Development

Hello reader. Quite a lot of time has passed since the release of .NET Core 2.1. And such cool innovations as Span and Memory are already widely known, you can read, see and hear a lot about them. However, unfortunately, library called System.IO.Pipeslines did not receive the same attention. Almost everything there is on this topic is the only post that have been translated and copied on many resources. There should be more information about that technology to look on it from different angles.

Image credit: Unsplash

Virtual Private Networks (VPNs) are very good tools for online enhancement, censorship avoidance, anonymous file sharing, and more. But nowadays there are literally hundreds of such services, so it may be a bit tricky to pick the one that will suit you. Today we will share three practical tips that will help to solve this task.

Magento

Magento is an open-source PHP based platform for building e-commerce solutions. Built by the Magento company (now part of Adobe), it is used by over 350,000 developers all over the world. It enables the creation of highly customizable digital storefronts for Business-to-Customer and Business-to-Business purposes. Magento 2, the transformed version of the Magento E-commerce Platform, comes with brand new architecture, coding structure, and database design.

a) General overview

Magento’s platform is built upon PHP and MySQL. During its lifetime of 10 years (the version 1.0 released in March 2008 and the version 2.0 in November 2015, it has undergone changes in terms of structure and development patterns and is now in its second major version, Magento 2.

Magento’s structure is comprised of two main parts, one being the back-end, with the database and MySQL, and Model, Data and Service interfaces, as can be seen in figure 3. These are directly connected and used in Magento’s Blocks, Layouts, and Templates, which would be defined as the front-end of the application.

This is an English-language summary of two absolutely outstanding articles written by Vitaliy Malkin from «Informzashita» whose team, True0xA3, became the winners of the prestigious black hat competition The Standoff during Positive Hack Days 9 in May of 2019.

Vitaliy has published three detailed articles on Habr, two of which were dedicated to the description of the strategies that True0xA3 team used before and during the competition to secure this team the title of the winners. I felt that the only thing that those two articles were lacking was a summary in English so that a wider audience of readers could enjoy them. So, below is the summary of two articles by Vitaliy Malkin, together with images Vitaliy published to clarify his points. Vitaliy has OKed me doing the translation and publishing it.

Generalized async return types — it is a new C#7 feature that allows using not only Task as a return type of async methods but also other types (classes or structures) that satisfy some specific requirements.

At the same time, async/await is a way to call a set of "continuation" functions inside some context which is an essence of another design pattern — Monad. So, can we use async/await to write a code which will behave in the same way like if we used monads? It turns out that — yes (with some reservations). For example, the code below is compilable and working:

async Task Main()
{
  foreach (var s in new[] { "1,2", "3,7,1", null, "1" })
  {
      var res = await Sum(s).GetMaybeResult();
      Console.WriteLine(res.IsNothing ? "Nothing" : res.GetValue().ToString());
  }
  // 3, 11, Nothing, Nothing
}

async Maybe<int> Sum(string input)
{
    var args = await Split(input);//No result checking
    var result = 0;
    foreach (var arg in args)
        result += await Parse(arg);//No result checking
    return result;
}

Maybe<string[]> Split(string str)
{
  var parts = str?.Split(',').Where(s=>!string.IsNullOrWhiteSpace(s)).ToArray();
  return parts == null || parts.Length < 2 ? Maybe<string[]>.Nothing() : parts;
}

Maybe<int> Parse(string str)
    => int.TryParse(str, out var result) ? result : Maybe<int>.Nothing();

Further, I will explain how the code works...

Using VS Code Remote and the Windows Subsystem for Linux (WSL) gives you a fully featured Linux development environment on a Windows laptop or desktop. Let’s look at how using these tools will completely change how you develop with Linux tools in Windows.

This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

Beginning with C# 8.0 on .NET Core 3.0, you can define an implementation when you declare a member of an interface. The most common scenario is to safely add members to an interface already released and used by innumerable clients.

In this tutorial, you'll learn how to:

• Extend interfaces safely by adding methods with implementations.
• Create parameterized implementations to provide greater flexibility.
• Enable implementers to provide a more specific implementation in the form of an override.

It's extremely befuddling when it comes to choosing between two libraries and frameworks, especially when they are almost similar to each other.

I faced the same situation recently when I had to choose one from Angular vs KnockoutJS. The most perplexing part of the two is Angular is a JavaScript-based open-source front-end web development framework while Knockout is a library.

So, the selection is a bit complex task and, as I had to, you might need to go through a systematic and understand the two technologies or web development framework thoroughly.



So, you need to begin following the one-by-one method.

What is Framework?

A framework is a model on which you have to build your home. It is having a collection of blueprints which from which it choose the right one for you. In short, the framework is in charge of the flow and it chooses when and how to go.

What is the Library?

The library is like going to a furniture house to get some furniture for your home. Here you are in charge of the flow and you decide when to call the code.

Overview of Angular and KnockoutJS

Uber, as we know, operates only in 650 cities and remains the best among all taxi apps. But have you ever imagined about other cities and their demand for taxi applications? If you did, you would have certainly come across a few regional apps like Ola, Didi Chuxing, Japan Taxi, etc. These apps are focused on fulfilling the demands of locals; and in that way, they have succeeded and generated revenue tremendously. If you search for the reason behind the success of these apps, it inevitably ends up in the kind of service it provides its customers. So, it all depends on how well you bestow your service (whether you focus regionally or globally).

