Software

The Hidden Risk Lurking In The Software Supply Chain: Transitive Open-Source Dependencies

Transitive open-source dependencies involve the inclusion of third-party code that can either be hard-coded into the source files or dynamically linked (downloaded) at runtime. This can pose a significant risk because the transitive dependencies introduce a huge surface area for attacks, with little to no visibility or control over the codebase from the consuming end. This means that a malicious third-party can easily introduce malicious code into a project, and the security risks posed by these unknown inputs could be far-reaching, for example, malicious code can grant access to sensitive user information and gain control over servers, resources, and other systems. To manage this risk, organizations should understand their software supply chain and identify the origin of any third-party dependencies. This process involves tracking the dependencies so that each is periodically checked for security vulnerabilities and alerts are sent when new issues are identified. In addition, organizations should use a trusted third-party repository or service to ensure that only verified and approved code is added to the project. Finally, the organization should create secure software development processes that reduce the likelihood of introducing a malicious code in the first place.

About curl

cURL is the name of the project. The name is a play on ‘Client for URLs’, originally with URL spelled in uppercase, it obvious it deals with URLs. The fact it can also be called ‘see URL’ also helped, it works as an abbreviation for “Client URL Request Library” or why not the recursive version: “Curl URL Request Library”.

The cURL project produces two products:

libcurl

A free and easy to use the Client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, FILE and LDAP. Libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and more!

libcurl is highly portable, it builds and works identically on numerous platforms, including DOS ,Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, AIX, HPUX, IRIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOs, Mac OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare and more.

libcurl is free, thread-safe, IPv6 compatible, feature rich, well supported and fast.

curl

curl is a command line tool for getting or sending files using URL syntax.

Since curl uses libcurl, it supports a range of common Internet protocols, currently including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, LDAP, DICT, TELNET and FILE.

We pronounce curl and cURL with an initial k sound: [kurl].

Test with the following PHP code:

[php]
$url = "http://www.searchenginegenie.com";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$returned = curl_exec($ch);
curl_close ($ch);
echo $returned;
[/php]

Tags:

Much awaited Puma laptops chip is going to release

Advanced Micro Devices is rolling out a much-awaited line-up of chips namely Puma for laptops.

Move comes after AMD posted its sixth consecutive quarterly loss in April amid missteps and market-share losses to Intel – its main competitor. The company sources said the launch of the processors and related parts is its largest-ever launch for notebook personal computers.

AMD counts more than 100 different notebook PCs designed to use versions of the Puma platform. “This is double the design wins over any previous mobile launches”, said Leslie Sobon, Director of product marketing at AMD.

PC makers using Puma chips include Acer, Asus, Dell, Fujitsu Siemens Computers BV and Hewlett-Packard, she said. Prices for the mobile PCs will be mid-range for laptops, from about $700 up to $2,000. Most will be available in time for the back-to-school shopping season, and some will be available this week.

Growth in desktop PCs has been slowing for years, and the mobile segment is the fast growing area in the PC industry. Market research firm IDC predicts that consumers will buy more mobile PCs than desktop PCs by the end of this year.

Tags:

Adobe launches new version of Acrobat with Flash

Acrobat allows users to package documents so they can be read across different hardware and OS.

Acrobat 9 comes with Adobe’s video-enabling software Flash. Users can include Flash-based videos when they create and share documents with the PDF (portable document format).

With a professional version of Acrobat 9, in that user could package a PowerPoint presentation not just with images, but also with an audio of the presenter’s voice.

Adobe also launched Acrobat.com, which will host Web-based software services to supports to creation and sharing the document.

The San Jose-based software maker hasn’t launched a new version of the Acrobat since November 2006, almost a year after it purchased Macromedia Inc., the creator of Flash software. Users have expected to see Flash integrated into Acrobat since that purchase, Lynch said.

Tags: ,

Windows 7

No more mouse and keyboard to interact with the computers as Microsoft is going to release their next generation of Windows operating system. In this newer version you can control your computers using the touch screen technology as like Apple’s iphone.

Microsoft chairman Bill Gates and Steve Ballmer, chief executive officer of Microsoft Corporation gave a quick look about a the new features during the All Things D technology conference on the last Tuesday night. Gates said, “The way you interact with the system will change dramatically, today almost all the interaction is keyboard-mouse. Over years to come, the role of speech, vision, ink – all of those things – will be huge.”

This new operating system is expected to hit the stores by the end of 2009 or early 2010. Microsoft expects that this new Windows version will get a healthier reception than Windows Vista.

Tags:

GoLive is no more be alive

Adobe Software has dropped their developing WYSIWYG web authoring tool GoLive. As they mainly develop this tool to compete with Macromedia Dreamweaver. However, with the Adobe’s recent purchase of Macromedia and also the actuality that Dreamweaver is more suitable to develop web pages with most of the advance technologies, the Adobe’s project GoLive has been call off.

Tags:

Joomla!

Joomla! is an Content Management System (CMS), that will help you build websites and many other powerful online applications. Joomla! is an open source solution that is freely available to everyone.

Joomla! is use to all over the world to power everything from simple, personal home pages to complex corporate web applications. Here are just a number of the ways people use the Joomla! Software:

  • Corporate websites or portals
  • Online commerce
  • Small business websites
  • Non-profit and organizational websites
  • Government applications
  • Corporate intranets and extranets
  • Personal or family homepages
  • Community-based portals
  • Magazines and newspapers
  • The possibilities are unlimited…

Joomla! can be used to easily manage every aspect of the website, from adding content and images to updating the product catalog or taking online reservations.

Tags: ,

Building Web Services with JAX-WS

JAX-WS referred for Java API for XML Web Services. JAX-WS is a technology for build web services and clients that communicate using XML. Using JAX-WS developers can make message-oriented as well as RPC-oriented web services.

In JAX-WS, a web service process invocation is representing by an XML-based protocol such as SOAP. The SOAP specification defines the structure, encoding rules, and conventions for representing web service invocations and responses. These calls and responses are transmitting over the HTTP as SOAP messages.

JAX-WS API hides the complexity of forming SOAP messages from the application developer. On the server side, the developers specify the web service operation by an interface written in the Java programming language. The developer codes one or more classes to implement this web service operation. A client forms a proxy and then simply invokes methods on the proxy. With JAX-WS, the developer does not produce or parse SOAP messages. JAX-WS converts the API calls and responses to and from SOAP messages.

JAX-WS make clients and web services have more advantage because Java is platform independent language. JAX-WS is not restrictive one (i.e.,) a JAX-WS client can access the web service that is running on any platform. JAX-WS gives more flexibility because it uses W3C technologies like HTTP, SOAP, and the WSDL.

Tags: ,

Ajax

The term AJAX referred as “Asynchronous JavaScript And XML,” but is now used much more generally to cover all methods of communicating with a server using JavaScript.

Using the Ajax techniques we can submit server requests and get the information from the server to the user without the necessity of waiting for a page load. The page update without refresh was done by Javascript, PHP and XML’s XMLHTTPRequest object.

Ajax is actually a grouping of several technologies working together to offer this capability. This could include the techniques bellow,

  • Ajax offer standards-based presentation using XHTML and CSS.
  • Client, server interaction made using DOM( Document Object Model) and provide dynamic display.

  • Data interchange and manipulation was performed by XML and XSLT.
  • Asynchronous data recovery using XMLHttpRequest.

  • And make JavaScript binding with everything together.

Tags: ,

Miscellaneous software

Phplive:

Phplive is a powerful chat application that allows you to have real-time communication with the customers and visitors from your site. PHPlive is developed using PHP/MySQL and this highly customizable application provides many rich set of features.

Phplive provides many features some of them are:

  • Real-time chat with users and provides support for them.

  • Also provides multiple chat requests simultaneously.

  • Allowed to creating different departments.

  • Provides support for tracking and collecting information to the visitors.

  • You also can save the chat transcription report.

  • It allowed to you rating the customer service.

  • It enables you to gives your own chat logos.

  • It also provides multiple language support for users.

dotProject:

dotProject is one of the Project Management application. This Open Source application supported free of charge by web developers from all over the world. dotProject is an free software written in PHP anyone can download and use it. By using its simple user interface any user can easy to work with DotProject.

Some of the dotProject features are:

  • dotProject gives User Management support.

  • Provides ticketing support system via email.

  • It provides client management support.

  • Provides task listing features and file archives.

  • It gives contact list and calendar for users.

  • dotProject also provides discussion forum for users.

Tags:

Request a Free SEO Quote