You are here

Technology

Hands-on with GatsbyJS

Info World - Thu, 01/13/2022 - 04:00

Somewhere between using a WYSIWYG editor like Wix and building your own stack from the ground up with something like Webpack is using a framework like Gatsby.

Gatsby is better known as a static site generator, though it also competes with full-blown full-stack, server-side rendering frameworks like Next.js and SvelteKit. Gatsby takes pains to make the development experience friendly and easy, while delivering essential website features like modern blur-up images out-of-the-box.

To read this article in full, please click here

Categories: Technology

The Linux Link Tech Show Episode 938

The Linux Link Tech Show - Wed, 01/12/2022 - 19:30
let Joel tell you how to pop a tent over docker
Categories: Podcasts, Technology

Firefox 96 enhances CSS, Canvas support for developers

Info World - Wed, 01/12/2022 - 04:00

Mozilla has released Firefox 96, an update to the browser that provides support for new CSS properties and functions, and adds image encoder support for the WebP format to the Canvas API.

Firefox 96 was published to release channel users on January 11. For CSS, Firefox now supports the color-scheme property, which allows an element to indicate which color schemes in which it can be comfortably rendered. Also, the counter-reset property now supports the reversed() function for building reversed CSS counters, which are intended for numbering elements in descending order. The reversed() functon can be used with the list-item counter to number ordered lists in reverse order.

To read this article in full, please click here

Categories: Technology

What is Web3? A new decentralized web, or the latest marketing buzzword

Info World - Wed, 01/12/2022 - 04:00

Web3, as envisioned by the Web3 Foundation, will be a public internet where data and content are registered on blockchains, tokenized, or managed and accessed on peer-to-peer distributed networks.

Web3 promises to be a decentralized, immutable version of the web, free of intermediaries and built with the same cryptographic verifiability that has given rise to cryptocurrencies, non-fungible tokens (NFTs), and new types of decentralized applications underpinned by a distributed ledger, or Dapps.

To read this article in full, please click here

Categories: Technology

Understanding Azure HPC

Info World - Wed, 01/12/2022 - 04:00

Way back when, so the story goes, someone said we’d only need five computers for the whole world. It’s quite easy to argue that Azure, Amazon Web Services, Google Cloud Platform, and the like are all implementations of a massively scalable compute cluster, with each server and each data center another component that adds up to build a huge, planetary-scale computer. In fact, many of the technologies that power our clouds were originally developed to build and run supercomputers using off-the-shelf commodity hardware.

Why not take advantage of the cloud to build, deploy, and run HPC (high-performance computing) systems that exist for only as long as we need them to solve problems? You can think of clouds in much the same way the filmmakers at Weta Digital thought about their render farms, server rooms of hardware built out to be ready to deliver the CGI effects for films like King Kong and The Hobbit. The equipment doubled as a temporary supercomputer for the New Zealand government while waiting to be used for filmmaking.

To read this article in full, please click here

Categories: Technology

Get started with generics in Go

Info World - Wed, 01/12/2022 - 04:00

Many programming languages have the concept of generic functions — code that can elegantly accept one of a range of types without needing to be specialized for each one, as long as those types all implement certain behaviors.

Generics are big time-savers. If you have a generic function for, say, returning the sum of a collection of objects, you don’t need to write a different implementation for each type of object, as long as any of the types in question supports adding.

[ Tune into Dev with Serdar to get Go coding tips from InfoWorld’s Serdar Yegulalp in 5 minutes or less ]

When the Go language was first introduced, it did not have the concept of generics, as C++, Java, C#, Rust, and many other languages do. The closest thing Go had to generics was the concept of the interface, which allows different types to be treated the same as long as they support a certain set of behaviors.

To read this article in full, please click here

Categories: Technology

SN 853: URL Parsing Vulnerabilities - US CISA on Log4J, WordPress Security Update, What Is a Pluton

Security Now - Tue, 01/11/2022 - 19:00
  • Picture of the Week.
  • The US CISA Log4J status update.
  • The H2 Database Console vulnerability.
  • The Federal Trade Commission gets into the act!
  • Chrome fixed 37 known problems last week.
  • The Privacy-first Brave browser.
  • WordPress 5.8.3 security update.
  • What, exactly, is a "Pluton"?
  • The first of Dennis Taylor's three Bobiverse novels.
  • SpinRite.
  • URL Parsing Vulnerabilities.
We invite you to read our show notes at https://www.grc.com/sn/SN-853-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Podcasts, Technology

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security - Tue, 01/11/2022 - 15:18

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user.

By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “HTTP Protocol Stack.” Microsoft says the flaw affects Windows 10 and Windows 11, as well as Server 2019 and Server 2022.

“While this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “Test and deploy this patch quickly.”

Quickly indeed. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online.

Microsoft also fixed three more remote code execution flaws in Exchange Server, a technology that hundreds of thousands of organizations worldwide use to manage their email. Exchange flaws are a major target of malicious hackers. Almost a year ago, hundreds of thousands of Exchange servers worldwide were compromised by malware after attackers started mass-exploiting four zero-day flaws in Exchange.

Microsoft says the limiting factor with these three newly found Exchange flaws is that an attacker would need to be tied to the target’s network somehow to exploit them. But Satnam Narang at Tenable notes Microsoft has labeled all three Exchange flaws as “exploitation more likely.”

“One of the flaws, CVE-2022-21846, was disclosed to Microsoft by the National Security Agency,” Narang said. “Despite the rating, Microsoft notes the attack vector is adjacent, meaning exploitation will require more legwork for an attacker, unlike the ProxyLogon and ProxyShell vulnerabilities which were remotely exploitable.”

Security firm Rapid7 points out that roughly a quarter of the security updates this month address vulnerabilities in Microsoft’s Edge browser via Chromium.

“None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today,” Rapid7’s Greg Wiseman said. “This includes two Remote Code Execution vulnerabilities affecting open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.”

Wiseman said slightly less scary than the HTTP Protocol Stack vulnerability is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server.

“Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website,” he said. “Thankfully the Windows preview pane is not a vector for this attack.”

Other patches include fixes for .NET Framework, Microsoft Dynamics, Windows Hyper-V, Windows Defender, and the Windows Remote Desktop Protocol (RDP). As usual, the SANS Internet Storm Center has a per-patch breakdown by severity and impact.

Standard disclaimer: Before you update Windows, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

Categories: Technology, Virus Info

Microsoft .NET MAUI Preview 11 updates Windows UI styling

Info World - Tue, 01/11/2022 - 10:39

Preview 11 of Microsoft’s .NET MAUI (Multi-platform App UI), a cross-platform development framework for creating native mobile and desktop applications, has arrived, bringing introductory support for Windows 11 UI styling and support for multi-window applications.

An evolution of Xamarin.Forms, .NET MAUI allows .NET developers to build native apps for iOS, Android, MacOS, and Windows with C# and XAML. The latest preview, which was unveiled January 5, runs on the latest preview of .NET and is available with Visual Studio 2022 17.1 Preview 2 on Windows.

To read this article in full, please click here

Categories: Technology

Maybe cloud migration needs more than six Rs

Info World - Tue, 01/11/2022 - 04:00

The six Rs of cloud migration (retire, retain, replace, rehost, re-platform, and refactor), have been a staple for many years. I’m not sure where they came from, but you’ll find them listed in one form or another on many cloud migration project slides.

The reason for the six Rs is simple. We have workloads, which are typically applications and coupled data not running on a cloud, and we’re looking to place them into categories as to what will be done with them in the future, in the cloud or not. Here’s the short explanation of the six Rs:

[ Also on InfoWorld: Which multicloud architecture will win out? ]
  • Retire: Remove a workload entirely or end of life it.
  • Retain: Keep it where it is.
  • Replace: Find SaaS systems or other analogs for the workload.
  • Rehost: Lift and shift it, or just move it to the cloud with few or no modifications. For example, move from Linux on premises to Linux in the cloud. I see this differently than refactoring, in that we’re just changing an application so it runs well on a cloud platform and not specifically leveraging cloud-native services.
  • Re-platform: If we can’t find platform analogs on the target cloud, we move to a new platform, such as Linux to Windows. Sometimes new databases and other platforms change as well. Thus, the workload needs to be modified to accommodate the new platform, but we’re not leveraging cloud-native services.
  • Refactor: Heavily modify (re-code) the workloads to take advantage of cloud-native features such as cloud security, governance, monitoring, auditing, etc.

Of course, just to confuse things, I’ve seen the six Rs with different terms (such as “repurchase” instead of “replace”) or even different definitions of the Rs. So, don’t get on me if what you’re using does not match the above exactly. For our purposes it really does not matter. 

To read this article in full, please click here

Categories: Technology

All roads lead to hyperautomation in 2022

Info World - Tue, 01/11/2022 - 04:00

As the effects of the pandemic spur digital transformation across all industries, we will continue to see businesses drive toward more integration, automation, and innovation. Specifically, companies that will be leaders in their spaces will embrace new tools and restructure how they leverage technology to stay competitive.

In a world where the employee experience is now as paramount as the customer experience, the evolving digital workspace will remain in the spotlight. Below are my four predictions for what we’ll see in 2022 from the business and technology worlds.

[ Also on InfoWorld: How to choose a low-code development platform ] iPaaS will become more than integration in the cloud

The companies that win the future will be those that solve end-to-end business problems for their customers with a well-integrated suite of products. This includes providing iPaaS capabilities, but also exposing APIs so they can build mobile, web, and conversational applications that allow them to automate tasks using their already-existing apps. Along these lines, building integrations with low-code solutions will eventually be replaced by having a conversation with a chatbot, essentially detailing the business need in order to build the appropriate application.

To read this article in full, please click here

Categories: Technology

Multicloud and your career

Info World - Mon, 01/10/2022 - 04:00

There are good reasons to embrace bad strategy. Yes, I’m talking about multicloud. No, I’m not talking about it the way you may be thinking.

It makes sense for an ISV (like MongoDB, where I work) to ensure its service runs across all major clouds. Why? Enterprise buyers, even if they try to standardize on a single cloud vendor, are going to run different cloud services across different providers. It’s just the way enterprise IT works. Always.

[ Also on InfoWorld: The 18 highest paying developer roles in 2021 ]

But let’s scrap the vendorspeak. I’m talking about multicloud and you. I’m talking about how you grow your career by speaking multiple cloud “languages.”

To read this article in full, please click here

Categories: Technology

5 questions to consider about agile capacity planning

Info World - Mon, 01/10/2022 - 04:00

The Agile Manifesto values “individuals and interactions over processes and tools.” One of the signers’ key principles is, “The best architectures, requirements, and designs emerge from self-organizing teams.” I agree with these principles but am pragmatic about what self-organizing teams should be in practice and how much decision-making authority helps teams achieve their best results.

For example, empowering a team to select their ideal architecture and design may optimize the team’s performance, but 20 teams managing independent architectures is highly problematic for the organization.

To read this article in full, please click here

Categories: Technology

16 irresistible cloud innovations

Info World - Mon, 01/10/2022 - 04:00

When we think of the public cloud, often the first consideration that comes to mind is financial: Moving workloads from near-capacity data centers to the cloud reduces capital expenditures (CapEx) but increases operating expenditures (OpEx). That may or may not be attractive to the CFO, but it isn’t exactly catnip for developers, operations, or those who combine the two as devops.

Tech Spotlight:
Hybrid Cloud

For these people, cloud computing offers many opportunities that simply aren’t available when new software services require the purchase of new server hardware or enterprise software suites. What takes six months to deploy on-premises can sometimes take 10 minutes in the cloud. What requires signatures from three levels of management to create on-prem can be charged to a credit card in the cloud.

To read this article in full, please click here

Categories: Technology

The cloud comes down to earth

Info World - Mon, 01/10/2022 - 04:00
An ever-expanding universe of cloud platforms, services, and applications have become fundamental to business and IT operations.
Categories: Technology

TWiT 857: New World Disorder - The future of finance, Web3, NASA Webb Telescope, synthetic biology, CES 2022

This week in tech - Sun, 01/09/2022 - 20:25

The future of finance, Web3, NASA Webb Telescope, synthetic biology, CES 2022

  • Amy introduces the Futurist episode.
  • The Future Today Institute's 14th Annual Tech Trends Report.
  • Moxie Marlinspike - My first impressions of web3.
  • Jack Dorsey says VCs really own Web3 (and Web3 boosters are pretty mad about it).
  • Chris Dixon and Naval Ravikant — The Wonders of Web3, How to Pick the Right Hill to - Climb, Finding the Right Amount of Crypto Regulation, Friends with Benefits, and the Untapped Potential of NFTs.
  • The rise of the alt-coins.
  • Oh look, it's a Tesla traffic jam in Las Vegas' Boring Company tunnel.
  • NASA's Webb Telescope Reaches Major Milestone as Mirror Unfolds.
  • CES attendance down more than 75%, organizers say.
  • LG Display brought a reclining curved OLED throne to CES this year.
  • Change your car's colour with an app: BMW unveils color-changing car.
  • CES 2022: The humanoid robot, Ameca, revealed at CES show.
  • Abbott tells CES it's getting into consumer biowearables.
  • The Genesis Machine: Our Quest to Rewrite Life in the Age of Synthetic Biology by Amy Webb.

Host: Leo Laporte

Guests: Amy Webb and Fr. Robert Ballecer, SJ

Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Sponsors:

Categories: Podcasts, Technology

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security - Sat, 01/08/2022 - 11:05

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Avira Crypto

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360.

