All streams

In this article, we're going to talk about not the classical AFL itself but about utilities designed for it and its modifications, which, in our view, can significantly improve the quality of fuzzing. If you want to know how to boost AFL and how to find more vulnerabilities faster – keep on reading!

OAuth 2 overview

This article assumes that readers are familiar with OAuth 2. However, below a brief description of it is presented below.

1. The application requests authorization to access service resources from the user. The application needs to provide the client ID, client secret, redirect URI and the required scopes.
2. If the user authorizes the request, the application receives an authorization grant
3. The application requests an access token from the authorization server by presenting authentication of its own identity, and the authorization grant
4. If the application identity is authenticated and the authorization grant is valid, the authorization server issues the access and refresh (if required) token to the application. Authorization is complete.
5. The application requests the resource from the resource server and presents the access token for authentication
6. If the access token is valid, the resource server serves the resource to the application

The are some main Pros and Cons in OAuth 2.0

• OAuth 2.0 is easier to use and implement (compared to OAuth 1.0)
• Wide spread and continuing growing
• Short lived Tokens
• Encapsulated Tokens

— No signature (relies solely on SSL/TLS ), Bearer Tokens
— No built-in security
— Can be dangerous if used from not experienced people
— Too many compromises. Working group did not make clear decisions
— Mobile integration (web views)
— Oauth 2.0 spec is not a protocol, it is rather a framework — RFC 6749

Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer.

Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: «C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!»

I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.

Earlier this week, we released Visual Studio 2019 version 16.1 Preview 1 (see release notes). It’s the first preview of the first update to Visual Studio 2019. If you’re not already set up to get preview releases, then please do that now. The preview channel installs side-by-side with the release channel and they don’t interfere with each other. I highly recommend all extension authors install the preview.

Got the 16.1 preview installed now then? That’s great. Here are some features in it you might find interesting.

In this first part of an article series «Citymobil — a manual for improving availability amid business growth for startups» I’m going to break down the way we managed to dramatically scale up the availability of Citymobil services. The article opens with the story about our business, our task, the reason for this task to increase the availability emerged and limitations. Citymobil is a rapid-growing taxi aggregator. In 2018, it increased by more than 15 times in terms of number of successfully completed trips. Some months showed 50% increase compared with the previous month.

The business grew like a weed in every direction (it still does): there was an increase in server load, team size and number of deployments. At the same time the new threats to service availability emerged. The company faced a task of the most importance — how to increase availability without compromising company growth. In this article, I’ll talk about the way we managed to solve this task in a relatively short time.

Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.

AARRR stand for:

• Acquisition.
• Activation.
• Retention.
• Revenue.
• Referral.

AARRR (also called the Pirate Metrics) describes the sales funnel. At the top of the funnel are visitors who only saw your application, or just downloaded it and still do not know how they will interact with it. Next, visitors are registered — of course, if it is provided by the functionality of the application.

Now they (you can start calling them users) reach the moment when they have to understand the value of the product and decide to remain its user, i.e. start buying some services, recommend the application to your friends and, in general, constantly return to the application for any purpose, or delete it from mobile device.

You will not have another chance to impress the user!

The AARRR framework forces developers to measure their sales funnel numerically. At every stage.

Looking for an app development company? I’ve searched for information about it and made this list. It might help to find an app development company to hire. The list contains basic information about each company included in it like company size, hourly rate, min. project size, etc. And I recently decided to upgrade the list to 100 app development companies.

In this article, I decided to describe how the functionality of selecting and displaying photos on a specific place on the map was implemented in our photo service gfranq.com. The photo service does not work now.

Since we had a lot of photos in our service and sending requests to database every time the viewport changes was too resource-intensive, it was logical to divide the map into several areas that contain information about the retrieved data. For obvious reasons, these areas have rectangular shape (although hexagonal grid was considered too). As the areas become more spherical at large scales, elements of spherical geometry and tools for it were also considered.

In this article, the following issues were raised:

• Storing and retrieving photos from the database and caching them on the server (SQL, C#, ASP.NET).
• Downloading necessary photos on the client side and saving them to the client cache (JavaScript).
• Recalculation of photos that must be hidden or shown when the viewport changes.
• Elements of spherical geometry.

Accumulating technical debt may lead your company to a crisis. But it may also become a powerful driver of massive process changes and help with engineering practices adoptions. I'll tell you about it on my own example.

Hopefully by now you’ve seen that Visual Studio 2019 is now generally available. As you would expect, we’ve added improvements for web and Azure development. As a starting point, Visual Studio 2019 comes with a new experience for getting started with your code and we updated the experience for creating ASP.NET and ASP.NET Core projects to match:

If you are publishing your application to Azure, you can now configure Azure App Service to use Azure Storage and Azure SQL Database instances, right from the publish profile summary page, without leaving Visual Studio. This means that for any existing web application running in App Service, you can add SQL and Storage, it is no longer limited to creation time only.

With the appearance of ECMAScript 2015, an avalanche of features came; some of them make you mad, and others are pleasant surprises, like meeting an old friend after a long time.

Some features are related to metaprogramming. What is that? I'm not very eloquent, so let's turn to our friend, Wikipedia.

