All streams

Wireshark Foundation released the final stable-version of the popular network traffic analyzer — Wireshark 3.0.0. The new release fixes several bugs, it is now possible to analyze the new protocols, apart from that the driver on Npcap WinPcap is replaced. Here is where quoting of the announcement ends and our note about bugs in the project starts off. The projects authors definitely haven't done their best in fixing bugs before the release.

Let's collect hotfixes right now to give a motive in doing a new release :).

Introduction

Wireshark is a well-known tool to capture and analyze network traffic. The program works with the vast majority of known protocols, has intuitive and logical graphical interface, an all-powerful system of filters. Wireshark is cross-platform, works in such OSs, as: Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many others.

To do the source code analysis, we used PVS-Studio static code analyzer. To analyze the source code, first we needed to compile the project in an OS. The choice was wide not only due to the cross platform nature of the project, but also because of that of the analyzer. I chose macOS for the analysis. You can also run the analyzer under Windows and Linux.

FreeRDP is an open-source implementation of the Remote Desktop Protocol (RDP), a proprietary protocol by Microsoft. The project supports multiple platforms, including Windows, Linux, macOS, and even iOS and Android. We chose it to be the first project analyzed with the static code analyzer PVS-Studio for a series of articles about the checks of RDP-clients.

Ten years ago, companies who wanted to create cross-platform projects would have to cooperate with different development teams and experts. However, 2009 has changed the game, because the developers from Nitobi (later purchased by Apache) presented Cordova – a fresh framework that was able to convert web applications into mobile systems. Linking the devices’ APIs via plugins, developers could access smartphones and tablets. Cordova is a JavaScript-based tech compatible with various platforms.

In this guide, we will review three more JS-driven systems, look at their unique features and compare them.

I often rail at technologies I find inadequate, and in response I receive (along with arguments) sheer anger and pain. Sometimes physical.

Developers take critique of their favorite technologies very personally for some reason. This “cult of the tool” is such a strange phenomenon I can’t explain it logically. Some say everyone’s prone to it, because a coder’s thinking processes intertwine very deeply with his programming language. Some say it’s a junior’s fallacy — you write something for the first time, it works, and you start treating your language like something divine.

Whatever it is, I never understood it.

I always considered cultists as imbeciles. But I always try to understand why imbeciles became them, why I’ve avoided that fate. I start thinking and bam! — it turned out I’m also an imbecile. I’m a cultist who worships F#. And, of course, there’s a story behind it.

Let’s find out how to make a simple enough laser projector out of electronics you can find at home.

Seems like everyone enjoyed the pilot episode, and we’re still sure that people “behind the scenes” can be as exciting as IT celebrities we all know and love. And maybe even more, because they talk about real problems and real solutions. This week we asked 10 questions to a person behind the development of Yandex.Maps for iOS.

The biggest issue with AI is not that it is stupid but a lack of definition for intelligence and hence a lack of formal measure for it [1a] [1b].

Turing test is not a good measure because gorilla Koko [2a] and bonobo Kanzi [2b] wouldn't pass though they could solve more problems than many disabled human beings.

It is quite possible that people in the future might wonder why people back in 2019 thought that an agent trained to play a fixed game in a simulated environment such as Go had any intelligence [3a] [3b] [3c] [3d] [3e] [3f] [3g] [3h].

Intelligence is more about applying/transferring old knowledge to new tasks (playing Quake Arena good enough without any training after mastering Doom) than compressing agent's experience into heuristics to predict a game score and determining agent's action in a given game state to maximize final score (playing Quake Arena good enough after million games after mastering Doom) [4].

Human intelligence is about ability to adapt to the physical/social world, and playing Go is a particular adaptation performed by human intelligence, and developing an algorithm to learn to play Go is a more performant one, and developing a mathematical theory of Go might be even more performant.

In 2017, the media heard a very interesting story about a startup that robotizes milking cows on industrial dairy farms. The company is called R-SEPT, and back then it received 10 million rubles of investment. But a year has passed, and there's still no news on what happened further. We contacted Aleksey Khakhunov (AlexeiHahunov), the founder of the startup, and discussed the development. It turns out that the whole year his team was getting the prototype of the robot into shape, and just a week ago they conducted their first field test on the farm.

Under the cut there's a story about a robotics student who grew up on his parents' farm, turned the University diploma into an industrial startup, as he collected the first manipulators with his friends, and then scaled up to the level of state programs for the robotization of agriculture. And the most important is how the iron hand of the robot and the machine vision are better than a living milkmaid.

Hi there, Habr!

Remember the story of Steve Jobs and Dennis Ritchie? Without any intention to rekindle the debates or moralize on the subject, let’s face the truth: thousands of stellar techies live in the shadow, while their own stories are hidden in a dusty cupboard.

We, the Habr editorial team, are keen to tackle this injustice. From now on, we will regularly interview people who keep a low profile in media and social networks. So if you have anything to tell about yourself, get ready.

To give you an idea of what this will look like, we will lead the way. Click below to see 10 general questions we will ask every guest. For our pilot episode, the first guest to answer the questions was fillpackart. (This month I’ve had several quite good interview sessions with him, see articles one, two, three). Please read them, and if you make up your mind on telling your own story in a similar way, just send me or baragol a message.

Hi Habr,

I'm Artyom Karamyshev, a system administration team leader at Mail.Ru Cloud Solutions (MCS). We launched many products in 2019. We've aimed to make API services easily scalable, fault-tolerant, and ready to accommodate rapid growth. Our platform is running on OpenStack, and in this article, I describe all the component fault tolerance issues that we've resolved.

The overall fault tolerance of the platform is consists of its components fault tolerance. So, I'm going to show you step by step tutorial about all levels where we've found the risks.

Hi! Though the 2019 conference season is not over yet, we'd like to talk about the bug-finding challenges we offered to visitors at our booth during the past conferences. Starting with the fall of 2019, we've been bringing a new set of challenges, so we can now reveal the solutions to the previous tasks of 2018 and the first half of 2019 – after all, many of them came from previously posted articles, and we had a link or QR code with information about the respective articles printed on our challenge leaflets.

Celestia is a three-dimensional space simulator. Simulation of the space allows exploring our universe in three dimensions. Celestia is available on Windows, Linux and macOS. The project is very small and PVS-Studio detected few defects in it. Despite this fact, we'd like to pay attention to it, as it's a popular educational project and it will be rather useful to somehow improve it. By the way, this program is used in popular films, series and programs for showing space. This fact, in turns, raises requirements to the code quality.

This is a second article, which focuses on usage of the PVS-Studio analyzer in cloud CI-systems. This time we'll consider the platform Azure DevOps — a cloud CI\CD solution from Microsoft. We'll be analyzing the ShareX project.

Apache Dubbo is one of the most popular Java projects on GitHub. It's not surprising. It was created 8 years ago and is widely applied as a high-performance RPC environment. Of course, most of the bugs in its code have long been fixed and the quality of the code is maintained at a high level. However, there is no reason to opt out of checking such an interesting project using the PVS-Studio static code analyzer. Let's see how it turned out.

TL;DR: starting February 2020, DNS servers that don’t support DNS both over UDP and TCP may stop working.

Bangkok, in general, is a strange place to stay. Of course, it is warm there, rather cheap and some might find the cuisine interesting, along with the fact that about half of the world’s population does not need to apply for a visa in advance to get there. However, you still need to get acquainted with the smells, and the city streets are casting cyberpunk scenes more than anything else.

In particular, a photo to the left has been taken not far from the center of Thailand’ capital city, one street away from the Shangri-La hotel, where the 30th DNS-OARC organization meeting took place on May 12 and 13. It is a non-profit organization dedicated to security, stability, and overall development of the DNS — the Domain Name System.

Slides from the DNS-OARC 30 meeting are recommended for everyone interested in how the DNS works, though perhaps the most interesting is what is absent in those slides. Namely, a 45-minute round table with a discussion around the results of DNS Flag Day 2019, which occurred on February, 1, 2019.

And, the most impressive result of a round table is the decision to repeat DNS Flag Day once again.

This is the next article of the series describing how we’re increasing our service availability in Citymobil (you can read the previous parts here and here). In further parts, I’ll talk about the accidents and outages in detail. But first let me highlight something I should’ve talked about in the first article but didn’t. I found out about it from my readers’ feedback. This article gives me a chance to fix this annoying shortcoming.

Русская версия этой статьи.
Modern PC motherboards' firmware follow UEFI specification since 2010. In 2013, a new technology called Secure Boot appeared, intended to prevent bootkits from being installed and run. Secure Boot prevents the execution of unsigned or untrusted program code (.efi programs and operating system boot loaders, additional hardware firmware like video card and network adapter OPROMs).
Secure Boot can be disabled on any retail motherboard, but a mandatory requirement for changing its state is physical presence of the user at the computer. It is necessary to enter UEFI settings when the computer boots, and only then it's possible to change Secure Boot settings.

Most motherboards include only Microsoft keys as trusted, which forces bootable software vendors to ask Microsoft to sign their bootloaders. This process include code audit procedure and justification for the need to sign their file with globally trusted key if they want the disk or USB flash to work in Secure Boot mode without adding their key on each computer manually.
Linux distributions, hypervisors, antivirus boot disks, computer recovery software authors all have to sign their bootloaders in Microsoft.

I wanted to make a bootable USB flash drive with various computer recovery software that would boot without disabling Secure Boot. Let's see how this can be achieved.

It has been three months since 2018 had ended. For many, it has just flew by, but for us, PVS-Studio developers, it was quite an eventful year. We were working up a sweat, fearlessly competing for spreading the word about static analysis and were searching for errors in open source projects, written in C, C++, C#, and Java languages. In this article, we gathered the top 10 most interesting of them right for you!

While working on the annual report this year we have decided to avoid retelling the news headlines of the previous year and, though it is almost impossible to ignore memories absolutely, we want to share with you the result of a clear thought and a strategic view to the point where we all are going to arrive in the nearest time — the present.

Leaving introduction words behind, here are our key findings:

• Average DDoS attack duration dropped to 2.5 hours;
• During 2018, the capability appeared for attacks at hundreds of gigabits-per-second within a country or region, bringing us to the verge of “quantum theory of bandwidth relativity”;
• The frequency of DDoS attacks continues to grow;
• The continuing growth of HTTPS-enabled (SSL) attacks;
• PC is dead: most of the legitimate traffic today comes from smartphones, which is a challenge for DDoS actors today and would be the next challenge for DDoS mitigation companies;
• BGP finally became an attack vector, 2 years later than we expected;
• DNS manipulation has become the most damaging attack vector;
• Other new amplification vectors are possible, like memcached & CoAP;
• There are no more “safe industries” that are invulnerable to cyberattacks of any kind.

In this article we have tried to cherry-pick all the most interesting parts of our report, though if you would like read the full version in English, the PDF is available.

Hi all!

Every person is using barcodes nowadays, mostly without noticing this. When we are buying the groceries in the store, their identifiers are getting from barcodes. Its also the same with goods in the warehouses, postal parcels and so on. But not so many people actually know, how it works.

What is 'inside' the barcode, and what is encoded on this image?



Lets figure it out, and also lets write our own bar decoder.