12.9 C
New York
Monday, March 17, 2025
Home Blog Page 3783

WWDC 2021: State of the Union Recap | by Joseph Maurer | Geek Tradition

codesanitize
-
0
WWDC 2021: State of the Union Recap | by Joseph Maurer | Geek Tradition


Right here’s a fast recap of Apple’s State of the Union at WWDC (World Extensive Developer Convention 2021). You could find the full video right here.

A brand new steady integration and supply service constructed proper into Xcode and hosted within the cloud, Xcode Construct is Apple’s tackle simplifying the method of constructing an app whereas serving to you concentrate on what’s vital. It helps you offload your builds, take a look at, and code signing for distribution. It publishes your consequence proper again into Xcode’s report navigator so that you by no means have to modify context out of the place you might be constructing your app.

One cool characteristic is you can have the construct notify you when it completes and publish it to your Slack or some other service. There’s additionally a public API you can dive into for grabbing details about your builds. I can see how constructing apps this fashion is far more built-in and handy. This really looks like a enjoyable technique to write exams on your app!

Code critiques additionally look to make large enhancements on commenting and reviewing code. The brand new views will let you choose between a number of methods to see what code has modified, and even view feedback as you might be fixing any potential bugs. Anybody who does code critiques how complicated it might get when there are a number of revisions and recordsdata eliminated or added to a pull request.

Most builders and engineers are used to the thought of writing concurrent code because it’s such a significant a part of making quick and responsive code.

“Concurrency permits your apps to carry out a number of duties on the identical time, which helps your apps keep attentive to consumer enter whereas doing work within the background, like a climate app fetching forecast knowledge whereas the consumer selects a metropolis.

The issue? Swift by no means had native help for concurrent code, so it was unnecessarily troublesome to put in writing good concurrent code. Apple’s new strategy to that is Structured Concurrency. Actors are an business normal and are important to secure concurrent programming.

Conceptually, an actor is an object that protects its personal state by solely offering mutually unique entry. This fully eliminates concurrent entry and the low-level knowledge races that include it.

Actors’ are actually a first-class citizen in Swift and have a a lot easier declaration:

One other profit is MainActor, which helps you to adorn a perform to all the time run on the principle thread. That is important for API calls which might be wanted for the UI.

This yr, Swift playgrounds 4 means that you can work in your concepts wherever you go. It means that you can swap between Playgrounds and Xcode. Upon getting created an app, you may even publish your app to TestFlight proper from the Playgrounds app.

Now you can add cool results to your AR objects with Customized metallic shaders and dynamic textures. You’ll be able to see these results within the Birthday Cake demo with confetti falling across the object.

One factor that stood out to me as a Recreation Engineer is you can now have extra management over the show refresh fee. Particularly if you’re growing video games which might be going to run on the IPad Professional with ProMotion or on Macs which might be linked to excessive finish screens, having management over the refresh fee could be helpful for making your recreation appear like it’s operating easily!

Recreation controller help can be simpler so as to add now, with haptic help. You’ll be able to add a brand new on display screen controller with only some traces of code.

iOS is now altering how notifications work and at what degree they’re delivered. Focus permits the consumer to pick what sorts of notifications are delivered. There are actually 4 ranges of notifications: Low, Lively, Time Delicate, and Pressing (seen above). Notifications abstract permits customers to get a short overview of what was delivered with some marks of relevance.

Unable to ping/Scan Profinet PLC System Via Siemens SCALANCE X108 related to Cisco VLAN-Primarily based Switches

codesanitize
-
0
Unable to ping/Scan Profinet PLC System Via Siemens SCALANCE X108 related to Cisco VLAN-Primarily based Switches


I am going through a difficulty with community connectivity to a Profinet PLC machine and would admire some assist. This is the setup:

enter image description here

  • PC ↔ DLINK Swap ↔ Cisco C2960 ↔ SCALANCE X108 ↔ PLC System
  • Solely Managed change is the Cisco Swap, All different switches are Unmanaged
  • SCALANCE X108 is an Industrial Unmanaged change.
  • The PLC is assigned an IP tackle of 192.168.101.9 and is configured
    with Profinet.
  • Each the PC and the port connecting to the SCALANCE X108 are
    configured in VLAN 101. The Swap has a number of different VLANs for different IT infrastructure.

Concern:

  • I can efficiently ping and scan the Profinet PLC in TIA Portal
    when it is related on to the DLINK Swap.
  • I can ping the 2 PLC gadgets (192.168.101.21, 192.168.101.22) that use Modbus over TCP/IP.
  • Nevertheless, when the Profinet PLC related by the SCALANCE X108, I
    can now not ping it from the PC, I believe the Cisco Swap is dropping VLAN
    0 frames. Precedence is assigned to Profinet real-time messages in accordance wit normal IEEE 802.1Q. The VLAN ID 0 with VLAN precedence 6 is used for Profinet Actual Time packets.

What I’ve Checked:

Since Profinet use VLAN 0, I configured Cisco Swap port to permit this VLAN 0 visitors, I’ve tried two workarounds , to make a non industrial Cisco Catalyst VLAN-Primarily based Swap to work with Profinet Protocol. The primary makes use of a voice VLAN that may move vlan 0. The second strategy makes use of a trunk port.

  1. Voice VLAN over entry port :
Swap(config)# interface GigabitEthernet 0/16
Swap(config-if)# switchport mode entry
Swap(config-if)# switchport entry vlan 101
Swap(config-if)# switchport voice vlan dot1p
  1. Trunk Port:
Swap(config)# default interface 0/16
Swap(config)# interface GigabitEthernet 0/16
Swap(config-if)# switchport trunk allowed vlan 101
Swap(config-if)# switchport native vlan 101

With these approaches I am fairly certain that Profinet gadgets will work on non industrial Cisco switches when these gadgets are instantly hooked to the identical change. I have to make it work with Profinet gadgets related to an Industrial Siemens Swap which is related to a Cisco change.

I’ve additionally checked the Cisco change MAC tackle desk and ARP desk on Port Gi 0/16 and the machine will not be exhibiting up:

cisco# present mac address-table interface gigabitEthernet 0/16
          Mac Tackle Desk
-------------------------------------------

Vlan    Mac Tackle       Kind        Ports
----    -----------       --------    -----
 101    000e.8c87.5b71    DYNAMIC     Gi0/16
 101    000e.cf1b.1288    DYNAMIC     Gi0/16
Complete Mac Addresses for this criterion: 2
cisco#

Im nonetheless not capable of ping the PLC even permitting VLAN 0 by the voice VLAN and Trunking. I do not know the place to verify if the Cisco change is definitely dropping visitors. I’ve checked debug arp and to this point see no difficulty

Has anybody encountered the same difficulty or may present steering on what may be fallacious? Any particular configurations or checks I ought to carry out on the Cisco C2960 to make sure Profinet visitors is passing by appropriately?

Thanks prematurely to your assist!

Evaluation of a malware exploiting Android accessibility providers

codesanitize
-
0
Evaluation of a malware exploiting Android accessibility providers


On Android and iOS, accessibility options can be found to assist folks use their smartphones: audio feedback, subtitles, customized show… Some cellular functions designed with an inclusive strategy are appropriate with accessibility providers.

To allow these providers in an software, it requires the accessibility permission. However this permission provides functions full entry to the consumer’s machine. At the moment, an increasing number of cybercriminals are leveraging it to take management of smartphones and tablets. When this occurs, customers discover themselves in a bind, unable to uninstall the app and even reset their machine.

Not too long ago, the Pradeo Safety answer neutralized an software utilizing Android accessibility providers for malicious functions on a protected machine. The recognized malware was put in via a phishing hyperlink. It pretends to be a QR code scanning software however really exploits the accessibility permission to carry out fraudulent banking transactions.

