Code it

As a programmer or developer, the importance of creating secure applications cannot be overstated.

Software security deals with the management of malicious attacks by identifying potential vulnerabilities in software and taking the necessary precautions to guard against them.

Software can never be 100% secure because a developer can overlook a bug, create new bugs in an attempt to fix existing cases, or create new vulnerabilities through updates.

However, there’re two key practices that all software developers can employ to ensure that they create secure software

---

• writing secure code in the first place, and
• efficiently testing your code.

Software Security Is a Crucial Skill For All Developers

Developing good software is synonymous with ensuring that your software can withstand any malicious attack. This is only achievable through the writing of secure code, the continual testing of an application, and maintaining control of who has access to your data.

read more at

https://www.makeuseof.com/software-security-skill-all-programmers-should-have/

Providing clear steps to reproduce an issue is a benefit for everyone

When I’ve had to contact a company’s technical support through a form, I provide a ridiculously detailed description of what the issue is, when it happens, the specific troubleshooting that narrows it down, and (if it is allowed by the form) screenshots. I suspect the people on the other end aren’t used to that, because I know it is not what happens most of the time when people submit issues to me.

What’s the benefit of an effective bug report?

There are two sides to this, one is the efficiency of the interaction between the bug reporter and the (hopeful) bug fixer and the other is the actual likelihood that the issue will ever be fixed.

Why do we need “repro steps”?

The first part of fixing a problem is to make sure you understand it and can see it in action. If you can’t see the problem happen consistently, you can’t be sure you’ve fixed it. This is not a software development concept; it is true with nearly everything. If someone tells me the faucet is dripping, I’m going to want to see the drip happening before I try to fix it… then when I look and see it not dripping, I can feel confident that I resolved the problem.

Is it possible to provide too much information?

I’d rather have too much detail than too little, but I also feel that the bug reporter shouldn’t be expected to try to track down every possible variable or to try to fix the problem.

Human Nature and Incomplete Issues

I mentioned two sides to this, the efficiency of interaction and the likelihood an issue will be fixed. If you assume someone will ask for all the missing info, even if it takes a lot longer, then the only benefit to a complete bug report is efficiency. In reality though, developers are human, and when they see an incomplete issue where it could take many back-and-forth conversations to get the details they need, they will avoid it in favor of one that they can pick up and work on right now with no delay. Your issue, which could be more important than anything else in the queue, could end up being ignored because it is unclear.

A detailed bug report, with clear repro steps, is a win for everyone.

read this entire unedited super post at https://www.duncanmackenzie.net/blog/creating-an-effective-bug-report/

This post will show you how you can combine the native proxy function of your iOS device to route to Postman. Where you can then start tracing the API calls made by a native mobile application. Makes sense so far? Cool! Let’s get to it!

- have postman installed. So click on the icon at the top right that allows you to capture requests. Toggle the “Capture Requests” flag to on, and you are good to go here.

- open up the command shell, and type “ipconfig” to find out your local IP address ; Note it down

- pick up your mobile device. Go to your WIFI settings and select “Configure Proxy” ;

- enter the IP you just noted down as “Server” and type 5555 for the “Port” ;

- Once you press save, you will immediately see some URLs passing by on the Postman history …

- Now open up the app you want to trace… and do whatever you want to trace… �

see the details with screenshots at https://kvaes.wordpress.com/2021/05/05/how-to-reverse-engineer-3th-party-mobile-api-calls-with-postman/

“Don’t write clever code.” Why not? “Because it’s hard to understand.” People who say this think of clever code such as Duff’s Device:

Duff's Device

send(to, from, count)

register short *to, *from;

register count;

{ register n = (count + 7) / 8;

switch (count % 8)

{ case 0: do { *to = *from++;

case 7: *to = *from++;

case 6: *to = *from++;

case 5: *to = *from++;

case 4: *to = *from++;

case 3: *to = *from++;

case 2: *to = *from++;

case 1: *to = *from++; }

while (--n > 0); } }

This code is “clever” because it exploits knowledge about the language, in this case the peculiarities of fall-through. Clever code can also exploit knowledge about the operating environment or special topics like bit twiddling. Conventional wisdom says this clever code is “bad”.

There’s a second kind of “clever code”: code which exploits knowledge about the problem.

Consider sorting all 300+ million people in the US by birth date. The “simple” solution is to use quicksort, which has a “log₂ factor” of ~30. The “clever” solution is to exploit the fact that everybody in the US is under 120 years old and instead bucket sort with ~45000 buckets. That sorts the list in a single pass, which is an order of magnitude more efficient.

This kind of clever code can also be easier to understand. Since you’re solving a simpler problem than the general case, you can write less code and make things clearer. This usually ends up being highly domain specific

We talk about cleverness as if it’s Just Bad, such as “clever code is harder to debug”. That’s going too far. Cleverness can lead to faster, safer, even clearer code. I’m going to call this class of cleverness “insightful” to distinguish them.

Issues with Insight

Insights can make code faster, simpler, and safer. But it’s also fragile: insights only work because they exploit some property in the problem. If the problem changes, even slightly, the insightful solution might break down

I’m drawn to this distinction (Insights vs Cleverness) because I feel like our discussions of “clever code” are too constrained.

While “pure” cleverness is something we should discourage, “insightful” cleverness seems like something we should be approaching differently.

It’s something that often is necessary to make things work and which can be better than the equivalent “boring” code. It’s important to note the use of insight as well as the contextual constraints that made use of insight possible and what happens if they change.

We also should see how it affects our discussions about software.

How does “this tool needs insight to use” relate to “this tool is hard to learn”? Are there different expectations of insight in different fields, or at different levels of expertise? Do certain coding approaches depend more on insight than others, and does that affect generalizability?

Are there ways to teach insight? People get some baseline insight as they develop expertise in something, but I don’t know if you can teach insight on top of that. My gut says no, but I think I’m wrong here.

read more at https://www.hillelwayne.com/post/cleverness/

Starting out as a software developer can be tough.

In your first few years on the job, you’re likely to face a steep learning curve as you work on growing your coding skills and just learning your way around work in the tech industry.

One way to help ease some of those challenges is finding a mentor — someone with more experience who can help teach and guide you as you establish yourself as a software developer

What Is a Mentor?

A mentor isn’t the same thing as a boss or a more experienced colleague you spend time with.

A mentor is someone who is more experienced in a career field (like software development) who sets out specifically to form a relationship with someone less experienced. A mentor helps them learn important job skills and overcome common challenges in the field, but should also become a trusted advisor who can help set them on a path toward grother in all aspects of their life, both career and personal.

A relationship with a mentor should be long-term. And while the less-experienced developer in the relationship will reap the most benefit, a mentor-mentee relationship should be fulfilling for both parties, helping them both grow in different ways.

5 Reasons Why Developers Need Mentors

Teach You Coding Best Practices

Show You Where You Can Improve

Help You Find the Right Resources to Grow

Offer You New Perspectives

Help You Grow Personally

read more at https://www.7pace.com/blog/every-developer-needs-a-mentor

Python is not the only option for programming machine learning applications. There’s a growing community of developers who are using JavaScript to run machine learning models.

While JavaScript is not a replacement for the rich Python machine learning landscape (yet), there are several good reasons to have JavaScript machine learning skills. Here are four.

Private machine learning

Fast and customized ML models

Easy integration of machine learning in web and mobile applications

Server side JavaScript machine learning is maturing

JavaScript for programming machine learning offers several advantages over Python and R, namely privacy, speed, and staying on the device.

read more at https://venturebeat.com/2021/04/23/4-reasons-to-learn-machine-learning-with-javascript/

Traditionally, developers have created properties inside of JavaScript classes for any data that might be needed within an instance. This isn’t a problem for small pieces of data that are readily available inside of the constructor. However, if some data needs to be calculated before becoming available in the instance, you may not want to pay that cost upfront.

It may not be efficient to perform a calculation upfront if you aren’t sure the property will be used. Fortunately, there are several ways to defer these operations until later.

The on-demand property pattern

The easiest way to optimize performing an expensive operation is to wait until the data is needed before doing the computation. For example, you could use an accessor property with a getter to do the computation on demand

The messy lazy-loading property pattern

Only performing the computation when the property is accessed is a good start. What you really need is to cache the information after that point and just use the cached version. But where do you cache that information for easy access? The easiest approach is to define a property with the same name and set its value to the computed data

The only-own lazy-loading property pattern for classes

If you have a use case where it’s important for the lazy-loaded property to always exist on the instance, then you can using Object.defineProperty() to create the property inside of the class constructor. It’s a little bit messier than the previous example, but it will ensure that the property only ever exists on the instance

The lazy-loading property pattern for object literals

If you are using an object literal instead of a class, the process is much simpler because getters defined on object literals are defined as enumerable own properties (not prototype properties) just like data properties. That means you can use the messy lazy-loading property pattern for classes without being messy

Conclusion

The ability to redefine object properties in JavaScript allows a unique opportunity to cache information that may be expensive to compute. By starting out with an accessor property that is redefined as a data property, you can defer computation until the first time a property is read and then cache the result for later use. This approach works both for classes and for object literals, and is a bit simpler in object literals because you don’t have to worry about your getter ending up on the prototype.

One of the best ways to improve performance is to avoid doing the same work twice, so any time you can cache a result for use later, you’ll speed up your program. Techniques like the lazy-loading property pattern allow any property to become a caching layer to improve performance.

read this post with more details and code examples at https://humanwhocodes.com/blog/2021/04/lazy-loading-property-pattern-javascript/

Static analysis is the practice of analyzing source code before it is running. In compiled programming languages, static analysis might be built into the compiler, but in dynamically interpreted languages like JavaScript, static analysis tools must be configured to run on the code sometime before it is deployed.

Static analysis in JavaScript can drastically improve your code quality. Take a look at how so, some available tools and tips for implementing this practice.

Because static analysis can be fully automated, it’s one of the best ways to improve the quality of your JavaScript code without investing developer time. But how exactly can static analysis help, and what tools are available to JavaScript developers?

1. Formatting and Styling Code

The most common tools for static analysis in the JavaScript ecosystem—ESLint, JSHint, Prettier, Standard—are primarily used to ensure consistency in a team’s codebase.

2. Detecting Bugs and Errors

While no substitute for testing, several static analysis tools can be used to catch likely errors before code is ever run.

ESLint, PMD, Prettier and Standard are all good free tools that have rules for this kind of error detection.

3. Enforcing Best Practices

You can enforce best practices automatically using static analysis.

Prettier and Standard include opinionated rules about best practices, while ESLint and PMD are a bit more configurable.

4. Measuring Complexity

If you want to catch increasing complexity or limit the cyclomatic complexity of your source code, Plato, ESLint or complexity-report are good static analysis tools for you.

5. Analyzing Security Risks

While you can’t depend on static analysis alone to prevent security vulnerabilities, it’s certainly worth automating what you can. While some of the tools above indirectly improve security by decreasing likely bugs, LGTM is a security-focused tool that takes a novel approach

Using the knowledge that common bugs are repeated across projects, LGTM scans thousands of large open-source projects to help you spot similar bugs in your codebase. This may lead to a lot of false alerts, but it might be worth trying in your project.

6. Auditing Third-Party Dependencies

JavaScript applications tend to rely on many third-party libraries and frameworks. This makes development faster, but it puts a huge strain on teams that have to keep these third-party dependencies up to date. Fortunately, static analysis tools can help remind you when updates are required and even automatically manage this upgrade process. - Dependabot

7. Checking Types 

JavaScript applications can use type checking using tools like Flow or TypeScript to ensure consistent use of variable types.

read the entire post at https://www.telerik.com/blogs/going-beyond-eslint-overview-static-analysis-javascript

Microsoft has announced that it's now possible to run graphical Linux apps in Windows 10 using the Windows Subsystem for Linux. This feature was first released to Windows Insiders.

As this year's Build developer event kicks off, Microsoft has announced a major new feature for Windows 10 - the ability to run Linux apps with a GUI. This is a major expansion of the Windows Subsystem for Linux, which already lets you run command line-based Linux apps, and it means you can now use GUI apps without having to set up a traditional virtual machine with a Linux distribution.

Interestingly, this feature has actually been in testing with Windows Insiders on the Dev channel since April, but it isn't coming through a typical Windows 10 feature update. It's just available now for existing versions of Windows 10 and you can start using it right away.

read : https://www.neowin.net/news/you-can-now-run-linux-gui-apps-in-windows-10/

ONNX is an open format built to represent machine learning models. ONNX defines a common set of operators - the building blocks of machine learning and deep learning models - and a common file format to enable AI developers to use models with a variety of frameworks, tools, runtimes, and compilers.

It was introduced in September 2017 by Microsoft and Facebook.

ONNX breaks the dependence between frameworks and hardware architectures. It has very quickly emerged as the default standard for portability and interoperability between deep learning frameworks.

Before ONNX, data scientists found it difficult to choose from a range of AI frameworks available.

Developers may prefer a certain framework at the outset of the project, during the research and development stage, but may require a completely different set of features for production. Thus organizations are forced to resort to creative and often cumbersome workarounds, including translating models by hand.

ONNX standard aims to bridge the gap and enable AI developers to switch between frameworks based on the project’s current stage. Currently, the models supported by ONNX are Caffe, Caffe2, Microsoft Cognitive toolkit, MXNET, PyTorch. ONNX also offers connectors for other standard libraries and frameworks.

Two use cases where ONNX has been successfully adopted include:

• TensorRT: NVIDIA’s platform for high performance deep learning inference. It utilises ONNX to support a wide range of deep learning frameworks.
• Qualcomm Snapdragon NPE: The Qualcomm neural processing engine (NPE) SDK adds support for neural network evaluation to mobile devices. While NPE directly supports only Caffe, Caffe 2 and TensorFlow frameworks, ONNX format helps in indirectly supporting a wider range of frameworks.

The ONNX standard helps by allowing the model to be trained in the preferred framework and then run it anywhere on the cloud. Models from frameworks, including TensorFlow, PyTorch, Keras, MATLAB, SparkML can be exported and converted to standard ONNX format. Once the model is in the ONNX format, it can run on different platforms and devices.

ONNX Runtime is the inference engine for deploying ONNX models to production. The features include:

• It is written in C++ and has C, Python, C#, and Java APIs to be used in various environments.
• It can be used on both cloud and edge and works equally well on Linux, Windows, and Mac.
• ONNX Runtime supports DNN and traditional machine learning. It can integrate with accelerators on different hardware platforms such as NVIDIA GPUs, Intel processors, and DirectML on Windows.
• ONNX Runtime offers extensive production-grade optimisation, testing, and other improvements

access the original unedited post at https://analyticsindiamag.com/onnx-standard-and-its-significance-for-data-scientists/

Access the ONNX website at https://onnx.ai/

Start using ONNX -> Access the Github repo at https://github.com/onnx/onnx

The author was applying for a program and a task was given to him was to build an ECR20 token in less than 48 hours.

This was my first attempt at blockchain development and I didn’t know where to start from. I had knowledge of the cryptocurrency world from a user stand point but not as a developer. I searched around for materials to aid in my task but most were not up to date.

This is an up-to-date write up on the steps I took while building this token to help others that are interested in building their own token.

Step 1: Contract code

Step 2: Create Ethereum wallet with MetaMask

Step 3: Get Ropsten Ethers

Step 4: Edit the contract code

Step 5: Deploy Contract Code on Remix

Step 6: Publish and Verify Contract

Step 7: Add token to your wallet

Congrats!!!
You’ve just created your token.

read this excellently written starter at https://www.codementor.io/@vahiwe/building-your-own-ethereum-based-ecr20-token-in-less-than-an-hour-16f44bq67i

Google Translate works so well, it often seems like magic. But it’s not magic — it’s deep learning!

In this series of articles, we’ll show you how to use deep learning to create an automatic translation system. This series can be viewed as a step-by-step tutorial that helps you understand and build a neuronal machine translation.

This series assumes that you are familiar with the concepts of machine learning: model training, supervised learning, neural networks, as well as artificial neurons, layers, and backpropagation.

In this article, we’ll examine the tools we'll need to use to build an AI language translator.

Multiple frameworks provide APIs for deep learning (DL). The TensorFlow + Keras combination is by far the most popular, but competing frameworks, such as PyTorch, Caffe, and Theano, are also widely used.

These frameworks often practice the black box approach to neural networks (NNs) as they perform most of their "magic" without requiring you to code the NN logic. There are other ways to build NNs — for instance, with deep learning compilers.

The following table lists the versions of the Python modules we’ll use. All these modules can be explicitly installed using the ==[version] flag at the end of a pip command. For instance: "pip install tensorflow==2.0".

The code we're writing should work on any operating system but note that we're using Python 3, so make sure you have it installed. If your system has both Python 2 and Python 3 installed, you'll need to run pip3 instead of pip in the install commands below:

0.11.1

read the entire article for the list of instructions at https://www.codeproject.com/Articles/5299747/Tools-for-Building-AI-Language-Translation-Systems

It’s still tough to opt out of Apple and Google’s ecosystems. But some app makers are coming around to the web’s upsides

the web-first approach is one that some developers have been rediscovering as discontent with Apple’s and Google’s app stores boils over. Launching with a mobile app just isn’t as essential as it used to be, and according to some developers, it may not be necessary at all.

There are new examples emerging which demonstrate how developers are now building Web apps smartly for the mobile and skipping listing in App Stores, demonstrating what a modern, fast web app can do,

There’s just one problem with this zeal for web apps: On iOS, Apple doesn’t support several progressive web app features that developers say are necessary to build web apps that offer all the power and usability of a native app.

iOS web apps, for instance, can’t deliver notifications, and if you install them on the home screen, they don’t support background audio playback. They also don’t integrate with the Share function in iOS and won’t appear in iOS 14’s App Library section. Android, by contrast, supports most of those features, and even allows websites to include an “Install App” button.

Read the original article at https://www.fastcompany.com/90623905/ios-web-apps  to see some of the examples which are discussed. Of those 2 of them I personally tried out, liked and started using after reading the article i.e.

1Feed 

and

Wormhole