In 2019, things are going to shake up particularly with regards to in-app purchases and the best approach. In the event that you are eyeing to procure great income from these administrations, at that point you should look at the tips underneath.

Introduce Timely Discounts

Given the relentless challenge in the Mobile app world, it is significant that you venture up your game. One of the techniques that you can actualize is having constrained time offers. In doing this, you get the chance to publicity the item or administrations among versatile app clients. The time factor is likewise vital as you don't wish to overstretch the markdown offers.

Besides, you have to bring on board mastery to enable you to think in transit forward with regards to the limits. Keep in mind, you should be strategic in request to gain more income and clients.

Adventure into Partnerships

It is anything but difficult to fly solo with regards to Mobile apps however you can't neglect the need accomplices. As you advance your items and administrations, it is significant that liaise with substances that can support your incomes.

In any case, picking the best corporate to connect with is no stroll in the recreation center. You will be required to investigate how their items/administrations can enable you to manufacture your image. Under this, you may have joint effort between an application for wearable emergency clinic gadgets and social insurance association. The outcome will be an increase in the number of clients accessing the in-app purchases.

Besides this, you may pick to package together at least two items under your image when pushing the in-app purchases.

Some days ago the Windows team announced the May 2019 Update for Windows 10. In this post we’re going to look at what we, the Python team, have done to make Python easier to install on Windows by helping the community publish to the Microsoft Store and, in collaboration with Windows, adding a default “python.exe” command to help find it. You may have already heard about these on the Python Bytes podcast, at PyCon US, or through Twitter.

This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

Testing is an important part of the development process. And sometimes developers need to run tests locally, before committing changes.

If your application uses Amazon Web Services, python library moto is the perfect thing for that.

I guess one of the most important issues in this topic is building an exception handling architecture in your application. This is interesting for many reasons. And the main reason, I think, is an apparent simplicity, which you don’t always know what to do with. All the basic constructs such as IEnumerable, IDisposable, IObservable, etc. have this property and use it everywhere. On the one hand, their simplicity tempts to use these constructs in different situations. On the other hand, they are full of traps which you might not get out. It is possible that looking at the amount of information we will cover you’ve got a question: what is so special about exceptional situations?

However, to make conclusions about building the architecture of exception classes we should learn some details about their classification. Because before building a system of types that would be clear for the user of code, a programmer should determine when to choose the type of error and when to catch or skip exceptions. So, let’s classify the exceptional situations (not the types of exceptions) based on various features.

Today, we are happy to announce the release of all Xamarin API Documentation as Open Source! API documentation drives the IntelliSense experience while being one of the best ways to help developers achieve their goals.

Xamarin API Docs

Additionally, we have also moved the hosting of the following from their old Xamarin home to docs.microsoft.com:

• Xamarin.Forms
• Xamarin.Android
• Xamarin.iOS & Xamarin.Mac
• SkiaSharp

Introduction

At the end of March we reported on the hidden potential to download and run unverified code in UC Browser. Today we will examine in detail how it happens and how hackers can use it.

Some time ago, UC Browser was promoted and distributed quite aggressively. It was installed on devices by malware, distributed via websites under the guise of video files (i.e., users thought they were downloading pornography or something, but instead were getting APK files with this browser), advertised using worrisome banners about a user’s browser being outdated or vulnerable. The official UC Browser VK group had a topic where users could complain about false advertising and many users provided examples. In 2016, there was even a commercial in Russian (yes, a commercial of a browser that blocks commercials).

As we write this article, UC Browser was installed 500,000,000 times from Google Play. This is impressive since only Google Chrome managed to top that. Among the reviews, you can see a lot of user complaints about advertising and being redirected to other applications on Google Play. This was the reason for our study: we wanted to see if UC Browser is doing something wrong. And it is! The application is able to download and run executable code, which violates Google Play’s policy for app publishing . And UC Browser doesn’t only download executable code; it does this unsafely, which can be used for a MitM attack. Let's see if we can use it this way.

Ever since we announced Template IntelliSense, you all have given us great suggestions. One very popular suggestion was to have the Template Bar auto-populate candidates based on instantiations in your code. In Visual Studio 2019 version 16.1 Preview 2, we’ve added this functionality via an “Add All Existing Instantiations” option in the Template Bar dropdown menu. The following examples are from the SuperTux codebase. 

This week we issue a really huge selection of all the essential news you might have missed on Front-end development. Make sure to check the latest updates on CSS, HTML, and JavaScript.

---

For Educational Purposes Only! Intended for Hackers Penetration testers.

---

Issue

The algorithm HS256 uses the secret key to sign and verify each message. The algorithm RS256 uses the private key to sign the message and uses the public key for authentication.

If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature. Asymmetric Cipher Algorithm => Symmetric Cipher Algorithm.

Because the public key can sometimes be obtained by the attacker, the attacker can modify the algorithm in the header to HS256 and then use the RSA public key to sign the data.
The backend code uses the RSA public key + HS256 algorithm for signature verification.

Example

Vulnerability appear when client side validation looks like this:

const decoded = jwt.verify(
   token,
   publickRSAKey,
   { algorithms: ['HS256'  , 'RS256'] }          //accepted both algorithms 
)

Lets assume we have initial token like presented below and " => " will explain modification that attacker can make:

//header 
{
alg: 'RS256'                         =>  'HS256'
}
//payload
{
sub: '123',
name: 'Oleh Khomaik',
admin: 'false'                       => 'true'
}

The backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature.