can call external Java libraries via $ {jdni: ldap: // and $ {jndi: ldaps: // and drop shells to deploy the RCE attack without additional effort. This new attack vector extends Log4j’s attack surface even further and can impact services running even as a local host that have not been exposed to any network, according to Blumira.

“When the Log4j vulnerability was released, it quickly became apparent that it could potentially become a bigger issue. This attack vector opens up a variety of potential malicious use cases, ranging from malicious advertising to creating water holes for drive-by attacks, ”said Matthew Warner, CTO and co-founder of Blumira.

“Bringing this information to light ensures that organizations have the ability to act quickly and protect themselves against malicious threats,” he added.

Log4j linked to Dridex, Meterpreter

The offshoot of the Log4j Log4Shell vulnerability is another infection path that researchers recently discovered by installing the notorious Dridex or Meterpreter banking trojan on vulnerable devices, according to a report from Bleeping Computer.

The Dridex malware is a banking Trojan originally developed to steal online banking credentials. It has become a loader that downloads various mods to perform tasks like installing additional payloads, streaming to other devices, and taking screenshots.

Primarily used to run Windows commands, if Dridex lands on a non-Windows machine, it downloads and runs a Python for Linux / Unix script instead to install Meterpreter.

Meterpreter, a Metasploit attack payload, is deployed using an in-memory DLL injection that resides in memory and does not write anything to disk. It provides an interactive shell that an attacker uses to explore the target machine and execute code.

Jen Easterly, US director of the Cybersecurity and Infrastructure Security Agency, said in recent media presentations that the Log4j vulnerability is the most severe vulnerability she has seen in her decades of career. Cyber ​​security experts warn that the Log4j vulnerability is the biggest software flaw ever in terms of the number of services, sites and devices exposed.

]]>
Install Python 3.x or 2.7 on Debian 11 Bullseye Linux https://greguti.com/install-python-3-x-or-2-7-on-debian-11-bullseye-linux/ Mon, 27 Dec 2021 09:13:19 +0000 https://greguti.com/install-python-3-x-or-2-7-on-debian-11-bullseye-linux/

Learn the commands to install Python 3.x and Python 2.7 on Debian 11 Bullseye or 10 Buster using a terminal and also set the default version.

Python is a free and open source programming language for a wide variety of software projects. This programming language comes with a clear syntax and good readability. It is considered easy to learn and can be interpreted in popular operating systems.

In addition, Python offers good scalability and can be used for complex software projects. Due to the expressive and minimalist syntax, applications can be implemented with just a few lines of code and less chance of programming errors. To ensure simplicity and clarity, Python gets along with very few keywords and uses indentations as structuring elements.

The platform independent programming language Python works on Windows, Linux / Unix, Mac OS X, and more… There are also integrations in Java and virtual machines. REPORT.

Ee Python programming language offers a number of advantages. The most important advantages are briefly summarized below:

  • simple syntax
  • easy to learn due to the small number of keywords and the clear structure
  • no variable declaration is necessary
  • little prone to errors
  • fewer lines of code compared to many other programming languages
  • easy to read and maintain code
  • Support for various programming paradigms
  • good extensibility thanks to a large collection of complementary Python packages
  • good scalability
  • extensive standard library available
  • suitable for complex tasks and almost any application problem
  • usable for common operating systems
  • available for free

Installing Python 3 or 2 on Debian 11 Bullseye Linux

1. Run the system update

We need to run the system update command before installing any package on the Linux system. This rebuilds the system repository cache and helps it recognize the latest versions of packages available for installation.

sudo apt update

2. Install Python 3.9 on Debian 11 or 10

Although if you are using the Debian 11 or 10 Desktop Full-DVD GUI, Python 3.x will already be present on your system. However, minimum Debian system users can opt for the command given below.

sudo apt install python3 python3-pip

3. To install Python 2.7 & Pip on Debian 11 (optional)

If you also want Python 2 on your Debian, run the given command:

sudo apt install python

To install Python 2.7 pip, use the following:

sudo apt install curl
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py

sudo python2 get-pip.py

pip2 --version
or
pip --version

3. Check the installed versions

Once the installation is complete, you can check which versions are installed exactly for Python 3 and 2 using the command below:

python3.9 --version
python2 --version
pip --version

4. Set the default Python version to 3

If you have both Python 3 and 2 installed on your Debian 11 or 10 system, the default version will be set to Python 2, so you can change it to Python 2 if you want.

Check the versions of python available on your system:

ls /usr/bin/python*

To set the desired version as the default, use the commands below:

Edit the Bash profile:

nano ~/.bash_profile

Add the following line. You can change the version, with another available, if you wish.

alias python='/usr/bin/python3.9'

Here we set 3.9 as default.

Now log out and log back in or just source the bash file:

source ~/.bash_profile

Finally, check the default version:

python --version

Remove or uninstall Pip & python 2 or 3 from Debian 11

For version 2: sudo python -m pip uninstall pip

For version 3: sudo apt autoremove python3-pip --purge

To remove python:

sudo apt autoremove python --purge
sudo apt autoremove python3 --purge

]]>
Which Linux distribution should you choose? https://greguti.com/which-linux-distribution-should-you-choose/ Sat, 25 Dec 2021 16:30:00 +0000 https://greguti.com/which-linux-distribution-should-you-choose/

Open source Linux distributions are still fighting for the top spot. Nonetheless, a discussion is ongoing about the clear winner, given that some of the best distros aim to reach the heights of success in the world of open source distros.

Various surveys have ranked Arch Linux and Ubuntu as two of the best distros for getting the job done. Nonetheless, it is not fair to assume why engineers and coders differ in their views on these two distributions.

To assimilate the options available, it’s best to dig deeper and see what makes these distros the best in their areas.


1. Origins and output models

Arch Linux

Arch Linux was released in March 2002 by Judd Vinet. He developed only the source code for Arch Linux and has released and updated the distribution with community input over the years.

Arch does not borrow any source code from its predecessors, unlike other contemporary and lightweight distributions.

Arch Linux provides users with regular updates in the form of progressive releases. Therefore, this distro has matured on top of the same source code repository, while still supporting contemporary versions of apps, drivers, etc.

Users can continuously update the kernel to take advantage of LTS or the latest versions while avoiding challenges.

Ubuntu

Canonical Ltd. developed Ubuntu in 2004. Drawing its roots from Debian, Ubuntu was one of the first Linux distributions; despite decades under its belt, it continues to be one of the main competitors in the market.

VIDEO OF THE DAY MAKEUSE

The distribution introduced modular installations by allowing users to customize components when installing the operating system.

Ubuntu operates on a one-time release model, which occurs in the form of semi-annual discrete updates. These updates continuously improve the performance, compatibility, and functionality of Ubuntu.

Ubuntu customizations allow users to choose kernels, desktop environments, third-party applications, and more.

2. Package management

Arch Linux

Arch Linux is a streaming distribution that uses the Pacman package manager in the best possible way.

Pacman’s reliable and simple build system makes it easy to install and manage packages. This is true for all third-party packages and not just packages from the official Arch repository.

The Arch master server service synchronizes the package lists correctly because you can access the dependencies of each package by default.

Arch only supports CLI-based package installations; the development team unfortunately does not offer any graphical alternative.

Ubuntu

Ubuntu offers great benefits through its Advanced Package Tool (APT), paving the way for ease of use and seamless installation procedures.

Today, the Package Manager offers more than 1,48,000 repositories and third-party packages for a variety of uses. Separate versions can be expected for the amd64 and i386 processor versions.

Users do not need to remember the names of the packages, as APT can filter packages through keyword searches to make the search process easier.


The Ubuntu repository primarily supports open source compatible software. A few paid software applications, supported by internal developers, are available for running on Linux systems.

3. Third party packages

Arch Linux

As a user, you can download packages using Pacman by typing the following command in a terminal:

sudo pacman -S package

Users who are not familiar with these commands can resort to AUR to benefit from the packages available in the official Arch repository.

The Arch User Repository or AUR helps users swim in the ever-expanding ocean of third-party software packages.

You can extend the list of packages on your system using AUR, as Arch Linux supports them individually. You can count on AUR’s long list of options, even when using other Arch-based distros including Artix and Manjaro.


