Search results for experiencing issues
Demystifying DePINs and More: Bridging Real-World Infrastructure
What are DePINs? Decentralized Physical Infrastructure Networks (DePINs) are real-world infrastructures on-chain. In more depth, DePINs offer a community-driven, cost-effective means of scaling projects without relying on traditional, centralized models. They are platforms where organizations and individuals can benefit from higher levels of control over their data and products through decentralized infrastructure. As for the term "DePIN,” this gained prominence in 2023 and continues to grow in mention into 2024. Initially, Web3 was used to reference projects focused on networks (replicating Web2 internet networks, but decentralized) but has since expanded to include all crypto or blockchain work, resulting in the need for this specific terminology. DePIN 101 On a fundamental level, DePINs function as bridges between physical facilities and the blockchain ecosystem. They operate through three main components. These are physical infrastructure controlled by a provider, a middleware connection to the blockchain, and a public ledger. These connections are managed by record-keeping and offering remittances to both the provider and the user. n n The physical infrastructure could be a smart agriculture system where farmers use IoT (Internet of Things) devices such as soil moisture sensors, weather stations, and crop health monitors to gather data about their fields. The middleware would then relay this information to the blockchain. Then, based on the data provided by the middleware, the blockchain would distribute rewards to the provider and users in the form of tokens. n Additionally, for DePINs to operate effectively, four distinct parties must be involved in the network. This includes: Hardware (PRNs & DRNs): a physical component connecting networks to the real world Hardware operators (Providers): Contributors buying or lending their hardware to the given network Token: A financial incentive paid out to hardware operators based on data provided by the middleware Users: DePINs need users who are willing to use and pay for the service The Current DePIN Landscape DePIN projects operate in six core business niches: compute marketplaces, wireless coverage, wholesale data, services marketplaces, energy services, and vertical ad networks. At present, there are several existing projects emerging in all six of these business models, including Filecoin, Helium, Hivemapper, Braintrust, Entheos and Sweatcoin. Out of these six sectors, compute marketplaces are where the most potential is seen, making up the majority of the market capitalization of DePIN crypto projects. Unpacking a DePIN example As we can see from the current DePIN landscape, there are many sectors in which DePINs currently operate. One real-world example that makes sense, at its core, is a decentralized energy grid. The basis for this is that traditional energy grids are often centralized, owned, and operated by utility companies, which can lead to inefficiencies and a lack of flexibility in distribution. Contrastingly, a decentralized energy grid built on blockchain technology could enable peer-to-peer energy trading between consumers and producers. Imagine a scenario where homeowners could sell excess energy to neighbors from their solar panels. This would facilitate more efficient use of renewable energy resources and incentivize individuals and communities to invest in sustainable energy production. By leveraging blockchain and smart contracts, this DePIN could ensure transparent and secure transactions while empowering users to have more control over their energy usage and production. The Flywheel Effect The concept of the flywheel effect is crucial to understanding DePINs potential for network growth and scalability. Unlike traditional models that require massive upfront capital investments, DePINs rely on grassroots efforts and community-driven initiatives to scale. n Tokens play their part in these ecosystems by serving as an incentive for the community to contribute to the maintenance of the network. The Flywheel (above) visualizes the different steps involved in this maintenance and also helps to explain how DePIN projects can utilize the flywheel effect to catalyze their network growth. n n There are several different ways projects can increase the value of their token. For example, a stake-weighted random selection algorithm can be utilized to increase the value of a token, as providers must stake the project's token to get user deal flow. This adds an added incentive for contributors to continue building out the network. Therefore, the native token will increase in price as the network grows, resulting in more rewards for providers and a higher attraction for investors to invest. Fundamentally, this flywheel creates infrastructure networks that get stronger as they get bigger. As explained above, the flywheel effect of DePINs offers an alternative approach to traditional business models that fundamentally makes sense. However, we must consider the obstacles DePINs face in their journey to realizing their potential. The Future of DePINs By leveraging blockchain technology and tokenomics (The Flywheel Effect), DePINs are expected to disrupt existing IoT business models and enable on-chain communities to build innovative decentralized networks and applications. However, some limitations are currently holding DePINs back. There are several architectural considerations for scaling DePIN applications on-chain that need to be addressed if DePINs are going to be the bridge between decentralized technology and the real world. The most significant challenges to overcome are scalability, interoperability, security, and usability issues. The on-chain infrastructure needs to be able to handle a high volume of transactions and data throughput effectively to support the requirements of decentralized physical networks. To then communicate and exchange this data effectively, seamless interoperability with other blockchain networks and traditional systems is required. Robust security mechanisms, including encryption and authentication, are vital to safeguarding sensitive information and ensuring the integrity of DePIN networks. On top of this, DePINs must have systems in place, ensuring the security of external data feeds (oracles) used to verify real-world information and the prevention of Sybil attacks, where malicious actors create fake identities to gain undue influence within the network. A final consideration is that specialized technical knowledge is currently required to participate in a DePIN ecosystem. A more usable interface and intuitive design will be required for further adoption. n The future of DePINs relies heavily on collaboration among stakeholders and ongoing technological innovation to address these challenges and unlock their full potential.
Demystifying DePINs and More: Bridging Real-World...
What are DePINs?
Decentralized Physical Infrastructure Networks (DePINs) are real-world...
Source: Hacker Noon
Hackers without borders
HWB, for a better world in cyberspace. Hackers Without Borders is an international humanitarian association that provides emergency assistance to non-governmental institutions in the event of crises and disasters related to cyberattacks.
Hackers without borders
HWB, for a better world in cyberspace. Hackers Without Borders is an international...
Mastering the Art of Software Development: From Developer to Craftsperson
In this blog article, we'll explore the principles of software craftsmanship, the benefits of becoming a software craftsperson, and how we can improve our skills. We'll look at a growth mindset and some resources to help us on our journey. Let's dive in! Witnessing Craftsmanship Let's say we enter a home and face this beautifully crafted staircase. Why do we even think this is beautiful? What comes to mind is the skill and work that has gone into it. The craftsperson has had to think about how to ensure that it's only connected at the top and the bottom, it can support the weight and doesn't fall under its weight, or when there are people on it, climbing up and down. There is also the craftsmanship of the handrail and the curved wall. Why does this craftsmanship strike us or cause us to take notice? Is it because we can see the care taken in creating the stairs? Or maybe we can see that a lot of skill went into it? Or perhaps it's because the knowledge of physics has been used to make it appear that it defies gravity? What Is Craftsmanship? From Collins dictionary, we can see the definition is: Craftsmanship is the quality that something has when it is beautiful and has been very carefully made. What Is Software Craftsmanship? The Manifesto for Software Craftsmanship describes it as follows: Not only working software, n but also well-crafted software. Not only responding to change, n but also steadily adding value. Not only individuals and interactions, n but also a community of professionals. Not only customer collaboration, n but also productive partnerships. If we simplify it, a software craftsperson cares about all aspects of their work. What Separates a Software Developer From a Software Craftsperson? While software developers are primarily concerned with the code they write, software craftspeople take a broader approach. They manage the code, its maintainability, deployability, and application monitoring. This results in robust applications that meet user needs and bring joy to users. Software craftspeople continually hone their skills to create better applications that perform well in production without constant supervision. Quality applications are made through thorough testing and proactive monitoring that alerts the team to potential issues. Why Choose to Embark on the Path of a Software Craftsperson? For anyone who connects with the principles of software craftsmanship — well-crafted software, steadily adding value, being part of a community, and having productive partnerships with their users — the path of software craftsperson is a good fit. It's a journey where we continually learn the craft of building software in an evolving landscape. As software craftspeople, we're not happy just throwing things out the door but instead focusing on quality and stability. We also want to build up a community of people who can create high-quality software so that we all can learn from each other and build on what others are learning. Why Did I Make the Transition to Software Craftsperson? Different people have different journeys, motivations, and experiences regarding craftsmanship. Let me tell you my story. I had worked in software development for over ten years when I joined a software craftsmanship dojo. At the start, I didn't understand the impact that the dojo would have. I thought I was only there to learn Test Driven Development (TDD). Previously, I had learned TDD by participating in code retreats. Still, I needed help incorporating the new working method into day-to-day coding outside of fixing defects or working on straightforward features. The dojo allowed me to learn hands-on each week, developing the skills that drive my development through testing. This mindset progressed to the point where I now find it hard to think about developing without using TDD. The move to software craftsmanship made sense as a path for my career since I had worked on many projects where we were fighting the storm of trying to develop the application, dealing with production issues, and managing our technical debt. This storm led me to burnout and disillusionment in the software developer career. Having an opportunity in the weekly two-hour dojo to learn new skills and have hands-on experience meant that it was two hours that I looked forward to the most in the week. Outside the dojo, I practice a daily coding exercise, use what I learned in my work, and consider new ways of doing things. This practice has led me to develop skills to quickly deploy new, well-tested applications with testing, monitoring, and scanning toolchains, improving my DORA and DASA scores. Growth Mindset Moving to become a software craftsperson will mean that we can see that there are ways that we can grow. Rather than seeing our skills as something that can't be changed, we realise we can improve incrementally over time. So, rather than having a fixed mindset where we think our skills limit our growth, we have a growth mindset. Referring to the previous post, building habits and working on getting 1% better is fundamental to creating a growth mindset. This growth mindset doesn't just stop with us; it should also include growing the people around us. Having a growth mindset is vital to building a community of software craftspeople. Benchmarking Our Skills To understand where we are with our software craftsmanship skills, we can use the DevOps Agile Skills Association (DASA) DevOps quick scan to know where we are with our skill levels. Then, we can work on improving the areas that need addressing. The quick scan looks at 12 different areas: Business Value Optimisation Business Analysis Architecture and Design Test Specification Programming Continuous Delivery Infrastructure Engineering Security, Risk, Compliance Courage Team Building DevOps Leadership Continuous Improvement Each area will receive a score from one (novice) to five (master). The report will help us understand what is required at the next level and how to improve. Methodology for Developing Quality Cloud Applications A methodology called the twelve-factor app is used to build software-as-a-service applications that can scale without significant changes to tooling, architecture, or development practices. The created app uses declarative formats for setup automation, has a clean contract with the underlying operating system, and minimizes divergence between development and production. The methodology can be applied to apps in any programming language and can use any combination of backend services. We can build the best software-as-service application possible by following the twelve factors. Getting Started on Our Journey as Software Craftspeople Understanding more about software craftsmanship can always be helpful. There is a link to further reading on the Manifesto for Software Craftsmanship. There you will see, among others: Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman by Dave Hoover and Adewale Oshineye Software Craftsmanship by Pete McBreen The Pragmatic Programmer by David Thomas and Andrew Hunt A title missing from that list is: The Software Craftsman by Sandro Mancuso These titles help us further understand software craftsmanship and what we must look at in our journey. We should improve ourselves and those around us to build well-crafted software using the lessons learned. Conclusion Changing our identity from a developer to a software craftsperson leads us to build well-crafted applications. The key to the change is treating it as a journey, and as with any journey, we can take many different routes. We've talked about some of the resources that might be useful, and we can use the resources that entice us and keep us going along the journey. Transforming 1% daily will mean we will have significantly impacted how we work for a year and beyond. References Craftsmanship Definition — https://www.collinsdictionary.com/dictionary/english/craftsmanship Manifesto for Software Craftsmanship — https://manifesto.softwarecraftsmanship.org DASA Quick Scan — https://scan.devopsagileskills.org BriX Software Craftsmanship Dojo — https://swcraftsmanshipdojo.com DORA Quick Check — https://dora.dev/quickcheck The Twelve-Factor App — https://12factor.net Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman by Dave Hoover and Adewale Oshineye — https://www.amazon.com/Apprenticeship-Patterns-Guidance-Aspiring-Craftsman/dp/0596518382/ Software Craftsmanship by Pete McBreen — https://www.amazon.com/Software-Craftsmanship-Imperative-Pete-McBreen/dp/0201733862 The Pragmatic Programmer by David Thomas and Andrew Hunt — https://www.amazon.com/Pragmatic-Programmer-journey-mastery-Anniversary/dp/0135957052 The Software Craftsman by Sandro Mancuso — https://www.amazon.com/Software-Craftsman-Professionalism-Pragmatism-Robert/dp/0134052501 Credits The title image is from Dreamstudio AI.
craftsmanship Software Craftsman software craftsmanship software craftsperson
Mastering the Art of Software Development: From Developer...
In this blog article, we'll explore the principles of software craftsmanship,...
Source: Hacker Noon
9 Common Technical SEO Issues and How to Fix Them - Beginners' Guide
Learn how to find and fix common technical SEO issues, using Google Search Console and Google Search.
9 Common Technical SEO Issues and How to Fix Them...
Learn how to find and fix common technical SEO issues, using Google Search Console...
Source: Hacker Noon
Debian LTS: DLA-3810-1: php7.3 Security Advisory Updates
Security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in information disclosure or incorrect validation of password hashes.
Debian LTS: DLA-3810-1: php7.3 Security Advisory Updates...
Security issues were found in PHP, a widely-used open source general purpose scripting...
Source: LinuxSecurity.com
USN-6767-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Android drivers; - Hardware random number generator core; - GPU drivers; - Hardware monitoring drivers; - I2C subsystem; - IIO Magnetometer sensors drivers; - InfiniBand drivers; - Network drivers; - PCI driver for MicroSemi Switchtec; - PHY drivers; - Ceph distributed file system; - Ext4 file system; - JFS file system; - NILFS2 file system; - Pstore file system; - Core kernel; - Memory management; - CAN network layer; - Networking core; - IPv4 networking; - Logical Link layer; - Netfilter; - NFC subsystem; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - Realtek audio codecs; (CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615, CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704, CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435, CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619, CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486, CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604, CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671, CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722, CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623, CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606, CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615, CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)
USN-6767-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel...
Source: Ubuntu security notices
USN-6766-1: Linux kernel vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Core kernel; - Block layer subsystem; - Android drivers; - Power management core; - Bus devices; - Hardware random number generator core; - Cryptographic API; - Device frequency; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - IIO ADC drivers; - IIO subsystem; - IIO Magnetometer sensors drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - PCI driver for MicroSemi Switchtec; - PHY drivers; - SCSI drivers; - DesignWare USB3 driver; - BTRFS file system; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - JFS file system; - NILFS2 file system; - NTFS3 file system; - Pstore file system; - SMB network file system; - Memory management; - CAN network layer; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Logical Link layer; - Multipath TCP; - Netfilter; - NFC subsystem; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - Unix domain sockets; - Realtek audio codecs; (CVE-2023-52594, CVE-2023-52601, CVE-2024-26826, CVE-2023-52622, CVE-2024-26665, CVE-2023-52493, CVE-2023-52633, CVE-2024-26684, CVE-2024-26663, CVE-2023-52618, CVE-2023-52588, CVE-2023-52637, CVE-2024-26825, CVE-2023-52606, CVE-2024-26594, CVE-2024-26625, CVE-2024-26720, CVE-2024-26614, CVE-2023-52627, CVE-2023-52602, CVE-2024-26673, CVE-2024-26685, CVE-2023-52638, CVE-2023-52498, CVE-2023-52619, CVE-2024-26910, CVE-2024-26689, CVE-2023-52583, CVE-2024-26676, CVE-2024-26671, CVE-2024-26704, CVE-2024-26608, CVE-2024-26610, CVE-2024-26592, CVE-2023-52599, CVE-2023-52595, CVE-2024-26660, CVE-2023-52617, CVE-2024-26645, CVE-2023-52486, CVE-2023-52631, CVE-2023-52607, CVE-2023-52608, CVE-2024-26722, CVE-2024-26615, CVE-2023-52615, CVE-2024-26636, CVE-2023-52642, CVE-2023-52587, CVE-2024-26712, CVE-2024-26675, CVE-2023-52614, CVE-2024-26606, CVE-2024-26916, CVE-2024-26600, CVE-2024-26679, CVE-2024-26829, CVE-2024-26641, CVE-2023-52623, CVE-2024-26627, CVE-2024-26696, CVE-2024-26640, CVE-2024-26635, CVE-2023-52491, CVE-2024-26664, CVE-2024-26602, CVE-2023-52604, CVE-2024-26717, CVE-2023-52643, CVE-2024-26593, CVE-2023-52598, CVE-2024-26668, CVE-2023-52435, CVE-2023-52597, CVE-2024-26715, CVE-2024-26707, CVE-2023-52635, CVE-2024-26695, CVE-2024-26698, CVE-2023-52494, CVE-2024-26920, CVE-2024-26808, CVE-2023-52616, CVE-2023-52492, CVE-2024-26702, CVE-2024-26644, CVE-2023-52489, CVE-2024-26697)
USN-6766-1: Linux kernel vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel
could...
Source: Ubuntu security notices
USN-6765-1: Linux kernel (OEM) vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - Core kernel; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Android drivers; - Drivers core; - Power management core; - Bus devices; - Hardware random number generator core; - Device frequency; - DMA engine subsystem; - EDAC drivers; - ARM SCMI message protocol; - GPU drivers; - IIO ADC drivers; - InfiniBand drivers; - IOMMU subsystem; - Media drivers; - Multifunction device drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - PCI driver for MicroSemi Switchtec; - x86 platform drivers; - Power supply drivers; - SCSI drivers; - QCOM SoC drivers; - SPMI drivers; - Thermal drivers; - TTY drivers; - VFIO drivers; - BTRFS file system; - Ceph distributed file system; - EFI Variable file system; - EROFS file system; - Ext4 file system; - F2FS file system; - GFS2 file system; - JFS file system; - Network file systems library; - Network file system server daemon; - Pstore file system; - ReiserFS file system; - SMB network file system; - BPF subsystem; - Memory management; - TLS protocol; - Networking core; - IPv4 networking; - IPv6 networking; - Logical Link layer; - Netfilter; - Network traffic control; - SMC sockets; - Sun RPC protocol; - AppArmor security module; (CVE-2023-52635, CVE-2024-26632, CVE-2023-52468, CVE-2023-52472, CVE-2023-52589, CVE-2024-26671, CVE-2024-26640, CVE-2024-26631, CVE-2023-52489, CVE-2023-52616, CVE-2023-52445, CVE-2023-52463, CVE-2024-26610, CVE-2023-52497, CVE-2023-52453, CVE-2023-52470, CVE-2024-26649, CVE-2023-52583, CVE-2024-26644, CVE-2023-52607, CVE-2023-52587, CVE-2024-26594, CVE-2023-52618, CVE-2023-52495, CVE-2023-52632, CVE-2024-26583, CVE-2023-52633, CVE-2023-52591, CVE-2024-26633, CVE-2023-52627, CVE-2024-26670, CVE-2024-26598, CVE-2024-26592, CVE-2023-52473, CVE-2023-52623, CVE-2023-52446, CVE-2023-52443, CVE-2023-52451, CVE-2024-26629, CVE-2023-52462, CVE-2024-26808, CVE-2023-52598, CVE-2023-52611, CVE-2023-52492, CVE-2023-52456, CVE-2023-52626, CVE-2023-52455, CVE-2024-26641, CVE-2023-52588, CVE-2023-52608, CVE-2024-26618, CVE-2024-26582, CVE-2023-52609, CVE-2023-52604, CVE-2024-26646, CVE-2024-26634, CVE-2023-52469, CVE-2023-52467, CVE-2023-52447, CVE-2024-26623, CVE-2023-52621, CVE-2024-26647, CVE-2024-26615, CVE-2023-52450, CVE-2023-52619, CVE-2023-52610, CVE-2023-52606, CVE-2023-52464, CVE-2023-52465, CVE-2024-26638, CVE-2023-52498, CVE-2024-26625, CVE-2023-52449, CVE-2023-52584, CVE-2023-52454, CVE-2023-52458, CVE-2024-26585, CVE-2024-26669, CVE-2023-52493, CVE-2024-26645, CVE-2024-26607, CVE-2023-52615, CVE-2023-52617, CVE-2024-26612, CVE-2024-26668, CVE-2023-52594, CVE-2023-52612, CVE-2024-26584, CVE-2024-26586, CVE-2024-26616, CVE-2024-26673, CVE-2023-52448, CVE-2024-26620, CVE-2023-52614, CVE-2024-26636, CVE-2023-52602, CVE-2023-52452, CVE-2023-52601, CVE-2024-26635, CVE-2024-26627, CVE-2023-52488, CVE-2023-52487, CVE-2023-52597, CVE-2023-52494, CVE-2023-52444, CVE-2024-26608, CVE-2023-52593, CVE-2023-52491, CVE-2023-52595, CVE-2023-52599, CVE-2024-26595, CVE-2023-52622, CVE-2024-26650, CVE-2024-26614, CVE-2023-52490, CVE-2023-52486, CVE-2023-52457)
USN-6765-1: Linux kernel (OEM) vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not...
Source: Ubuntu security notices
Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
Today, new research by ISACA has revealed that, despite nearly three quarters (73%) of European organisations reporting that their staff use AI at work, only 30% provide limited training to employees in tech-related positions, while 40% offer no training at all. However, issues around AI aren't limited to the absence of training in the workplace. […] The post Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training first appeared on IT Security Guru. The post Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training appeared first on IT Security Guru.
Over 70% of Staff Use AI At Work, But Only 30% of...
Today, new research by ISACA has revealed that, despite nearly three quarters (73%)...
Source: IT Security Guru
Sonatype Lifecycle best practices: Reference policies, backup and restore
Fortifying your software development processes against security threats and compliance issues is not just necessary — it's imperative to maintain resilience in today's unpredictable cyber environment. Managing software dependencies effectively is crucial in this context, as they can be a significant source of vulnerabilities.
cyber environment Managing software Reference policies restore Fortifying
Sonatype Lifecycle best practices: Reference policies,...
Fortifying your software development processes against security threats...
Source: Sonatype Blog
MultiBank.io Unveils Gamified Mission Center Rewarding Cryptocurrency Trading
DUBAI, UAE, May 7th, 2024/Chainwire/--MultiBank.io, part of the esteemed MultiBank Group, and a regulated cryptocurrency exchange, has taken a leap forward for newcomers in the crypto trading world, with the introduction of its rewarding Mission Center. Newcomers onboarding with MultiBank.io, as well as existing users will be rewarded by achieving milestones throughout their journey on the exchange. The Mission Center: Complete Tasks & Earn Rewards At the core of MultiBank.io lies the all-new Mission Center, designed to give newcomers a chance to try out MultiBank.io's new derivatives product, along with experiencing a cryptocurrency exchange where TradFi meets Crypto. The Mission Center will be launching with two missions from the get-go, but more will be coming very soon with even greater rewards for traders, here are the two missions available right now for traders on MultiBank.io: 20 USDT Trading Bonus: Upon registration, traders can head to the Mission Center and complete their KYC (Know Your Customer) process. Afterwhich, they'll need to go to the derivatives section, and open an account there. As a reward, they will receive 20 USDT directly into their derivatives wallet. T&Cs apply. 0 USDT Trading Bonus: Once verified, deposit a minimum of 1 USD in Fiat or Crypto into their spot wallet, and MultiBank.io will credit traders' derivatives accounts with a whopping 0 USDT. It's an exciting way to kickstart their derivatives trading journey. T&Cs apply. Why MultiBank.io? Extensive Cryptocurrency Selection: MultiBank.io offers a wide range of cryptocurrencies, including spot and derivatives trading, with leverage options of up to 100x. Regulated Excellence: MultiBank.io adheres to the highest standards of transparency and client fund security. It is regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC), ensuring a safe trading environment. Swift Trade Execution: Traders can enjoy top-tier security, receiving a perfect score by a crypto tier one auditor, and swift trade execution for major cryptocurrencies. Innovative “Panic Sell” Feature: The recently launched “Panic Sell” feature allows traders to swiftly convert positions into specific cryptocurrencies or fiat currency with just a single click, ensuring timely decision-making during volatile market conditions. Join MultiBank.io's Mission Center and unlock new opportunities in cryptocurrency trading! ABOUT MULTIBANK.IO MultiBank.io, a cryptocurrency exchange under MultiBank Group, offers a user-friendly platform for instant, secure trading including Bitcoin and Ethereum. For more information, visit https://multibank.io Website | X | Telegram | Facebook | Instagram | LinkedIn ABOUT MULTIBANK GROUP Founded in California, USA, in 2005, MultiBank Group has grown to command a daily trading volume exceeding .1 billion, serving over 1 million customers. MultiBank Group has matured into one of the largest online financial derivatives providers globally, offering an array of brokerage services and asset management solutions. The group's award-winning trading platforms offer a diverse range of products, including Forex, Metals, Shares, Commodities, Indices, and Digital Assets. For more information, visit https://multibankfx.com Contact Antonio Bileci Bileciantonio.bileci@multibank.io :::tip This story was distributed as a release by Chainwire under HackerNoon's Business Blogging Program. Learn more about the program here. ::: n
MultiBank.io Unveils Gamified Mission Center Rewarding...
DUBAI, UAE, May 7th, 2024/Chainwire/--MultiBank.io, part of the esteemed MultiBank...