ML.NET is an open-source and cross-platform machine learning framework (Windows, Linux, macOS) for .NET developers. Using ML.NET, developers can leverage their existing tools and skillsets to develop and infuse custom AI into their applications by creating custom machine learning models for common scenarios like Sentiment Analysis, Recommendation, Image Classification and more!.

Today we’re announcing the ML.NET 1.0 RC (Release Candidate) (version 1.0.0-preview) which is the last preview release before releasing the final ML.NET 1.0 RTM in 2019 Q2 calendar year.

Soon we will be ending the first main milestone of a great journey in the open that started on May 2018 when releasing ML.NET 0.1 as open source. Since then we’ve been releasing monthly, 12 preview releases so far, as shown in the roadmap below:

In this release (ML.NET 1.0 RC) we have initially concluded our main API changes. For the next sprint we are focusing on improving documentation and samples and addressing major critical issues if needed.

The goal is to avoid any new breaking changes moving forward.

If you use Habr, chances are, you’re conscious about privacy on the web. As governments and corporations tighten their grip on people’s online activities, the issue of keeping your browsing data to yourself becomes more and more relevant.

Numerous tech websites say VPN is no longer a geek-only thing, and regular people should use it, too (Fast Company, Mashable, PCMag). But as a tech-savvy person, you know there isn’t a service you can trust as much as the one you host and manage yourself.

With this post, you’ll deploy your own instance of Outline VPN on AWS.

This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

I decided to make an interview with one of my American friends — Rob Vugteveen. He was working as a FORTRAN programmer back in 1980s, so it's quite a unique experience.


Rob Vugteveen, Carson City, Nevada, USA

K: Hi Rob. I've heard you were working as a Fortran programmer many years ago. Is that right? How the industry was looking back then?

R: Good morning, Kirill.

In the 1980s I made my living as a FORTRAN programmer in the mining industry, primarily in the processing of exploration data and presenting it graphically. We were using VAX minicomputers from Digital Equipment Corporation. This was a time when desktop PCs were growing in popularity, and procedural languages like FORTRAN were being challenged by object-oriented languages. Also, graphics display systems were shifting away from character-cell terminals to X-window-based displays.

FORTRAN (“FORmula TRANslation”) was built for computationally intensive programs, and it did not have its own graphic libraries to display information. There were companies that sold large FORTRAN subroutine libraries to provide that capability. These were not yet designed for the growing popularity of X-window technology.

When we were forced to move from expensive VAX computers to cheaper PCs, we had to write hybrid programs using FORTRAN for computations and C++ for display. It was a bit messy at first. I left that job for something completely different (building a mining museum) and haven’t really done any programming since.

FORTRAN is still used today in scientific research for computationally intensive work, but I’m sure it’s been adapted to work with graphical display systems through external subroutines written in object-oriented code.

Today’s taxi market is crowded with ride-sharing apps like Uber, Ola, and Lyft. They are giving serious competition for upcoming ventures. These on-demand apps have initiated the radical shift in the taxi industry enabling the smooth transition from conventional taxi hailing to booking a cab through an app. Customers are opting for hailing taxis through the app because of its reliability to get a taxi and ensuring a much better cab booking experience. Thus, the taxi market is ripe for the taking, and this is the right time for entrepreneurs to make use of the opportunity.

Statistics on the Taxi Industry

The traditional taxi industry is still stuck with inefficient phone call bookings, competitors and they stand to lose at least $20 million on an everyday basis just because customers couldn’t find a cab. Another statistics survey tells us that almost 80% of the commuter prefer Ola and Uber over regular taxis and that Uber has completed nearly 2 billion rides since its inception. The profits soared over $20 Billion in the process. What made Uber and Ola successful ventures is the sound business strategy they employed. So if you are going to establish your venture then understanding the market is imperative.

This is the second post in our series of articles about the results of checking open-source software working with the RDP protocol. Today we are going to take a look at the rdesktop client and xrdp server.

On March 13, a proposal for the RIPE anti-abuse working group was submitted, stating that a BGP hijacking event should be treated as a policy violation. In case of acceptance, if you are an ISP attacked with the hijack, you could submit a special request where you might expose such an autonomous system. If there is enough confirming evidence for an expert group, then such a LIR would be considered an adverse party and further punished. There were some arguments against this proposal.

With this article, we want to show an example of the attack where not only the true attacker was under the question, but the whole list of affected prefixes. Moreover, it again raises concerns about the possible motives for the future attack of this type.

With the recent progress in Neural Networks in general and image Recognition particularly, it might seem that creating an NN-based application for image recognition is a simple routine operation. Well, to some extent it is true: if you can imagine an application of image recognition, then most likely someone have already did something similar. All you need to do is to Google it up and to repeat.

However, there are still countless little details that… they are not insolvable, no. They simply take too much of your time, especially if you are a beginner. What would be of help is a step-by-step project, done right in front of you, start to end. A project that does not contain «this part is obvious so let's skip it» statements. Well, almost :)

In this tutorial we are going to walk through a Dog Breed Identifier: we will create and teach a Neural Network, then we will port it to Java for Android and publish on Google Play.

For those of you who want to see a end result, here is the link to NeuroDog App on Google Play.

Web site with my robotics: robotics.snowcron.com.
Web site with: NeuroDog User Guide.

Here is a screenshot of the program: