• Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

      This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
      Read more →
    • Introducing One Ring — an open-source pipeline for all your Spark applications

        If you utilize Apache Spark, you probably have a few applications that consume some data from external sources and produce some intermediate result, that is about to be consumed by some applications further down the processing chain, and so on until you get a final result.

        We suspect that because we have a similar pipeline with lots of processes like this one:

        A process flowchart with more than 50 applications and about 70 datasets
        Click here for a bit larger version

        Each rectangle is a Spark application with a set of their own execution parameters, and each arrow is an equally parametrized dataset (externally stored highlighted with a color; note the number of intermediate ones). This example is not the most complex of our processes, it’s fairly a simple one. And we don’t assemble such workflows manually, we generate them from Process Templates (outlined as groups on this flowchart).

        So here comes the One Ring, a Spark pipelining framework with very robust configuration abilities, which makes it easier to compose and execute a most complex Process as a single large Spark job.

        And we just made it open source. Perhaps, you’re interested in the details.

        We got you covered!
      • Blockchain Is Changing The Way Rail Industry Works


        Railways had made our transportation very easy since 1830 when the first railway began in England. From 1830 to 2020, the development in the railways has been quite significant. The concept of blockchain is expanding widely; hence the public interests are also growing on a vast scale. Major enthusiasts about blockchain are the investors and businessmen who wish for transparency and equity in the transaction. Now since blockchain is no more just a concept its application in railways is expected to smoothen the transportation.
        Read more →
      • Fast and effective work in command line

        • Translation

        There are a lot of command line tips and trics in the internet. Most of them discribe the trivials like "learn the hotkeys" or "sudo !! will run previous command with sudo". Instead of that, I will tell you what to do when you have already learned the hotkeys and know about sudo !!.

        Read more →
      • Hyper-V for Developers on Windows 10

          Hyper-V is more known as a server virtualization technology; however, since Windows 8, it is also available in the client operating system. In Windows 10, Microsoft improved the experience drastically to make Hyper-V an excellent solution for developers and IT Pros.
          Microsoft Hyper-V, codenamed Viridian, is a native (type 1) hypervisor that directly runs on the hardware, compared to VMware Workstation, VirtualBox, and other type 2 or hosted hypervisors. It was first released in Windows Server 2008, and it allows you to run virtual machines on x86-64 systems.

          As mentioned, with Windows 10, Microsoft optimized Hyper-V for developers. Hyper-V allows developers to quickly spin up development virtual machines on Windows 10 with excellent performance, but it is also used in a couple of other development features as a back-end technology, like the Android Emulator, the Windows Subsystem for Linux 2 or Docker Containers. In this article, we will have a quick look at what Hyper-V on Windows 10 can over for developers.
          Read more →
        • Announcing the preview of Azure Spot Virtual Machines

            We’re announcing the preview of Azure Spot Virtual Machines. Azure Spot Virtual Machines provide access to unused Azure compute capacity at deep discounts. Spot pricing is available on single Virtual Machines in addition to Virtual Machine Scale Sets (VMSS). This enables you to deploy a broader variety of workloads on Azure while enjoying access to discounted pricing. Spot Virtual Machines offer the same characteristics as a pay-as-you-go Virtual Machines, with differences in pricing and evictions. Spot Virtual Machines can be evicted anytime if Azure needs capacity.

            The workloads that are ideally suited to run on Spot Virtual Machines include, but are not necessarily limited to, the following:

            • Batch jobs.
            • Workloads that can sustain and/or recover from interruptions.
            • Development and test.
            • Stateless applications that can use Spot Virtual Machines to scale out, opportunistically saving cost.
            • Short-lived jobs which can easily be run again if the Virtual Machine is evicted.

            Read more →
          • Chronicle of Rambler Group and Nginx confrontation (updated on 23 Dec, 12 p.m.)

            • Translation

            On December 12, it became known from Nginx's employee Twitter that the company's office was searched due to the criminal case under Article 146 of the Criminal Code of the Russian Federation 'Violation of Author's and Neighboring Rights'. The claim belong to Rambler Group was, although formally the complaintant is Lynwood Investments CY Ltd, to which the rights were transferred. The last-mentioned is related to the co-owner of Rambler Group, Alexander Mamut.

            The point of the claim: Igor started working on Nginx as an employee of Rambler and only after the tool became popular he founded a separate company and attracted investments.

            Here is how the events unfolded.
            Read more →
          • AdBlock has stolen the banner, but banners are not teeth — they will be back

          • Deploying Tarantool Cartridge applications with zero effort (Part 1)

              We have already presented Tarantool Cartridge that allows you to develop and pack distributed applications. Now let's learn how to deploy and control these applications. No panic, it's all under control! We have brought together all the best practices of working with Tarantool Cartridge and wrote an Ansible role, which will deploy the package to servers, start and join instances into replica sets, configure authorization, bootstrap vshard, enable automatic failover and patch cluster configuration.

              Interesting, huh? Dive in, check details under the cut.
              Read more →
            • Entropic force, transfer of information and a device for a radical fight against viruses on this basis


              Even people far from physics know that the maximum possible data rate of any signal is equal to the speed of light in a vacuum. It is indicated by the letter «c», and it is almost 300 thousand kilometers per second. The speed of light in a vacuum is one of the fundamental physical constants. The impossibility of achieving speeds exceeding the speed of light in three-dimensional space is a conclusion from Einstein's Special Theory of Relativity (SRT).

              Usually, when claiming that STO prohibits the transmission of the information above the speed of light, an implicit assumption is made that there is no longer any other way than to “attach information” to a photon and transmit it. However, there is another way, which does not contradict, but «circumvents» the prohibition of SRT. The well-known physical hypothesis — the holographic principle (a tool of theoretical physics that is widely used today) indicates an interesting fact: “Phenomena that occur in three-dimensional space can be projected onto a remote “screen ” without losing information” — Leonard Susskind

              “Without information loss” means that a speculative projection operation is not required if we understand that our information Universe really exists only on a 2D surface of a holographic horizon (screen) with a single time coordinate, and the fundamental laws of physics are a natural way of encoding information with losses.
              Read more →
            • Nginx's office is being searched due to Rambler Group's lawsuit. The complaintant press service confirmed the suit

              • Translation
              According to one of the employees Nginx's Moscow office is being searched due to the criminal case brought by Rambler Group (the official response of the company's press office to this issue and confirmation of claims against Nginx is below). The photo of the search warrant is provided as the evidence of the criminal case initiated on December 4, 2019 under Article 146 of the Criminal Code of the Russian Federation 'Violation of Author's and Neighboring Rights'.

              Nginx search warrant

              It is assumed the complaintant is Rambler, and the defendant is still an 'unidentified group of persons', and in the long run — the founder of Nginx, Igor Sysoyev.

              The point of the claim: Igor started working on Nginx as an employee of Rambler and only after the tool became popular he founded a separate company and attracted investments.

              It is not clear why Rambler revised its 'property' only 15 years later.
              Read more →
              • +78
              • 16.2k
              • 5
            • Learn Azure in a Month of Lunches — our new free e-book

                More than 100 Azure services offer everything you need to build and run your applications with all the performance, redundancy, security, and scale that the cloud has to offer. But knowing where to begin with all these services can seem overwhelming. 

                Read this e-book to build your cloud computing skills quickly and efficiently. You’ll be productive immediately, and when you finish, you’ll be well on your way to Azure mastery. 

                Learn more below.

                Read more →
              • How to Write a Smart Contract with Python on Ontology? Part 5: Native API

                • Tutorial

                In the previous Python tutorial posts, I have introduced the Ontology Smart Contract in
                Part 1: Blockchain & Block API and
                Part 2: Storage API
                Part 3: Runtime API
                Part 4: Native API and described how to use smart contracts for ONT / ONG transfer.