Source: Hacker Noon
AutofacServiceProviderFactory in ASP.NET Core - Part 1
We have plenty of awesome options for dependency injection when working in ASP.NET Core applications. For the most part, if you're not building anything super complicated concerning your types or your software architecture, you can get by with the built-in IServiceCollection. However, we can use AutofacServiceProviderFactory in ASP.NET Core to make Autofac our dependency container of choice in our app! In this article, I highlight how to use AutofacServiceProviderFactory in your ASP.NET Core application along with what you can and cannot do with it. Having many options for dependency injection means that we have many pros and cons to analyze! This will be part of a series where I explore dependency resolution with Autofac inside ASP.NET Core. I'll be sure to include the series below as the issues are published: Part 1: AutofacServiceProviderFactory in ASP.NET Core - Problems With Dependency Injection Part 2: Autofac ContainerBuilder In ASP.NET Core – What You Need To Know Part 3: Autofac ComponentRegistryBuilder in ASP.NET Core - How To Register Dependencies At the end of this series, you'll be able to more confidently explore plugin architectures inside of ASP.NET Core and Blazor, which will provide even more content for you to explore. Dependency Injection: A Primer What is Dependency Injection Dependency Injection (DI) is a design pattern used in programming to make software systems easier to develop, test, and maintain. In C#, like in many other programming languages, dependency injection helps to decouple the components of your applications. Ideally, this leads to developing software that is more flexible and extensible. Dependency Injection is about removing the hard-coded dependencies and making it possible to change them, either at runtime or compile time. This can be useful for many reasons, such as allowing a program to use different databases or testing components by replacing them with mock objects. Consider a code example where we create an instance of a car with an engine: public sealed class Car { private readonly IEngine _engine; public Car() { // The Car class directly depends on the GasEngine class. _engine = new GasEngine(); } } We can instead “inject” the dependency via the constructor: public sealed class Car { private readonly IEngine _engine; // The engine is injected into the car via the constructor // so now there is no direct dependency on the Engine class, // but there is a dependency on the IEngine interface // which has nothing to do with the implementation public Car(IEngine engine) { _engine = engine; } } We can even use the idea of a “Dependency Container” that helps make this process seem a bit more magical by not requiring us to explicitly create instances of objects by passing in dependencies. Instead, the container allows us to resolve these dependencies. More on that in the next section! What is Autofac? Autofac is a popular inversion of control (IoC) container for .NET. It manages the dependencies between classes by injecting instances where needed, thereby facilitating a more modular and testable codebase. Autofac is used extensively in applications to implement the dependency injection pattern, allowing us to write cleaner, more maintainable code for the reasons I explained in the previous section. There are other IoC containers to help us manage and resolve dependencies in our applications, including the built-in IServiceCollection, but Autofac is the one that I am most comfortable using. As .NET has evolved IServiceCollection has become more feature-rich, and with the gap in features between the two closing, Autofac is still one that I like using in my development. What is the AutofacServiceProviderFactory in ASP.NET Core? The AutofacServiceProviderFactory is a specific component in the Autofac library designed to integrate Autofac with the built-in dependency injection (DI) system in ASP.NET Core. Essentially, it acts as a bridge, allowing you to use Autofac as the DI container instead of the default one provided by Microsoft. Exploring A Sample ASP.NET Core Application I wanted to make sure we had a common application to refer to when I get into more of the technical details of what we do and do not get with AutofacServiceProviderFactory. The following code is the sample weather app we get from Visual Studio when creating a new ASP.NET Core web API, but I've modified it slightly to showcase some of the behavior we get with AutofacServiceProviderFactory: using Autofac; using Autofac.Extensions.DependencyInjection; using Microsoft.AspNetCore.Mvc; var builder = WebApplication.CreateBuilder(args); builder.Host.UseServiceProviderFactory(new AutofacServiceProviderFactory(containerBuilder => { containerBuilder .RegisterInstance(builder) .SingleInstance(); containerBuilder .Register(ctx => ctx.Resolve<WebApplicationBuilder>().Configuration) .SingleInstance(); // FIXME: we can't do this because the WebApplicationBuilder // the WebApplicationBuilder is responsible for building the // WebApplication, so we can't do that manually just to add // it into the container //containerBuilder // .Register(ctx => // { // var app = ctx.Resolve<WebApplicationBuilder>().Build(); // app.UseHttpsRedirection(); // return app; // }) // .SingleInstance(); containerBuilder.RegisterType<DependencyA>().SingleInstance(); containerBuilder.RegisterType<DependencyB>().SingleInstance(); containerBuilder.RegisterType<DependencyC>().SingleInstance(); //containerBuilder // .RegisterBuildCallback(ctx => // { // // FIXME: this was never registered // var app = ctx.Resolve<WebApplication>(); // var summaries = new[] // { // "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" // }; // app.MapGet( // "/weatherforecast", // ( // [FromServices] DependencyA dependencyA // this will work // , [FromServices] DependencyB dependencyB // FIXME: this will fail!! // , [FromServices] DependencyC dependencyC // this will work // ) => // { // var forecast = Enumerable.Range(1, 5).Select(index => // new WeatherForecast // ( // DateOnly.FromDateTime(DateTime.Now.AddDays(index)), // Random.Shared.Next(-20, 55), // summaries[Random.Shared.Next(summaries.Length)] // )) // .ToArray(); // return forecast; // }); // }); })); // FIXME: we can't get the WebApplication into the // Autofac container, because it's already been built. // this means if we have anything that wants to take a // dependency on the WebApplication instance itself, we // can't resolve it from the container. var app = builder.Build(); app.UseHttpsRedirection(); var summaries = new[] { "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" }; app.MapGet( "/weatherforecast", ( [FromServices] DependencyA dependencyA // this will work , [FromServices] DependencyB dependencyB // FIXME: this will fail!! , [FromServices] DependencyC dependencyC // this will work ) => { var forecast = Enumerable.Range(1, 5).Select(index => new WeatherForecast ( DateOnly.FromDateTime(DateTime.Now.AddDays(index)), Random.Shared.Next(-20, 55), summaries[Random.Shared.Next(summaries.Length)] )) .ToArray(); return forecast; }); app.Run(); internal record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary) { public int TemperatureF => 32 + (int)(TemperatureC / 0.5556); } internal sealed class DependencyA( WebApplicationBuilder _webApplicationBuilder); internal sealed class DependencyB( Lazy<WebApplication> _webApplication); internal sealed class DependencyC( IConfiguration _configuration); You should note that I've modified the weather API itself to take in 3 dependencies that we want to resolve from the service list. [FromService] is, in fact, not required here, but it makes the error messages clearer if you were to run this and want to understand where and why it fails. But wait… why does it fail?! Keep on readin' and follow along with this video on Autofac to find out more: https://youtu.be/pjvtZGJTqHg?embedable=true What Can We Get With AutofacServiceProviderFactory in ASP.NET Core? Let's start off with what we get from this setup because I do think that this is the typical path. To be clear, there's nothing “wrong” with this approach, but you need to understand where dependencies are registered and resolved, and, therefore what works with your container: We have access to the WebApplicationBuilder on the Autofac ContainerBuilder instance. This allows us to have services depending on the app builder instance, which means we can have modules and/or plugins that want to setup information on the app builder or otherwise read state from the app builder. With that said, we have access to the IConfiguration instance from the WebApplicationBuilder because it's exposed on the web app builder itself. We get the ability to resolve dependencies from the container that are defined directly on our minimal APIs! In the example I shared above, the dependency classes A through C are all types that can be resolved from the container automatically on the minimal API. There's a catch for one of these, which we'll cover, but the point is that our minimal API can see their registrations. In general, this is probably “good enough” for most situations if you just want to use Autofac for your ASP.NET Core application. However, this is limiting to the style of development that I like to do. What's Missing With AutofacServiceProviderFactory in ASP.NET Core? Now that we've seen the goodness that we get, let's discuss where there are some drawbacks. They're essentially already highlighted in the code with FIXME comments, but it's worth elaborating on them in more detail here. Again, this is not to suggest this is the “wrong” way to do it, just that you have some considerations to make: The WebApplication instance is not something that we can resolve from the container. That is, if you ever want to have classes automatically resolve from the dependency container, they cannot take a dependency on WebApplication. This is because this instance is never registered onto the container and, therefore, cannot be automatically injected for us. We can't overcome this behavior by calling the Build() method manually on the WebApplicationBuilder inside of an Autofac registration. This is because the chain of registrations executes once we call Build() on the web application builder OUTSIDE of the container, which then handles the rest of the application being built. Said another way, this creates a bit of a circular dependency on the responsibilities that need to be handled. Because we cannot resolve the WebApplication instance from the dependency container, we cannot create plugins that add their own routes to the application using the minimal API route registration syntax. If this is indeed possible to do, it would have to be using a different API and instance of a different type since the WebApplication instance is not accessible to us via the container. Based on the above points, we cannot have dependencies on the routes like DependencyB in the example above. This is because this type has a dependency on WebApplication and the container simply does not know about it. In future articles, you'll see examples of this pattern coming up again, so it's worth mentioning in this article for reference. Many of these are not a concern for folks building typical applications. However, as someone who builds mostly plugin architecture applications, this is very limiting for me! Wrapping Up AutofacServiceProviderFactory in ASP.NET Core In this article, I provided a brief overview of dependency injection and Autofac within ASP.NET Core. The primary takeaway was looking at what you do and do not get when using AutofacServiceProviderFactory in ASP.NET Core. While the limitations of this are minimized for the average application, this does not work well for a plugin architecture that wants to extend the API routes via plugins. If you found this useful and you're looking for more learning opportunities, consider subscribing to my free weekly software engineering newsletter and check out my free videos on YouTube!
AutofacServiceProviderFactory in ASP.NET Core - Part...
We have plenty of awesome options for dependency injection when working in ASP.NET...
Source: Hacker Noon