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.

Like Norton 360, Avira comes with a cryptominer already installed, but customers have to opt in to using the service that powers it. Avira’s FAQ on its cryptomining service is somewhat sparse. For example, it doesn’t specify how much NortonLifeLock gets out of the deal (NortonLifeLock keeps 15 percent of any cryptocurrency mined by Norton Crypto).

“Avira Crypto allows you to use your computer’s idle time to mine the cryptocurrency Ethereum (ETH),” the FAQ explains. “Since cryptomining requires a high level of processing power, it is not suitable for users with an average computer. Even with compatible hardware, mining cryptocurrencies on your own can be less rewarding. Your best option is to join a mining pool that shares their computer power to improve their chance of mining cryptocurrency. The rewards are then distributed evenly to all members in the pool.”

NortonLifeLock hasn’t yet responded to requests for comment, so it’s unclear whether Avira uses the same cryptomining code as Norton Crypto. But there are clues that suggest that’s the case. NortonLifeLock announced Avira Crypto in late October 2021, but multiple other antivirus products have flagged Avira’s installer as malicious or unsafe for including a cryptominer as far back as Sept. 9, 2021.

Avira was detected as potentially unsafe for including a cryptominer back in Sept. 2021. Image: Virustotal.com.

The above screenshot was taken on Virustotal.com, a service owned by Google that scans submitted files against dozens of antivirus products. The detection report pictured was found by searching Virustotal for “ANvOptimusEnablementCuda,” a function included in the Norton Crypto mining component “Ncrypt.exe.”

Some longtime Norton customers took to NortonLifeLock’s online forum to express horror at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

“Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” reads a Dec. 28 thread on Norton’s forum titled “Absolutely furious.”

Others have charged that the crypto offering will end up costing customers more in electricity bills than they can ever hope to gain from letting their antivirus mine ETH. What’s more, there are hefty fees involved in moving any ETH mined by Norton or Avira Crypto to an account that the user can cash out, and many users apparently don’t understand they can’t cash out until they at least earn enough ETH to cover the fees.

In August 2021, NortonLifeLock said it had reached an agreement to acquire Avast, another longtime free antivirus product that also claims to have around 500 million users. It remains to be seen whether Avast Crypto will be the next brilliant offering from NortonLifeLock.

As mentioned in this week’s story on Norton Crypto, I get that participation in these cryptomining schemes is voluntary, but much of that ultimately hinges on how these crypto programs are pitched and whether users really understand what they’re doing when they enable them. But what bugs me most is they will be introducing hundreds of millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways.

Categories: Technology, Virus Info

AngularJS reaches end of life

Info World - Sat, 01/08/2022 - 04:00

Now that the AngularJS JavaScript framework has reached end-of-life (EOL) status, the developers behind the next-generation, TypeScript-based Angular framework hope users of the original will move forward with the successor.

Originally released by Google in 2010, AngularJS reached EOL on December 31, with long-term support ceasing from the community. Users still can seek support from third parties including support services firms XLTS.dev and Perforce. The AngularJS source code still will be available on GitHub, via NPM, CDN, and Bower.

To read this article in full, please click here

Categories: Technology

What is streaming data? Event stream processing explained

Info World - Fri, 01/07/2022 - 04:00

Streaming data, also called event stream processing, is usually discussed in the context of big data. It is data that is generated continuously, often by thousands of data sources, such as sensors or server logs. Streaming data records are often small, perhaps a few kilobytes each, but there are many of them, and in many cases the stream goes on and on without ever stopping.

Historical data, on the other hand, normally goes through a batch ETL (extract, transform, and load) process before going into an analysis database, such as a data warehouse, data lake, or data lakehouse. That’s fine if you’re not in a hurry. On the other hand, it’s common to need to process streaming data quickly in order to act on the results in as close to real time as you can.

To read this article in full, please click here

Categories: Technology

The real value of 5G and cloud computing

Info World - Fri, 01/07/2022 - 04:00

I did some reading during the end-of-year holidays and ran into this article by Peter Cohen covering 5G network automation use cases. Specifically, I was looking for use cases related to cloud computing. 

I’m taken aback by how much hype 5G receives. My posts about 5G always have the most hits. However, most improvements to network infrastructure seem to quickly fade into computing history, even if they work. Who remembers new versions of IEEE Wi-Fi standards, Internet routing protocols, or other related technologies before we move on to the next version? Why is 5G staying in the spotlight so long?

To read this article in full, please click here

Categories: Technology

Pages

Subscribe to Some Place in Ohio aggregator - Technology