开源日报 - Page 46 of 262 - Open Source Daily

开源日报第858期：《blog-post-workflow》

8 8 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《blog-post-workflow》
今日推荐英文原文：《Researchers warn of an Achilles’ heel security flaw for Android phones》

今日推荐开源项目：《blog-post-workflow》传送门：项目链接
推荐理由：该项目可以展示你最近在各个平台上面发表的博客, 并自动通过git指令添加到你的项目readme中.
今日推荐英文原文：《Researchers warn of an Achilles’ heel security flaw for Android phones》作者：Alfred Ng
原文链接：https://www.cnet.com/news/researchers-warn-of-an-achilles-heel-security-flaw-for-android-phones/
推荐理由：研究人员警告: 支持快速充电或者消除噪音功能的芯片可能为黑客入侵手机带来便利. 据观察, 某种在40%以上的安卓设备使用的芯片包含多达400个漏洞, 可能被黑客利用.
Researchers warn of an Achilles’ heel security flaw for Android phones
You might not ever have heard of a digital signal processor, but there’s a good chance you’ve reaped the benefits of one on your phone. These processors, described as a “complete computer in a single chip,” are the reason phones can fully charge within five minutes or launch augmented reality for games like Pokemon Go.

The chip’s wide range of possibilities, however, mean it’s ripe for abuse from hackers, warn researchers at Check Point, a cybersecurity firm. In a Defcon presentation scheduled for Friday, researcher Slava Makkaveev is expected to demonstrate how these processors are essentially gateways for attackers to get control over Android devices.

Makkaveev looked at the Qualcomm Snapdragon chip, which is in more than 40 percent of Android devices, and found more than 400 vulnerabilities. A potential hacker could create a malicious app that exploits these vulnerabilities to bypass the usual security checkpoints and take data, including photos, videos and location information.

The vulnerabilities also could allow a malicious app to record calls and turn on a device’s microphone without people knowing about it. Other vulnerabilities include allowing a malicious app to brick devices and to hide other malware on phones.

Check Point’s researchers said they wouldn’t be specifying the technical details of the hundreds of vulnerabilities discovered, because the flaws still pose a security risk for potentially millions of devices.

Qualcomm acknowledged the vulnerabilities and released warnings about the flaws. The issues remain security risks unless phone manufacturers also push updates out to customers.

“We worked diligently to validate the issue and make appropriate mitigations available” to phone makers, Qualcomm said in a statement, adding that the company didn’t have any evidence that the problem was now being exploited by hackers. “We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said.

A spokesman for Google, which makes the Android OS, referred questions to Qualcomm for comment.

Though those specific security vulnerabilities were addressed, Check Point’s researchers said the processors are essentially a whole new platform for attackers to go after, describing that platform as an Achilles’ heel for even the most secure devices.

Digital signal processors have been around for a while, but security researchers haven’t paid much attention to them, partially because the entry barrier has been so high. Technical details on the chips are often locked down by the makers, which can be a benefit but also a concern if security researchers aren’t able to test them for flaws.

Check Point’s head of cyber research, Yaniv Balmas, said he suspects that in regard to these processors, there are many more vulnerabilities that haven’t yet been discovered, and he hopes more researchers will start looking at the hardware more closely.

“Our research managed to break these limits and we were able to have a very close look at the chip’s internal design and implementation in a relatively convenient way,” Balmas said. “Since such research is very rare, it can explain why we found so many vulnerable code sections.”
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第857期：《文章批注 editorAnnotate》

7 8 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《文章批注 editorAnnotate》
今日推荐英文原文：《Why I Quit My Programming Job》

今日推荐开源项目：《文章批注 editorAnnotate》传送门：GitHub链接
推荐理由：SkyeyeAnnotate 是一款基于 jQuery 封装的 HTML 文章批注插件，帮助开发者轻松实现类似 word 的文本批注。该插件支持我们在一个或多个网页中随意选择文本进行批注以及批注回复，支持批注历史查看等功能。
今日推荐英文原文：《Why I Quit My Programming Job》作者：Asha Rani
原文链接：https://medium.com/better-programming/why-i-quit-my-programming-job-399e16fb9796
推荐理由：作者在工作以后，发现工作和自己在大学学习编程时相比完全不同，于是她辞掉了这份工作。对她而言，相比编程，她更喜欢有创造性的设计。
Why I Quit My Programming Job

After studying computer science in school and getting a developer job, here’s why I decided to pivot to something different
Born and raised in India, from an early age, we were only presented with a handful of career options. Engineer and doctor were the top two choices for many. Things are changing now with the rise of the internet, but it’s not uncommon for parents to expect their kids to be a doctor or an engineer.

I knew I could not be a doctor because I was neither brave nor patient enough. So, engineering was an obvious choice. Back then, software engineering was considered “safe” for women compared to electrical engineering or mechanical engineering. With constant pressure from family and friends, combined with societal circumstances, I caved in and decided to pursue computer science.

I joined a college abroad and four years of college flew by. I spent hours building websites and writing fun code for my various computer science classes. HTML, JavaScript, CSS, PHP, and Java were my favorites. The reality of studying programming languages in school is that you decide what you want to build. If I like my sun to be green, I will make my sun green. If I want to put my text in Calibri instead of Times New Roman, I can. I remember spending countless hours on the W3Schools website learning and testing new fun things.

Anyway, as they say, all good things come to an end. And so, I graduated.

Fortunately, I got a job with a very big technology giant right out of school. And my very first project was designing a mobile banking app for one of the big banks. I was beyond thrilled. After the initial onboarding, the actual work started. Soon enough, I realized that programming at work is very different from programming at school. This is real, and no one really talks about it in school. No amount of classes and assignments prepare you for what to expect in the real world.

I worked with developers who had many years of experience in the industry — their experience was greater than my age back then. The tasks assigned to me were usually small bug fixes (change the color of this text, add a “Confirm” button here, fix the size of this widget, etc.). In the beginning, it all seemed OK because I was just too excited to be around such talented people, but that feeling soon started wearing off.

I realized in my little time as a professional developer that developers had little to no say in the design of the application/website as such. My love of programming was more about creating something unique and coming up with an interesting way to solve a basic problem. Professionally, I realized these decisions lied in the hands of product managers and business analysts.

The frustration of not being able to contribute to the actual design elaboration phase, combined with the minor bug fixes and constant judgment of senior developers, made me start to despise coding altogether. I realized I was more interested in the inception of ideas, meeting with the users, understanding their problems, and then creatively solving them.

One year later, I decided to quit my job as a developer and pivoted to a business analyst role. And I could not be happier.

Lastly, I just want to say that I still love coding. I still love my brainstorming sessions with the development team, but I think programming was just not the right fit for me. I know so many people who hate coding but continue to do it because they are too afraid of being judged by their peers for choosing something else. In my opinion, you spend more than eight hours daily at your job. If you don’t love it, you are wasting your time. Do yourself a favor and just take the first step to change. It’s easier than you think.

“Every great dream begins with a dreamer. Always remember, you have within you the strength, the patience, and the passion to reach for the stars to change the world.” — Harriet Tubman

下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第856期：《安全保障 how-to-secure-anything》

6 8 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《安全保障 how-to-secure-anything》
今日推荐英文原文：《Your Greatest Strength in a Job Interview Is Efficiency》

今日推荐开源项目：《安全保障 how-to-secure-anything》传送门：项目链接
推荐理由：介绍安全功能方面知识的项目，从相关概念到现在已有的安保机制再到现实世界中的安保实践，涉及的范围从现实中的博物馆与核安全到虚拟世界中的浏览器等等，可以说如此广的范围的确符合项目标题所说——保护任何东西。
今日推荐英文原文：《Your Greatest Strength in a Job Interview Is Efficiency》作者：Kendra Higgins
原文链接：https://medium.com/better-programming/your-greatest-strength-in-a-job-interview-is-efficiency-1fdd34b0ac6
推荐理由：作者提出对于一个公司来说，应聘者应当证明自己的工作是可以高效率进行的
Your Greatest Strength in a Job Interview Is Efficiency

Here’s why it gains countless job offers
You sense the interview is coming to an end, the questions are getting sparse, and it’s difficult to gauge your potential.

This dream job could come to fruition, but there is a weight on you. Sitting across the table in silence, your mind wanders to how all the moisture from your mouth found its way under your arms. At that moment, the silence is broken and your focus is redirected.

“What is your greatest strength?”

You’ve been there — sitting in a job interview as they roll through their list of questions trying to determine if you’re the candidate they seek.

In one way or another, they always question your strength. Sometimes, they outright ask you about it. Other times, it may be tucked under explaining how you overcame a difficult work situation or how your workflow sets you apart.

In response, it can be easy to default to your passion, reliability, consistency, or patience with others. You might be a self-starter or great at keeping yourself motivated. Or maybe you stay calm and composed during high-stress situations.

Those are all commendable traits, but the answer companies are looking for is efficiency.

Regardless of the position — barista, designer, cashier, mid-level management, sales — you need to be efficient. You see, efficiency is a strength that directly impacts the company. If you can master peak performance using minimal resources, you‘re bound to achieve the highest-level output. Or as business translates it, profit.

Now you’re thinking, “Sure, I’m good at my job and even clock in and out on time.” That’s not the efficiency that’s going to set you apart from John in accounting. You need to analyze your tasks, break them down, and reorganize them for optimal production, time, money, and resource usage without being asked.

Here’s an everyday example. You’re cooking a tasty, dependable dinner: spaghetti. Let’s say you start by putting garlic bread in the oven and placing your pasta in boiling water. You begin cooking down your tomato sauce. Then you realize you now have to brown your meat in a separate pan. By the end, your pasta is overcooked, your bread is burnt, and you’ve dirtied more dishes than necessary.

Now, what if we took that simple process, broke down each part, and rearranged it to make it more efficient? Typically, you start by browning the meat. Then add your diced tomatoes and spices to create your sauce. While that’s cooking down, boil your pasta and throw some garlic bread in the oven for the last eight minutes. Voilà, dinner is served. Hot, timely, and with minimal dishes.

Obviously, this is a natural trait for me. Yes, I’m the girl who loads the dishwasher and puts groceries on the checkout belt in a specific way. With that said, it’s a trait that can be learned and easily exercised in your day-to-day. How can you cook dinner faster, organize your fridge better, and get more housework done during your already busy schedule?

Now apply that same concept to your job. How can you design wireframes more effectively, make three lattes in the time it takes Sally to make one, or manage your team to exemplify their individual strengths?

When you prove your efficiency, you can win interviews, become an asset, and confidently ask for raises.

So next time you’re asked what your strength is, respond with efficiency — and show them why.
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第855期：《富文本: rich》

5 8 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《富文本: rich》
今日推荐英文原文：《Microsoft to continue discussions on TikTok purchase after talking to Donald Trump》

今日推荐开源项目：《富文本: rich》传送门：项目链接
推荐理由：Rich 是一个 Python 库，可以为您在终端中提供富文本和精美格式。 Rich API 可以很容易的在终端输出添加各种颜色和不同风格。Rich 还可以绘制漂亮的表格，进度条，markdown，突出显示语法的源代码及回溯等等，不胜枚举。 Rich 适用于 Linux，OSX 和 Windows。真彩色 / 表情符号可与新的 Windows 终端一起使用，Windows 的经典终端仅限 8 种颜色。 Rich 还可以与 Jupyter 笔记本一起使用，而无需其他配置。
今日推荐英文原文：《Microsoft to continue discussions on TikTok purchase after talking to Donald Trump》作者：Mark Serrels
原文链接：https://www.cnet.com/news/microsoft-to-continue-discussions-on-potential-tiktok-purchase-after-talking-to-donald-trump/
推荐理由：美国总统对Tiktok的禁令将会严重打击字节跳动在美国的发展, 微软的收购多少可以帮助Tiktok的发展. 微软将于最近几周与字节跳动以及总统展开谈判, 这可能会对字节跳动产生巨大的影响.
Microsoft to continue discussions on TikTok purchase after talking to Donald Trump
After reports US President Donald Trump is considering an order to force Beijing-based tech company ByteDance to divest ownership of popular social-video app TikTok, Microsoft has announced it will be “continuing discussion” on a potential purchase of TikTok after a conversation between Microsoft CEO Satya Nadella and the President.

“Microsoft fully appreciates the importance of addressing the President’s concerns,” said Microsoft, in a statement. “It is committed to acquiring TikTok subject to a complete security review and providing proper economic benefits to the United States, including the United States Treasury.

“Microsoft will move quickly to pursue discussions with TikTok’s parent company, ByteDance, in a matter of weeks, and in any event completing these discussions no later than September 15, 2020. During this process, Microsoft looks forward to continuing dialogue with the United States Government, including with the President.”

On Friday Trump told reporters he was considering a ban on TikTok. Trump and his administration are concerned that data gathered on US Citizens could be turned over to the Chinese government. The US Army and Navy have banned service members from downloading the app to government-issued phones. Earlier this month, the US House of Representatives voted to bar the use of TikTok on all government-issued phones.

“We are looking at TikTok. We may be banning TikTok,” Trump told reporters at the White House Friday. “We are looking at a lot of alternatives with respect to TikTok.”

Reuters reported that, in response to Trump’s comments, ByteDance had agreed to completely divest TikTok’s US operations.

In its statement, Microsoft wrote it was planning to buy the TikTok service in the United States, Canada, Australia, and New Zealand and would own and operate TikTok in these markets. Microsoft also mentioned inviting “other American investors to participate on a minority basis in this purchase”.

A large part of this potential deal would involve an overhaul of security.

“This new structure would build on the experience TikTok users currently love,” Microsoft wrote, “while adding world-class security, privacy, and digital safety protections. The operating model for the service would be built to ensure transparency to users as well as appropriate security oversight by governments in these countries.

“Among other measures, Microsoft would ensure that all private data of TikTok’s American users is transferred to and remains in the United States. To the extent that any such data is currently stored or backed-up outside the United States, Microsoft would ensure that this data is deleted from servers outside the country after it is transferred.”
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/