توضیحات:

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.

Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

Coverage includes technical detail on how to

    Improve the overall security of any C or C++ application
    Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic
    Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
    Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors
    Perform secure I/O, avoiding file system vulnerabilities
    Correctly use formatted output functions without introducing format-string vulnerabilities
    Avoid race conditions and other exploitable vulnerabilities while developing concurrent code

The second edition features

    Updates for C11 and C++11
    Significant revisions to chapters on strings, dynamic memory management, and integer security
    A new chapter on concurrency
    Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI)

Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance.

#کتاب

Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security

Author: Liz Rice
Edition: 1st
Date: April 2023
Publisher: O'Reilly Media
Length: 234 pages

Amazon 👀
Download 😉

🚁 Hicte Blog

توضیحات:

What is eBPF? With this revolutionary technology, you can write custom code that dynamically changes the way the kernel behaves. It's an extraordinary platform for building a whole new generation of security, observability, and networking tools.

This practical book is ideal for developers, system administrators, operators, and students who are curious about eBPF and want to know how it works. Author Liz Rice, chief open source officer with cloud native networking and security specialists Isovalent, also provides a foundation for those who want to explore writing eBPF programs themselves.

With this book, you will:

    Learn why eBPF has become so important in the past couple of years
    Write basic eBPF code, and manipulate eBPF programs and attach them to events
    Explore how eBPF components interact with Linux to dynamically change the operating system's behavior
    Learn how tools based on eBPF can instrument applications without changes to the apps or their configuration
    Discover how this technology enables new tools for observability, security, and networking

‌
#ابزار_لینوکس

دنبال یه برنامه واسه خوندن PDF کتابا بودم که هم UI مینیمال داشته باشه و هم بشه برای دارک مودش بی دردسر رنگا رو به دلخواه تنظیم کرد.
اینگونه بود که Zathura رو پیدا کردم.
از فرمتای PDF، DjVu و EPUB به خوبی پشتیبانی میکنه و همچنین کلیدهای VI-Like داره.

نصب در آرچ لینوکس:
# pacman -S zathura zathura-djvu zathura-pdf-mupdf

یه سری کلیدای پرکاربرد ازش:

فیت کردن بر اساس ارتفاع صفحه‌
a
فیت کردن بر اساس پهنای صفحه
s
نمایش بصورت دو صفحه کنار هم
d
حالت دارک مود
ctrl + r
نمایش فهرست
tab
رفتن به صفحه‌ی nام
n [then] shift + g
حرکت یک صفحه به جلو
shift + j
حرکت یک صفحه به عقب
shift + k

کلیدهای بیشتر

پیکربندی:
برای تعیین رنگ‌های مورد علاقه‌تون هم میتونین توی فایل
~/.config/zathura/zathurarc
مشخصشون کنین.
برای رنگ foreground تو دارک مورد
set recolor-darkcolor rgba(R,G,B,Alfa)
و برای background تو دارک مود هم
set recolor-lightcolor rgba(R,G,B,Alfa)
رو توی zathurarc مشخص کنین.
همچنین اگه میخواین با سلکت کردن متنی اون متن کپی بشه به کلیپ بورد
set selection-clipboard "clipboard"
رو به zathurarc اضافه کنین.
اطلاعات بیشتر در مورد پیکربندی

[اگه حوصله ندارین هم فایل zathurarc خودم رو توی کامنت گذاشتم که رنگاش بر اساس تم دراکولا هست.]

سندباکس:
یه نسخه‌ی سندباکس هم داره که فقط read-only فایل رو باز میکنه با یه سری محدودیت‌ها که اگه فایلی رو از ناکجا آباد دانلود کردین و میخواین بازش کنین میتونین ازش استفاده کنین.
$ zathura-sandbox path/to/file

اطلاعات بیشتر

🚁 Hicte Blog

[ Source >> @PinkOrca ]

#گوناگون

تمپل‌اواس یک سیستم‌عامل هستش که تری دیویس (Terry A. Davis) اون رو به تنهایی توسعه داده.

این سیستم‌عامل با زبان برنامه‌نویسی HolyC نوشته شده که خود تری اون رو ساخته و شباهت زیادی به C داره. کل سیستم‌عامل حدود ۱۰۰ هزار خط کد داره و همه چیز توش با رزولوشن ۶۴۰x۴۸۰ و ۱۶ رنگ اجرا می‌شه.

با اینکه TempleOS از نظر تکنیکی محدودیت‌های زیادی داره، ولی به عنوان یک پروژه که توسط یک نفر نوشته شده خیلی قابل توجه هستش.

دیویس در اوایل دهه ۹۰ میلادی تشخیص اسکیزوفرنی گرفت و معتقد بود که خدا با اون صحبت می‌کنه و بهش دستور داده که یک سیستم‌عامل مقدس بسازه.

اون TempleOS رو "Third Temple" یا معبد سوم می‌دونست و اعتقاد داشت که این سیستم‌عامل یک ابزار الهی برای ارتباط با خداست. رزولوشن ۶۴۰x۴۸۰ و ۱۶ رنگ رو هم به این دلیل انتخاب کرد چون فکر می‌کرد که خدا این رو خواسته.

تری در سال ۲۰۱۸ در سن ۴۸ سالگی فوت کرد. اون در آخرین سال‌های زندگیش بی‌خانمان شده بود. نهایتاً توسط یک قطار در اورگان کشته شد که مشخص نشد خودکشی بوده یا تصادف.

🚁 Hicte Blog

#کتاب

100 Go Mistakes and How to Avoid Them

Author: Teiva Harsanyi
Edition: 1st
Date: October 2022
Publisher: Manning
Length: 384 pages

Amazon 👀
Download 😉

🚁 Hicte Blog

توضیحات:

Spot errors in your Go code you didn’t even know you were making and boost your productivity by avoiding common mistakes and pitfalls.

100 Go Mistakes and How to Avoid Them shows you how to:

Dodge the most common mistakes made by Go developers
Structure and organize your Go application
Handle data and control structures efficiently
Deal with errors in an idiomatic manner
Improve your concurrency skills
Optimize your code
Make your application production-ready and improve testing quality

100 Go Mistakes and How to Avoid Them puts a spotlight on common errors in Go code you might not even know you’re making. You’ll explore key areas of the language such as concurrency, testing, data structures, and more—and learn how to avoid and fix mistakes in your own projects. As you go, you’ll navigate the tricky bits of handling JSON data and HTTP services, discover best practices for Go code organization, and learn how to use slices efficiently.

About the book
100 Go Mistakes and How to Avoid Them shows you how to replace common programming problems in Go with idiomatic, expressive code. In it, you’ll explore dozens of interesting examples and case studies as you learn to spot mistakes that might appear in your own applications. Expert author Teiva Harsanyi organizes the error avoidance techniques into convenient categories, ranging from types and strings to concurrency and testing.

What's inside

Identify and squash code-level bugs
Avoid problems with application structure and design
Perfect your data and control structures
Optimize your code by eliminating inefficiencies

About the reader
For developers proficient with Go programming and syntax.

About the author
Teiva Harsanyi is a senior software engineer at Docker with experience in various domains, including safety-critical industries like air traffic management.

Table of Contents
1 Go: Simple to learn but hard to master
2 Code and project organization
3 Data types
4 Control structures
5 Strings
6 Functions and methods
7 Error management
8 Concurrency: Foundations
9 Concurrency: Practice
10 The standard library
11 Testing
12 Optimizations

#کتاب

Computer Networking: A Top-Down Approach

Author: Keith Ross and James Kurose
Edition: 7th [International Edition]
Date: June 2021
Publisher: Pearson
Length: 867 pages

Amazon 👀
Download 😉

🚁 Hicte Blog

توضیحات:

Motivates readers with a top-down, layered approach to computer networking

Unique among computer networking texts, the Seventh Edition of the popular Computer Networking: A Top Down Approach builds on the author’s long tradition of teaching this complex subject through a layered approach in a “top-down manner.” The text works its way from the application layer down toward the physical layer, motivating readers by exposing them to important concepts early in their study of networking. Focusing on the Internet and the fundamentally important issues of networking, this text provides an excellent foundation for readers interested in computer science and electrical engineering, without requiring extensive knowledge of programming or mathematics. The Seventh Edition has been updated to reflect the most important and exciting recent advances in networking.

#فان

ویددوزلند

🚁 Hicte Blog

#فان

کی گفته لینوکس برای گیم نیست 🗿

🚁 Hicte Blog