All streams

Most likely you've already heard about the famous exploit checkm8, which uses an unfixable vulnerability in the BootROM of most iDevices, including iPhone X. In this article, we'll provide a technical analysis of this exploit and figure out what causes the vulnerability.

Since we began work on the next version of Microsoft Edge based on Chromium, we’ve been investigating ways to modernize form controls to provide a modern appearance as well as the touch friendliness and accessibility that our users expect from Microsoft Edge today.

Over the past few months, we’ve been collaborating closely with the Google Chrome team on this project, and are excited to share the refreshed controls that will be coming to Microsoft Edge Insider builds, or other Chromium browsers near you.

While Stockholm was holding the 118th Nobel Week, I was sitting in our office, where we develop the PVS-Studio static analyzer, working on an analysis review of the ROOT project, a big-data processing framework used in scientific research. This code wouldn't win a prize, of course, but the authors can definitely count on a detailed review of the most interesting defects plus a free license to thoroughly check the project on their own.

Introduction

ROOT is a modular scientific software toolkit. It provides all the functionalities needed to deal with big data processing, statistical analysis, visualisation and storage. It is mainly written in C++. ROOT was born at CERN, at the heart of the research on high-energy physics. Every day, thousands of physicists use ROOT applications to analyze their data or to perform simulations.

Kubernetes has already become a de-facto standard for running stateless applications, mainly because it can reduce time-to-market for new features. Launching stateful applications, such as databases or stateful microservices, is still a complex task, but companies have to meet the competition and maintain a high delivery rate. So they create a demand for such solutions.

We want to introduce our solution for launching stateful Tarantool Cartridge clusters: Tarantool Kubernetes Operator, more under the cut.

This article reviews the results of a second check of the Orchard project with the PVS-Studio static analyzer. Orchard is an open-source content manager system delivered as part of the ASP.NET Open Source Gallery under the non-profit Outercurve Foundation. Today's check is especially interesting because both the project and the analyzer have come a long way since the first check, and this time we'll be looking at new diagnostic messages and some nice bugs.

In 2017, we won the competition for the development of the transaction core for Alfa-Bank's investment business and started working at once. (Vladimir Drynkin, Development Team Lead for Alfa-Bank's Investment Business Transaction Core, spoke about the investment business core at HighLoad++ 2018.) This system was supposed to aggregate transaction data in different formats from various sources, unify the data, save it, and provide access to it.

In the process of development, the system evolved and extended its functions. At some point, we realized that we created something much more than just application software designed for a well-defined scope of tasks: we created a system for building distributed applications with persistent storage. Our experience served as a basis for the new product, Tarantool Data Grid (TDG).

I want to talk about TDG architecture and the solutions that we worked out during the development. I will introduce the basic functions and show how our product could become the basis for building turnkey solutions.

Introduction

---

Every single one of us gives presentations from time to time. What can be difficult about creating a couple of slides with great UI and nice content, right? Well… not really actually. In real life, things may get difficult.

You want to cover the whole topic and give as much information as fits on a slide. Then you go to Google to find some awesome pictures, and finally, cover it all with some fancy animation. And here is where things start falling apart: how do you balance all this stuff?

Take our helping hand, as we are here to show you how to create a presentation with both perfect user experience and user interface. Let's find out how to create perfect UI & UX design in a presentation.

Open Graph protocol is a web standard originally developed by Facebook that turns any webpage into a graph object with title, description, image and so on. Even though there is no direct correlation between OG meta tags and improved SEO rankings, it still drives more traffic to your webpage by making it more “attractive” in social networks (Facebook, Twitter, Linkedin, etc).

An example of a link shared in Twitter that has «og:image» and «og:title».

Adding OG (and not only) meta tags into your React app

Without further due let’s jump into newly created React app with create-react-app and OG meta tags to /public/index.html. It should look like something like this:

<!DOCTYPE html>
<html>
   <head>
      <meta charSet="utf-8"/>
      <meta http-equiv="x-ua-compatible" content="ie=edge"/>
      <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
      <link rel="alternate" type="application/rss+xml" href="/rss.xml"/>
      <title>Awesome App</title>
      <meta property="og:title" content="Awesome app - the best app ever" />
      <meta property="og:type" content="website" />
      <meta property="og:image" content="https://picsum.photos/id/52/1200/600" />
      <meta property="og:description" content="Describe stuff here." />
      <meta property="og:url" content="yourawesomeapp.com" />
   </head>
   <body>
      <noscript>This app works best with JavaScript enabled.</noscript>
      <div id="root"></div>
   </body>
</html>

On October 7, 2019, Apple released a new version of its Mac operating system, macOS Catalina. Version 10.15 contains many changes and improvements. One of the significant is the complete phasing out of 32-bit applications. As a developer of such macOS apps, what can you do? That's right, port the app to the 64-bit platform. Will the application work properly from the first attempt? Perhaps, it's possible. Depends on the complexity and amount of the code. But most likely, developers will face a lot of non-obvious errors, which can previously detected using PVS-Studio.