Ubuntu

On Ubuntu, users can directly download and install packages using APT.

sudo apt-get install packagename

You can also manually download third-party packages from the Snap Store. Ubuntu’s Snap Store hosts packages like any other premium platform store. The developer takes care of the categorization of the packages to speed up the direct installation.

Related: Best Ubuntu-Based Linux Distributions Ever

4. Software updates

Arch Linux

Arch Linux requires you to manually update obsolete packages to their latest repository versions. Use the command below to update the packages on Arch:

sudo pacman -Syu

In addition to the official Arch repository, AUR is a larger and more reliable library for installing third-party software. You can download and install packages from AUR using an AUR wizard like Yay.


Ubuntu

The GUI Software Manager application on Ubuntu recently streamlined application management. The latest versions and detailed lists of compatible software tested by developers are available in recent versions.

However, all versions released after 20.0.4 use the Snap Store as the default source for software versions and package updates. The default options are enabled as PPA and DEB packages; However, these usually create dependency and security issues with their direct root privileges.

The Snap Store bypasses this with dependency checks and commits installations and updates to the following location:

/snap/bin/

5. Performance, UX and support

Arch Linux

Arch is extremely popular among developers and multimedia professionals. Its stable performance in all supported desktop environments paves the way for stability and sustained use.


The AUR gives you access to a multitude of tools to assess processing speed, internet performance, hard drive management, and more.

Although Arch does not come with a desktop environment out of the box, you have the choice of installing any desktop or window manager on your system. Arch’s desktop has a neat but largely customizable theme, especially if you choose KDE Plasma.

Rest assured, the distro enjoys constant support from the developers and the community, just like Ubuntu.

Ubuntu

Ubuntu continued to deliver a stable performance routine in 20.0.4 and beyond.

The distribution delivers smooth performance for multimedia processing with advanced computer gaming capabilities. Its advanced fractional scaling, tri-color scheme, and customizable docking station provide users with a user interface reminiscent of Mac systems. The difference is only noticeable for those familiar with a macOS-style UX.


Improvements are updated whenever new updates to Ubuntu LTS are released. However, LTS prevents users from using the latest software features after installation.

Related: The Best Arch-Based Linux Distributions

Arch Linux vs Ubuntu: which one is better?

Indeed, Linux is responsible for empowering home computing, as well as advanced real-time enterprise-level systems. The most relevant question is: which distribution is the most efficient for programming and software development in the situation?

Arch is suitable for advanced users but is not a preferred distribution for novices. On the other hand, Ubuntu is a versatile distribution out of the box, ideal for basic home laptop / PC uses and for managing corporate servers.

It is fair to say that both distros rank well in the eyes of users. Depending on the needs of your distribution, you can choose the one that best meets your immediate needs.


Man working on a computer in front of a window
The 9 best Linux distributions for Windows users

Linux can be difficult to adapt for novice users, but only if you install the wrong distro. Here are the best Linux distros for Windows users.

Read more


About the Author

]]>
Supreme Court to hold special hearing on Biden vaccine warrants https://greguti.com/supreme-court-to-hold-special-hearing-on-biden-vaccine-warrants/ Thu, 23 Dec 2021 13:26:00 +0000 https://greguti.com/supreme-court-to-hold-special-hearing-on-biden-vaccine-warrants/

WASHINGTON – The Supreme Court said Wednesday evening it would hold a special hearing next month to assess the legality of two initiatives at the heart of the Biden administration’s efforts to tackle the coronavirus in the workplace.

The court said it would act with exceptional speed on the two measures, a vaccine or testing mandate for large employers and a vaccination requirement for some healthcare workers, making the case for Friday, January 7. The judges were not due to return to the bench until the following Monday.

Both sets of cases were part of what critics call the shadow court case, in which the court rules on emergency requests, sometimes on matters of great importance, without a briefing or full argument. The court’s decision to hear arguments on the claims may have been a response to growing criticism of the practice.

The more drastic of the two measures, targeting companies with 100 or more employees, would affect more than 84 million workers and is at the heart of the administration’s efforts to fight the pandemic. The administration estimated that the measure would vaccinate 22 million people and avoid 250,000 hospitalizations.