OWASP Top Ten and Software Composition Analysis.

The OWASP Top Ten 2017 category A9 is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have to turn the analyzer into a full SCA solution.

How will the analyzer look for vulnerabilities in the components used? What is SCA? Let’s try to find the answers in this article: https://amp.gs/j193y

“On the Stack Overflow website, we frequently see questions about how to look for bugs of a certain type. We know that PVS-Studio can solve the problem”

How to sympathize with a question on Stack Overflow but keep silent: https://amp.gs/j1958

How to make a parallel book for language learning. Part 1. Python and Colab version.

We will use the lingtrain_aligner tool. It’s an open-source project on Python which aims to help all the people eager to learn foreign languages: https://amp.gs/j1JY0

“Everyone who runs the static analyzer on a project for the first time is slightly shocked by hundreds, thousands or even tens of thousands of warnings. It may be frustrating. Is my code so terrible? Or is the analyzer lying? In any case, filtering by the severity changes the situation, not completely though. That’s why we thought about how we could improve the first experience with the analyzer. Let me show you the new feature step by step…”

Best warnings of static analyzer: https://amp.gs/j1JCn

Modix3D Large Scale 3D Printers: Print Parts Up to 1.8 Meters.

This article covers 3D printer manufacturer Modix and its professional large-scale 3D printers. It includes the history of the brand, its products, their functions and possible applications: https://amp.gs/j1JqF

“Everyone is used to moving an ensemble by moving its data files. It seems easy and obvious but our Clickhouse cluster had more than 400 TB replicated data”

Extending and moving a ZooKeeper ensemble: https://amp.gs/j1Jcc

“Sometimes, when writing an article, we come across interesting situations or epic errors. Of course, we want to write a small note about it. This is one of those cases”

How a PVS-Studio developer defended a bug in a checked project: https://amp.gs/j1KEM

Introduction to Shining3D.

This manufacturer is among the few companies that offer a comprehensive ecosystem of 3D digitization solutions, covering not only 3D printing, but 3D scanning and software solutions for engineering and medical teams.

Part 1: https://amp.gs/j1K2z
Part 2: https://amp.gs/j1K2t

“SSH, the secure shell, is often used to access remote Linux systems. Because we often use it to connect with computers containing important data, it’s recommended to add another security layer, such as the second factor”

MFA-protected SSH access to Ubuntu servers with LDAP or Azure AD Credentials and hardware or software tokens: https://amp.gs/j1Hrt

How to detect a cyberattack and prevent money theft.

Let’s find out how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks — money theft manually using remote control programs and using special malware, a banking trojan: https://amp.gs/j1o57

“We often check retro games. In our company, many developers like to find interesting projects for themselves. They feel nostalgic when they’re studying these projects. But we need to run retro games on something, right? This time we checked a project that helps to run old games on modern hardware”

PVS-Studio searches for bugs in the DuckStation project: https://amp.gs/j1MtD

Multiple heads are better than one in real world calculations.

Now, a team of University of Maryland-led quantum engineers report that multiple qubits may be better than one when it comes to error-corrections: https://amp.gs/j1MPF

JiraCLI is an interactive command line tool for Atlassian Jira that will help you avoid Jira UI to some extent.

This tool is not yet considered complete but has all the essential features required to improve your workflow with Jira: https://amp.gs/j1MO8

Protocol Buffers, a brutal protocol from Google, vs. PVS-Studio, a static code analyzer.

This is a good challenge for the PVS-Studio static code analyzer. Finding at least something is already an achievement. Let’s give it a shot: https://amp.gs/j1MM5

“I believe that you have heard about SDLC (Systems development life cycle). Is it possible that the same things are applicable for the IaC?”

IaC Development Life Cycle: https://amp.gs/jYjuD

Full motion video with digital audio on the classic 8-bit game console.

Let’s take an old console from 1983, that only has a handful of kilobytes of memory and mere megahertz of the 8-bit processing power, and make it to play digitized audio: https://amp.gs/jYjMz

How to choose a static analysis tool.

Nowadays, you can find various static analyzers: from free open-source to cross-functional commercial solutions. On the one hand, it’s great — you can choose from many options. On the other hand — you have to perform advanced research to find the right tool for your team: https://amp.gs/jY8CX

All hail bug reports: how to reduce the analysis time of the user’s project from 80 to 4 hours.

People often see work in support as something negative. Today we’ll look at it from a different perspective: https://amp.gs/jYZnM

Routing Loops.

This is the transcription for a presentation Qrator Labs' cloud architect, Alexander Zubkov, made at RIPE82 online conference this year: https://amp.gs/jYZN4

“The project was damn interesting! While doing it, we managed to work with new technologies, beep the speaker installed on the board, and, of course, withdraw cash”

On the recent vulnerability in Diebold Nixdorf ATMs: https://amp.gs/jYlip