 

The dangers of cellular accessibility providers

An software can use the android.permission.BIND_ACCESSIBILITY_SERVICE permission so as to profit from superior options facilitating accessibility to customers with disabilities. With this permission, an software can management the entire display (clicks, strikes…) in addition to the keyboard, learn what’s displayed and shut or open functions.

These options are delicate as a result of they allow the management of virtually all layers of a tool. When a malicious software is granted the accessibility permission, it might ship all the data displayed on the display and typed on the keyboard to a distant server, forestall its personal elimination or a system reset, and even launch itself robotically when the machine is rebooted. Sadly, the distribution channels utilized by hackers similar to unofficial software shops and messaging providers (SMS) don’t present any safety towards this risk.

 

Case research: QR-Code Scanner

Title of the analyzed app: QR-Code Scanner

Package deal identify: com.sq..boss

OS: Android

The “QR-Code Scanner” software seems as a QR code scanning software. Its icon and identify are usually not suspicious. Nonetheless, when launched, no QR code scanning performance is obtainable.

Instantly, the appliance sends a notification that urges to grant the accessibility possibility, which is important for the execution of its assault. So long as the consumer doesn’t permit it, it constantly sends the identical permission request.

 

image-png-Oct-27-2022-07-57-41-2518-AMimage-png-Oct-27-2022-07-58-03-5173-AMimage-png-Oct-27-2022-07-58-21-2187-AM

 

As soon as licensed, the malware can silently approve its personal permission requests rather than the consumer. Thus, it grants itself all of the permissions that may permit it to hold out its assault.

On this case, our evaluation of the malware means that the aim of the hacker behind the appliance is to commit fraud, by accumulating knowledge that the consumer varieties or shows on his display (login, password, bank card numbers …) and intercepting the non permanent authentication code despatched.

First, the QR-Code Scanner software accesses the checklist of functions put in on the sufferer’s machine to gauge curiosity. When banking or e-commerce functions are used, there’s a better probability that banking knowledge is manipulated by the consumer. When it occurs, the hacker collects them.

To enter the sufferer’s account or make a cost along with his bank card, the hacker intercepts the one-time password contained in an SMS or a notification. Therefore, he bypasses all safety measures that authenticate funds and connections utilizing a code. Solely verification protocols that use biometric knowledge are protected at this level.

Lastly, the appliance makes use of the sufferer’s cellphone to unfold to different gadgets. To do that, it sends an SMS containing a phishing hyperlink to the whole contact checklist. This fashion, the message comes from a identified quantity and has a greater probability of convincing the recipients to put in the malware.

 

All through the assault, the malware exploits accessibility providers to:

  • Spy on customers exercise
  • Grant and stop the rejection of the permissions it wants
  • Forestall elimination of the appliance, both from the homepage or from the settings
  • Forestall manufacturing unit reset, even from a third-party machine
  • Forestall sleep or shutdown of its course of
  • Launch at startup

 

The permissions utilized by the malware are the next:

android.permission.QUERY_ALL_PACKAGES

android.permission.QUICKBOOT_POWERON

android.permission.RECEIVE_LAUNCH_BROADCASTS

android.permission.GET_TASKS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.RECEIVE_SMS

android.permission.READ_SMS

android.permission.WRITE_SMS

android.permission.SEND_SMS

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.intent.motion.BOOT_COMPLETED

com.htc.intent.motion.QUICKBOOT_POWERON

android.intent.motion.QUICKBOOT_POWERON

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.QUICKBOOT_POWERON

 

Protecting measures

Regardless of the plain want for accessibility providers, the superior rights they provide on the system imply that they have to be used (on the developer facet) and licensed (on the consumer facet) with due consideration.

At the moment, only some instruments and remediation actions are efficient to neutralize the analyzed malware:

  • Blocking the appliance earlier than launching it with Pradeo Safety
  • Forcing the uninstallation of the appliance with Pradeo Safety for Samsung
  • Uninstalling by way of a tool administration answer (UEM, MDM)
  • Uninstalling by way of ADB command

Google’s antitrust judgment: what’s at stake for Apple?

codesanitize
-
0
Google’s antitrust judgment: what’s at stake for Apple?