Vue.js is a JavaScript library for building web interfaces. Combining with some other tools It also becomes a “framework”. Now, from our last blog, you already know that Vue.js is one of the top JavaScript frameworks and it is replacing Angular and React in many cases. This brings in the topic of this blog ‘Vue.js is good, but is it better than Angular or React?


In case you’ve never heard or used Vue.js before, you are probably thinking: Come on! yet another JavaScript framework! We get it. However, Vue.js is not new in the custom software development domain. It was first released in 2013 and now it has 130549 stars on Github and downloaded a number of times this year.

Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.

In Mail.ru Group, we have Tarantool, a Lua-based application server and a database united. It's fast and classy, but the resources of a single server are always limited. Vertical scaling is also not the panacea. That is why Tarantool has some tools for horizontal scaling, or the vshard module [1]. It allows you to spread data across multiple servers, but you'll have to tinker with it for a while to configure it and bolt on the business logic.

Good news: we got our share of bumps (for example, [2], [3]) and created another framework, which significantly simplifies the solution to this problem.

Тarantool Cartridge is the new framework for developing complex distributed systems. It allows you to concentrate on writing business logic instead of solving infrastructure problems. Under the cut, I will tell you how this framework works and how it could help in writing distributed services.

Hello, everyone. Today we have another Microsoft project on the check. By the title of this article, you can guess that this time developers didn't «please» us with a large number of errors. We hope the project's authors won't be offended by the title. After all, a small number of errors is great, isn't it? However, we still managed to find something intriguing in the Azure PowerShell code. We suggest getting to know the features of this project and checking out errors, found using the PVS-Studio C# analyzer.

It is a new selection of tips and tricks about Python and programming from my Telegram-channel @pythonetc.

← Previous publications

This is a new piece of our series of articles about using the PVS-Studio static analyzer with cloud CI systems. Today we are going to look at another service, CircleCI. We'll take the Kodi media player application as a test project and see if we can find any interesting bugs in its source code.

Sometimes we don’t understand how the regular expression that we have composed works and want to check. There are many applications like regex101.com or vs code. I wanted to add one more to this list.

In this article we will see how you can wrap Regex in cross-platform graphics and create a simple application for testing regular expressions.

Our support chats and some other indirect signs showed that there are many students among our free users. Here's the reason: PVS-Studio is now more often used by professors in courses related to software development. We are very pleased with this, and we decided to write this small article to fall under notice of other teachers. We are pleased that students become acquainted with the methodology of static code analysis in general and the PVS-Studio tool in particular. Our team will try to contribute to this trend.

Telegram Open Network (TON) is a platform by the same team that developed the Telegram messenger. In addition to the blockchain, TON provides a large set of services. The developers recently made the platform's code, which is written in C++, publicly available and uploaded it to GitHub. We decided to check the project before its official release.

What one gets easily and for free can be a real struggle for others — these are the thoughts every letter of the «Dobroshrift» [Kindness Font] evolves. It was developed for the World Cerebral Palsy Day with the participation of children with this diagnosis. So we decided to take part in this charity action and changed the website logo till the end of the day.

Microsoft researchers have developed an artificial intelligence (AI) system that has taught itself the intricacies of Mahjong and can now match the skills of some of the world’s top players.

The complex board game of chance, bluff, and strategy was invented in China thousands of years ago and remains a passionate pastime for millions of Asians today, with many dedicated competitors playing online.

Computers have learned to play Chess and another ancient Chinese game, Go, amid much fanfare in the past. But scientists at Microsoft Research (MSR) Asia see their achievement as far more than just a case of technology mastering yet another game.

The researchers – who named their system Super Phoenix, or Suphx for short – developed a series of AI algorithmic breakthroughs to navigate the uncertain nature of Mahjong. With more work, these could potentially be applied in real situations to solve problems thrown up by unknown factors and random events.