                Today we will talk about how to use Upgrade API to upgrade smart contract. There are 2 APIs: Destroy and Migrate.
                Read more →
              • Windows Terminal Preview v0.7 Release

                  Another release is out for the Windows Terminal preview! This release is labeled as v0.7 in the About section of the Terminal. As always, you can download the Terminal from the Microsoft Store and from the GitHub releases page. Here’s what’s new in this release:

                  Windows Terminal Updates


                  You are now able to split your Terminal window into multiple panes! This allows you to have multiple command prompts open at the same time within the same tab.

                  Note: At the moment, you’re only able to open your default profile within a new pane. Opening a profile of your choice is an option we’re planning to include in a future release!

                  Read more below.
                  Read more →
                • Huawei Cloud: It's Cloudy in PVS-Studio Today

                    Picture 2

                    Nowadays everyone knows about cloud services. Many companies have cracked this market segment and created their own cloud services of various purposes. Recently our team has also been interested in these services in terms of integrating the PVS-Studio code analyzer into them. Chances are, our regular readers have already guessed what type of project we will check this time. The choice fell on the code of Huawei cloud services.
                    Read more →
                  • Install Powershell Module from Github Repository

                    Hi there!

                    The latest years Powershell started expansion to other platforms and now works on Windows, Linux, and MacOS (I even managed to start it on raspberry Pi Debian distro).

                    And nowadays the main way for installing modules is PowerShell Gallery but in some situations, it still convenient to install modules directly from the source (the main reason — the main PowerShell modules repo configured to MyGet or NugetServer).

                    And it can be painful to install Module from GitHub — you should download archive, find modules folder extract archive content and then copy module folder to the Powershell Profile directory.

                    Moreover — people like me don't want to create a separate repository for each module (yes, I like the Release-Flow approach) so download and extract only the modules you are like -it even more difficult.
                    Read more →
                  • Cool WSL (Windows Subsystem for Linux) tips and tricks

                      It's no secret I dig WSL (Windows Subsystem for Linux) and now that WSL2 is available in Windows Insiders Slow it's a great time to really explore the options that are available. What I'm finding is so interesting about WSL and how it relates to the Windows system around it is how you can cleanly move data between worlds. This isn't an experience you can easily have with full virtual machines, and it speaks to the tight integration of Linux and Windows.

                      Look at all this cool stuff you can do when you mix your peanut butter and chocolate!

                      Read more →
                    • PVS-Studio in the Clouds: GitLab CI/CD

                        Рисунок 2

                        This article continues the series of publications on usage of PVS-Studio in cloud systems. This time we'll look at the way the analyzer works along with GitLab CI, which is a product made by GitLab Inc. Static analyzer integration in a CI system allows detecting bugs right after the project build and is a highly effective way to reduce the cost of finding bugs.
                        Read more →
                      • Down the Rabbit Hole: A Story of One varnishreload Error — part 1

                          After hitting the keyboard buttons for the past 20 minutes, as if he was typing for his life, ghostinushanka turns to me with a half-mad look in his eyes and a sly smile, “Dude, I think I got it.

                          Look at this” — as he points to one of the characters on screen — “I bet my red hat that if we add what I’ve just sent you here” — as he points to another place in the code — “there will be no error anymore.”
                          Slightly puzzled and tired I modify the sed expression we’ve been figuring out for some time now, save the file and run systemctl varnish reload. Error message gone…

                          “Those emails I’ve exchanged with the candidate,” my colleague continues, as his smile changes to a wide and genuine grin, “It suddenly struck me that this is the very same exact problem!”

                          Read more →
                        • Apply Nix-Shell environment in Visual Studio Code

                          • Tutorial

                          A lot of developers faced a problem with packages hell on their workstation. After a couple of months with experiments, including different languages and toolchains, I installed Elixir, Haskell-stack, Node.js/NVM, and other various stuff. Most exciting things happen when you need different versions of the same package for different projects. Humanity already invented a different solution for creating an isolated environment and switch them when needed. We are using NVM to manage Node.js versions, Python Virtual Env for selecting Python stuff versions or Docker for creating OS inside an OS. But none of the solutions satisfy all my requirements for the isolated development environment.
                          Read more →