Google was discovered responsible on Monday of abusing monopoly energy to take care of its dominance within the search engine market. The lawsuitintroduced towards Google in 2020 by the Division of Justice and several other state Attorneys Common, primarily focuses on Google’s pursuit of default standing, pre-install agreements, and different avenues of preferential remedy. I received’t present an outline of the case right here; Marketecture and Stratechery each present useful and edifying evaluation.

One of many issues within the go well with was Google’s set of agreements with varied browsers to function the default search engine supplier for them. Essentially the most distinguished of those agreements was with Apple. Google pays Apple a share of all income generated from search queries carried out from the Safari browser, the place Google’s search engine is utilized by default. Per Bloomberg, in 2022, this income share amounted to $20BN, or roughly 25% of Apple’s total Providers income (the section underneath which this cost is booked) and 20% of Apple’s web revenue for that 12 months.

Whereas the judgment towards Google may have a variety of penalties on the corporate’s operations, it’s attention-grabbing to think about the way it will impression Apple. At first blush, the $20BN quantity — to which most evaluation on this topic is anchored — looks as if place to begin such an investigation. However the actuality is that $20BN is lower than Apple makes, in whole, from promoting default search standing, and it’s lower than Google pays, in whole, from shopping for default search standing.

As I focus on in Search defaults and the economics of search promoting income sharing, an inquiry into default search standing agreements carried out by the UK’s Competitors and Markets Authority (CMA) in 2020 reveals some intriguing particulars about Apple’s agreements with varied search engine suppliers in addition to Google’s agreements with different browsers. One such element is that Microsoft pays Apple to be a “secondary possibility” throughout the search engine default settings — that means, when a consumer determines to alter their default search engine and enters the settings display screen to take action, Bing is included within the checklist of accessible choices introduced on account of Microsoft’s cost to Apple. So are Yahoo! Search and DuckDuckGo. So not solely does Apple obtain cost from Google on a income share foundation for anointing it because the default search engine for Safari, but it surely additionally receives funds from different firms for the privilege of being included as attainable default choices ought to a consumer need to change their default search engine.

A second such element is that Microsoft apparently decided via a modeling train that, even when it had been to supply Apple 100% of the income generated from Bing searches from Safari had been it the first default search engine for that browser, it nonetheless wouldn’t have the ability to match the greenback worth of Google’s funds. The inquiry additionally notes that Firefox deserted Google as its default search engine in 2014 in favor of Yahoo! however reverted again to Google three years later as a result of the association with Yahoo! was much less profitable. In 2021, income share funds from Google amounted to 83% of Mozilla’s income.

From these particulars, it’s clear that:

  • Browsers select Google as the first default search engine standing as a result of it pays probably the most;
  • Google’s funds to the varied browsers with which it has reached agreements are materials as a proportion of their whole income or margin.

Again to Apple: whereas the treatment part of the trial could also be protracted, my assumption is that Google will not have the ability to enter into main search default agreements with browsers if this ruling is upheld upon enchantment. Assuming that the judgment stands, the subsequent related query pertaining to treatments is whether or not any search engine will have the ability to negotiate for main search default standing. The implications for Apple in both case are significant:

  • If solely Google is prevented from attaining main search default standing, then Apple loses regardless of the distinction is between what Google pays now and what Microsoft (or another search engine operator) can provide to beat all different bids for the place. That is possible a cloth sum of money, but it surely’s not everything of Google’s present cost. Nevertheless, Apple would additionally lose no matter the brand new winner of the first default search engine would have in any other case paid for secondary standing;
  • If all engines like google are prevented from attaining main search default standing, then Apple loses everything of Google’s present default cost and, very possible, all funds for secondary standing. This final result might be the case if the choose determines {that a} browser should expose a alternative display screen for the browser default, related to what’s now enforced within the EU underneath the DMA.

It’s vital to notice that, whereas Apple is prone to see diminished income from promoting main and secondary search default positioning, Google might solely be minimally impacted. Early outcomes from the browser alternative display screen within the DMA indicate that the adoption of different browsers could also be minimal. Courageous, as an example, revealed that its day by day installs jumped from 7,000 to 14,000 per day on iOS within the EU after the selection display screen was rolled out — a considerable enhance on a share foundation however possible not a risk to Chrome or Safari. And whereas Apple might lose everything of Google’s present main search default cost if it’s unable to cost search distributors for that standing going ahead, Google might solely see a slight decline within the variety of search queries from Safari — whereas being allowed to maintain 100% of the income generated from them.



Updating to .NET 8, updating to IHostBuilder, and operating Playwright Exams inside NUnit headless or headed on any OS

codesanitize
-
0
Updating to .NET 8, updating to IHostBuilder, and operating Playwright Exams inside NUnit headless or headed on any OS



All the Unit Tests passI have been doing not simply Unit Testing for my websites however full on Integration Testing and Browser Automation Testing as early as 2007 with Selenium. These days, nonetheless, I have been utilizing the sooner and customarily extra appropriate Playwright. It has one API and may check on Home windows, Linux, Mac, regionally, in a container (headless), in my CI/CD pipeline, on Azure DevOps, or in GitHub Actions.

For me, it is that final second of fact to be sure that the positioning runs fully from finish to finish.

I can write these Playwright assessments in one thing like TypeScript, and I might launch them with node, however I like operating finish unit assessments and utilizing that check runner and check harness as my leaping off level for my .NET purposes. I am used to proper clicking and “run unit assessments” and even higher, proper click on and “debug unit assessments” in Visible Studio or VS Code. This will get me the advantage of all the assertions of a full unit testing framework, and all the advantages of utilizing one thing like Playwright to automate my browser.

In 2018 I used to be utilizing WebApplicationFactory and a few difficult hacks to principally spin up ASP.NET inside .NET (on the time) Core 2.1 inside the unit assessments after which launching Selenium. This was type of janky and would require to manually begin a separate course of and handle its life cycle. Nevertheless, I stored on with this hack for a variety of years principally making an attempt to get the Kestrel Internet Server to spin up inside my unit assessments.

I’ve lately upgraded my most important website and podcast website to .NET 8. Needless to say I have been transferring my web sites ahead from early early variations of .NET to the newest variations. The weblog is fortunately operating on Linux in a container on .NET 8, however its unique code began in 2002 on .NET 1.1.

Now that I am on .NET 8, I scandalously found (as my unit assessments stopped working) that the remainder of the world had moved from IWebHostBuilder to IHostBuilder 5 model of .NET in the past. Gulp. Say what you’ll, however the backward compatibility is spectacular.

As such my code for Program.cs modified from this

public static void Most important(string[] args)
{
CreateWebHostBuilder(args).Construct().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup();

to this:

public static void Most important(string[] args)
{
CreateHostBuilder(args).Construct().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args).
ConfigureWebHostDefaults(WebHostBuilder => WebHostBuilder.UseStartup());

Not a significant change on the surface however tidies issues up on the within and units me up with a extra versatile generic host for my net app.

My unit assessments stopped working as a result of my Kestral Internet Server hack was not firing up my server.

Right here is an instance of my aim from a Playwright perspective inside a .NET NUnit check. 

[Test]
public async Process DoesSearchWork()
{
await Web page.GotoAsync(Url);
await Web page.Locator("#topbar").GetByRole(AriaRole.Hyperlink, new() { Identify = "episodes" }).ClickAsync();
await Web page.GetByPlaceholder("search and filter").ClickAsync();
await Web page.GetByPlaceholder("search and filter").TypeAsync("spouse");
const string visibleCards = ".showCard:seen";
var ready = await Web page.WaitForSelectorAsync(visibleCards, new PageWaitForSelectorOptions() { Timeout = 500 });
await Anticipate(Web page.Locator(visibleCards).First).ToBeVisibleAsync();
await Anticipate(Web page.Locator(visibleCards)).ToHaveCountAsync(5);
}

I like this. Good and clear. Definitely right here we’re assuming that we’ve got a URL in that first line, which might be localhost one thing, after which we assume that our net software has began up by itself.

Right here is the setup code that begins my new “net software check builder manufacturing facility,” yeah, the title is silly nevertheless it’s descriptive. Notice the OneTimeSetUp and the OneTimeTearDown. This begins my net app inside the context of my TestHost. Notice the :0 makes the app discover a port which I then, sadly, need to dig out and put into the Url personal to be used inside my Unit Exams. Notice that the is actually my Startup class inside Startup.cs which hosts my app’s pipeline and Configure and ConfigureServices get setup right here so routing all works.

personal string Url;
personal WebApplication? _app = null;
[OneTimeSetUp]
public void Setup()
{
var builder = WebApplicationTestBuilderFactory.CreateBuilder();
var startup = new Startup(builder.Atmosphere);
builder.WebHost.ConfigureKestrel(o => o.Pay attention(IPAddress.Loopback, 0));
startup.ConfigureServices(builder.Providers);
_app = builder.Construct();
// pay attention on any native port (therefore the 0)
startup.Configure(_app, _app.Configuration);
_app.Begin();
//you're kidding me
Url = _app.Providers.GetRequiredService().Options.GetRequiredFeature().Addresses.Final();
}
[OneTimeTearDown]
public async Process TearDown()
{
await _app.DisposeAsync();
}

So what horrors are buried in WebApplicationTestBuilderFactory? The primary bit is unhealthy and we should always repair it for .NET 9. The remaining is definitely each good, with a hat tip to David Fowler for his assist and steerage! That is the magic and the ick in a single small helper class.

public class WebApplicationTestBuilderFactory 
{
public static WebApplicationBuilder CreateBuilder() the place T : class 
{
//This ungodly code requires an unused reference to the MvcTesting bundle that hooks up
//  MSBuild to create the manifest file that's learn right here.
var testLocation = Path.Mix(AppContext.BaseDirectory, "MvcTestingAppManifest.json");
var json = JsonObject.Parse(File.ReadAllText(testLocation));
var asmFullName = typeof(T).Meeting.FullName ?? throw new InvalidOperationException("Meeting Full Identify is null");
var contentRootPath = json?[asmFullName]?.GetValue();
//spin up an actual dwell net software inside TestHost.exe
var builder = WebApplication.CreateBuilder(
new WebApplicationOptions()
{
ContentRootPath = contentRootPath,
ApplicationName = asmFullName
});
return builder;
}
}

The primary 4 traces are nasty. As a result of the check runs within the context of a unique listing and my web site must run inside the context of its personal content material root path, I’ve to power the content material root path to be appropriate and the one approach to try this is by getting the apps base listing from a file generated inside MSBuild from the (growing older) MvcTesting bundle. The bundle isn’t used, however by referencing it it will get into the construct and makes that file that I then use to drag out the listing.

If we are able to do away with that “hack” and pull the listing from context elsewhere, then this helper operate turns right into a single line and .NET 9 will get WAY WAY extra testable!

Now I can run my Unit Exams AND Playwright Browser Integration Exams throughout all OS’s, headed or headless, in docker or on the metallic. The location is up to date to .NET 8 and all is correct with my code. Properly, it runs a minimum of. 😉




About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, advisor, father, diabetic, and Microsoft worker. He’s a failed stand-up comedian, a cornrower, and a guide creator.

facebook
twitter
subscribe
About   Publication

Internet hosting By
Hosted in an Azure App Service










1...3,7823,7833,784...3,810Page 3,783 of 3,810

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved