You are here

Technology

When Your Smart ID Card Reader Comes With Malware

Krebs on Security - Tue, 05/17/2022 - 19:07

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

A sample Common Access Card (CAC). Image: Cac.mil.

KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to speak to the press — who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. government smart cards.

The USB-based device Mark settled on is the first result that currently comes up one when searches on Amazon.com for “PIV card reader.” The card reader Mark bought was sold by a company called Saicoo, whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings.

The Common Access Card (CAC) is the standard identification for active duty uniformed service personnel, selected reserve, DoD civilian employees, and eligible contractor personnel. It is the principal card used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems.

Mark said when he received the reader and plugged it into his Windows 10 PC, the operating system complained that the device’s hardware drivers weren’t functioning properly. Windows suggested consulting the vendor’s website for newer drivers.

The Saicoo smart card reader that Mark purchased. Image: Amazon.com

So Mark went to the website mentioned on Saicoo’s packaging and found a ZIP file containing drivers for Linux, Mac OS and Windows:

Image: Saicoo

Out of an abundance of caution, Mark submitted Saicoo’s drivers file to Virustotal.com, which simultaneously scans any shared files with more than five dozen antivirus and security products. Virustotal reported that some 43 different security tools detected the Saicoo drivers as malicious. The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit, a fairly common but dangerous trojan horse that spreads by appending itself to other files.

Image: Virustotal.com

Ramnit is a well-known and older threat — first surfacing more than a decade ago — but it has evolved over the years and is still employed in more sophisticated data exfiltration attacks. Amazon said in a written statement that it was investigating the reports.

“Seems like a potentially significant national security risk, considering that many end users might have elevated clearance levels who are using PIV cards for secure access,” Mark said.

Mark said he contacted Saicoo about their website serving up malware, and received a response saying the company’s newest hardware did not require any additional drivers. He said Saicoo did not address his concern that the driver package on its website was bundled with malware.

In response to KrebsOnSecurity’s request for comment, Saicoo sent a somewhat less reassuring reply.

“From the details you offered, issue may probably caused by your computer security defense system as it seems not recognized our rarely used driver & detected it as malicious or a virus,” Saicoo’s support team wrote in an email.

“Actually, it’s not carrying any virus as you can trust us, if you have our reader on hand, please just ignore it and continue the installation steps,” the message continued. “When driver installed, this message will vanish out of sight. Don’t worry.”

Saicoo’s response to KrebsOnSecurity.

The trouble with Saicoo’s apparently infected drivers may be little more than a case of a technology company having their site hacked and responding poorly. Will Dormann, a vulnerability analyst at CERT/CC, wrote on Twitter that the executable files (.exe) in the Saicoo drivers ZIP file were not altered by the Ramnit malware — only the included HTML files.

Dormann said it’s bad enough that searching for device drivers online is one of the riskiest activities one can undertake online.

“Doing a web search for drivers is a VERY dangerous (in terms of legit/malicious hit ratio) search to perform, based on results of any time I’ve tried to do it,” Dormann added. “Combine that with the apparent due diligence of the vendor outlined here, and well, it ain’t a pretty picture.”

But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).

A thread about Mark’s experience on Twitter generated a strong response from some of my followers, many of whom apparently work for the U.S. government in some capacity and have government-issued CAC or PIV cards.

Two things emerged clearly from that conversation. The first was general confusion about whether the U.S. government has any sort of list of approved vendors. It does. The General Services Administration (GSA), the agency which handles procurement for federal civilian agencies, maintains a list of approved card reader vendors at idmanagement.gov (Saicoo is not on that list). [Thanks to @MetaBiometrics and @shugenja for the link!]

The other theme that ran through the Twitter discussion was the reality that many people find buying off-the-shelf readers more expedient than going through the GSA’s official procurement process, whether it’s because they were never issued one or the reader they were using simply no longer worked or was lost and they needed another one quickly.

“Almost every officer and NCO [non-commissioned officer] I know in the Reserve Component has a CAC reader they bought because they had to get to their DOD email at home and they’ve never been issued a laptop or a CAC reader,” said David Dixon, an Army veteran and author who lives in Northern Virginia. “When your boss tells you to check your email at home and you’re in the National Guard and you live 2 hours from the nearest [non-classified military network installation], what do you think is going to happen?”

Interestingly, anyone asking on Twitter about how to navigate purchasing the right smart card reader and getting it all to work properly is invariably steered toward militarycac.com. The website is maintained by Michael Danberry, a decorated and retired Army veteran who launched the site in 2008 (its text and link-heavy design very much takes one back to that era of the Internet and webpages in general). His site has even been officially recommended by the Army (PDF). Mark shared emails showing Saicoo itself recommends militarycac.com.

Image: Militarycac.com.

“The Army Reserve started using CAC logon in May 2006,” Danberry wrote on his “About” page. “I [once again] became the ‘Go to guy’ for my Army Reserve Center and Minnesota. I thought Why stop there? I could use my website and knowledge of CAC and share it with you.”

Danberry did not respond to requests for an interview — no doubt because he’s busy doing tech support for the federal government. The friendly message on Danberry’s voicemail instructs support-needing callers to leave detailed information about the issue they’re having with CAC/PIV card readers.

Dixon said Danberry has “done more to keep the Army running and connected than all the G6s [Army Chief Information Officers] put together.”

In many ways, Mr. Danberry is the equivalent of that little known software developer whose tiny open-sourced code project ends up becoming widely adopted and eventually folded into the fabric of the Internet.  I wonder if he ever imagined 15 years ago that his website would one day become “critical infrastructure” for Uncle Sam?

Categories: Technology, Virus Info

You’re doing cloudops planning too late

Info World - Tue, 05/17/2022 - 04:00

I often remember fondly the days of the waterfall software development life cycle. Each task had a beginning and an end. One work product was the input for the next documentation or code, and while it took much longer and had very little opportunity to change directions, it was easier to plan around.

Those days are over. Today’s cloud development—or development altogether—is iterative, agile, and can change at a moment’s notice. Often amplified by very robust devops toolchains, our approach to development these days is both automated and fluid, and that’s a step in the right direction if you ask me.

[ Also on InfoWorld: 5 signs your agile development process must change ]

But some things are falling by the wayside. Often operations planning is either done at the last moment or not at all. Developers push out code and data structures to ops, and the ops teams must figure out quickly how to make the thing run successfully long term. Many ops and cloudops positions are going unfilled these days because they’re becoming the IT jobs that set you up for failure.

To read this article in full, please click here

Categories: Technology

Kotlin 1.7.0 beta alters builder type inference

Info World - Tue, 05/17/2022 - 04:00

Kotlin 1.7.0, a planned new version of JetBrains’ cross-platform, multipurpose programming language, has reached a beta release stage, featuring changes to the builder type inference and a new memory manager.

Builder inference, a special kind of type inference useful when calling generic builder functions, brings the platform closer to builder inference stabilization. With the 1.7.0 beta, builder inference is automatically activated if a regular type inference cannot get enough information about a type without specifying the -Xenable-builder-inference compiler option. Developers now can write their own builders that use builder type inference without applying additional annotations or options. Builder type inference helps the compiler infer the type arguments via type information about other calls inside a lambda argument.

To read this article in full, please click here

Categories: Technology

Only DevSecOps can save the metaverse

Info World - Tue, 05/17/2022 - 04:00

Defined as a network of 3D virtual worlds focused on enhancing social connections through conventional personal computing and virtual reality and augmented reality headsets, the metaverse was once a fringe concept that few thought much, if anything, about. But more recently it was thrust into the limelight when Facebook decided to rebrand as Meta, and now consumers have started dreaming about the potential of a completely digital universe you can experience from the comfort of your own home. 

While the metaverse is still years from being ready for everyday use, many of its parts are already here, with companies like Apple, Epic Games, Intel, Meta, Microsoft, Nvidia, and Roblox working hard to bring this virtual reality to life. But while most people default to visions of AR headsets or perhaps the superspeed chips that power today’s gaming consoles, there’s no question there will be a massive volume of software needed to design and host the metaverse, as well as an endless number of business use cases that will be developed to exploit it. 

To read this article in full, please click here

Categories: Technology

CNCF launches ethics in open source training course

Info World - Mon, 05/16/2022 - 05:30

The Cloud Native Computing Foundation (CNCF) has launched an Ethics in Open Source Development training course that explores the ethical implications developers should consider when building open source software.

The new certification has been developed by the vendor-neutral CNCF, in partnership with Linux Foundation Training and Certification, and AI ethics specialist firm Ethical Intelligence.

The free online training course takes 2-3 hours and is primarily aimed at product managers and software developers who want to learn how to incorporate ethics-by-design and critical thinking techniques into their workflows.

To read this article in full, please click here

Categories: Technology

Top technologists have job options: 5 tips for retention

Info World - Mon, 05/16/2022 - 04:00

Developers, test automation engineers, site reliability engineers, and other technologists have more employment options today than ever before. Although there’s been a battle for talent for more than a decade, technologists can now seek remote work options well beyond commuting distances and may not have to relocate for new job opportunities.

In one recent study, “Leveling the Playing Field in the Hybrid Workplace,” 58% of knowledge workers who work with data, analyze information, or think creatively are likely to look for a new job during the year. This number increases to 72% for workers who are dissatisfied with their current level of flexibility. 

To read this article in full, please click here

Categories: Technology

More money for open source security won’t work

Info World - Mon, 05/16/2022 - 04:00

Here’s the good news. According to the Open Source Security Foundation (OpenSSF), it will cost less than $150 million to secure open source software. More good news, industry giants Amazon, Intel, Google, and Microsoft have already pledged $30 million. Just $120 million to go toward a secure open source future, right?

Well, no, because the bad news is that no generalized approach to open source security is going to work. OpenSSF has a fantastic 10-point plan to foster a multifaceted approach to security. This approach has a better chance of succeeding than the more piecemeal approaches of the past, argued Brian Behlendorf, general manager of the OpenSSF, on a recent press call, because “there’s not one root cause or one root approach that’s going to address them all.”

To read this article in full, please click here

Categories: Technology

Review: YugabyteDB does PostgreSQL proud

Info World - Mon, 05/16/2022 - 04:00

When I reviewed YugaByteDB 1.0 in 2018, it combined distributed ACID transactions, multi-region deployment, and support for Cassandra and Redis APIs. At the time, PostgreSQL support was “on the way,” meaning incomplete and barely tested. Fast forward to May 2022, and the Postgres train has pulled into the station.

YugabyteDB integrations, drivers, and PostgreSQL compatibility

To read this article in full, please click here

(Insider Story)
Categories: Technology

TWiT 875: We Don't Talk About Elon - Texas HB 20, Crypto crash, Google IO, Goodbye iPod, Netflix ads

This week in tech - Sun, 05/15/2022 - 23:28
  •  Elon Musk Says His $44 Billion Twitter Deal Is 'On Hold'.
  •  Two Twitter Leaders Are Leaving Company Following Musk Deal.
  •  Texas HB 20: Tech asks SCOTUS to stop Texas social media law.
  •  Just How Incredibly F'd Up Is Texas' Social Media Content Moderation Law?
  •  Elon Musk praises Chinese workers for 'burning the 3am oil' – here's what that really looks like.
  •  Jeff Bezos Hits Back at Joe Biden in Twitter Spat Over Inflation.
  •  Google previews the Pixel Watch, coming this fall with Pixel 7.
  •  The Pixel Tablet is coming in 2023.
  •  It's not a phone, it's an alliance.
  •  Google Glass's successor teased at I/O.
  •  Google announces Pixel 6a powered by Tensor processor for $449.
  •  More than $200 billion erased from the entire crypto market in a day as the sell-off intensifies.
  •  Yellen Renews Call for Stablecoin Regulation After TerraUSD Stumble.
  •  'The Guilt Is Unbearable': UST-Luna Investors Discuss the 99.99% Crypto Crash.
  •  Take Control of Cryptocurrency by Glenn Fleishman.
  •  Caitlin's podcast: Crypto's big crash.
  •  Coinbase chief says 'no risk of bankruptcy' after regulatory filing sparks alarm.
  •  Man seeks to excavate a landfill that allegedly has half a billion dollars worth of bitcoin.
  •  UK's Royal Mail aims to open up to 50 drone routes for rural deliveries.
  •  How an internet mapping glitch turned a random Kansas farm into a digital hell.
  •  The iPod is dead.
  •  A Visual History of the Apple iPod.
  •  Netflix Tells Employees Ads May Come by the End of 2022.
  •  Netflix Exploring Live Streaming For First Time; Plans To Roll Out For Unscripted Series & Stand-Up Specials.
  •  Disney Plus added almost 8 million new subscribers as Netflix struggles.
  •  Virtual reality mask adds realism by making it harder to breathe.
  •  Here's What the Black Hole in the Center of the Milky Way Looks Like.
  •  TikTok to surpass YouTube in the US.
  •  TIkTok introduces first ad product with rev share for creators.
  •  House where Facebook was created lists for $5.3M.

Host: Leo Laporte

Guests: Denise Howell, Glenn Fleishman, and Caitlin McGarry

Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Sponsors:

Categories: Podcasts, Technology

Microsoft .NET 7 Preview 4 brings Regex improvements, cache metrics

Info World - Sat, 05/14/2022 - 04:00

Microsoft’s latest preview of .NET 7, the forthcoming next version of its software development platform, features enhancements for working with regular expressions and caching.

Downloadable from the Microsoft .NET website, the fourth preview of .NET 7 was published May 10. The production release is due in November.

[ Also on InfoWorld: What’s new in Microsoft .NET 6 ]

Microsoft .NET Preview 4 adds remaining planned APIs that add support for span types to the Regex (regular expressions) library. The changes add support for matching with ReadOnlySpan<char> inputs and overhaul the handling of RegexOptions.IgnoreCase. The new span-based APIs include:

To read this article in full, please click here

Categories: Technology

Cloudflare to take on AWS, Azure, Google with D1 distributed database

Info World - Fri, 05/13/2022 - 11:55

Building on top of its recently launched serverless application platform Workers and the R2 object storage service, Cloudflare is releasing a new serverless database, dubbed D1, to take on databases from AWS, Microsoft Azure, GCP and Oracle.

The company claims that the D1 distributed database, which will reside in its 250-plus global locations — Cloudflare's edge — will reduce latency and data transfer fees for developers compared to other databases.

To read this article in full, please click here

Categories: Technology

What is JDBC? Introduction to Java Database Connectivity

Info World - Fri, 05/13/2022 - 04:00

JDBC (Java Database Connectivity) is the Java API that manages connecting to a database, issuing queries and commands, and handling result sets obtained from the database. Released as part of JDK 1.1 in 1997, JDBC was one of the earliest libraries developed for the Java language.

JDBC was initially conceived as a client-side API, enabling a Java client to interact with a data source. That changed with JDBC 2.0, which included an optional package supporting server-side JDBC connections. Every new JDBC release since then has featured updates to both the client-side package (java.sql) and the server-side package (javax.sql). JDBC 4.3, the most current version as of this writing, was released as part of Java SE 9 in September 2017 as JSR 221.

To read this article in full, please click here

Categories: Technology

How to build changeable cloud solutions

Info World - Fri, 05/13/2022 - 04:00

One of the things I learned early on is to design systems that allow for easy ongoing change. How? Cloud or non-cloud system, you build for change by compartmentalizing system components so that they can be configured or changed on their own. A simplistic analogy would be how we can interchange car parts to mix and match system components, having the ability to replace or update components without redeveloping the entire vehicle.

Other approaches leverage services and microservices to centralize and reuse some application behavior and data. This means that updating a specific service in a single location will change the behavior of all systems using that service, for instance, replacing a tax calculation, changing a database model, or even updating a component’s enabling technology, such as moving to containers and container orchestration.

To read this article in full, please click here

Categories: Technology

TypeScript 4.7 adds ESM support in Node.js

Info World - Fri, 05/13/2022 - 04:00

TypeScript 4.7, now in a release candidate (RC) stage, offers ECMAScript module (ESM) support for Node.js 16 as well as a multitude of coding enhancements.

The RC was unveiled May 11. TypeScript 4.7 is the latest planned version of Microsoft’s strongly typed JavaScript. The TypeScript 4.7 beta introduced April 8 backed ECMAScript module support in Node.js 12, something that had been planned for TypeScript 4.5 late last year but was delayed.

[ Also on InfoWorld: Builder CEO: Where JavaScript is headed is super interesting ]

However, because Node.js 12 is no longer supported, TypeScript’s builders have started the stable target at Node.js 16, which should provide newer ES module functionality such as pattern trailers while also defaulting TypeScript to a higher target that supports top-level await.

To read this article in full, please click here

Categories: Technology

Jetpack Compose 1.2 packs text improvements

Info World - Thu, 05/12/2022 - 14:43

Jetpack Compose 1.2, Google’s toolkit for building native Android UIs, is now available as a beta release. Highlights of the update include text improvements such as font padding and downloadable fonts.

With downloadable fonts, app developers gain new APIs to access Google Fonts asynchronously and to define fallback fonts without a complex setup. Benefits include smaller APK sizes and improved system health, Google said, because multiple apps can share the same font through a provider.

[ Also on InfoWorld: The best programming language to learn now ]

Addressing a top-voted bug in the Android issue tracker, Jetpack Compose 1.2 makes includeFontPadding a customizable parameter. Google recommends setting this value to false, which will enable more precise alignment of text within layouts. The plan is to make false the default value in a future release.

To read this article in full, please click here

Categories: Technology

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security - Thu, 05/12/2022 - 05:00

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Unidentified hackers shared this screenshot of alleged access to the Drug Enforcement Administration’s intelligence sharing portal.

On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA.

KrebsOnSecurity shared information about the allegedly hijacked account with the DEA, the Federal Bureau of Investigation (FBI), and the Department of Justice, which houses both agencies. The DEA declined to comment on the validity of the claims, and issued only the briefest of statements about the matter in response to being notified.

“DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the agency said in a statement shared via email.

According to this page at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA.

A document published by the Obama administration in May 2016 (PDF) says the DEA’s El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community.

EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins).

“The EPIC System Portal (ESP) enables vetted users to remotely and securely share intelligence, access the National Seizure System, conduct data analytics, and obtain information in support of criminal investigations or law enforcement operations,” the 2016 White House document reads. “Law Enforcement Inquiry and Alerts (LEIA) allows for a federated search of 16 Federal law enforcement databases.”

The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.

Claims about the purloined DEA access were shared with this author by “KT,” the current administrator of the Doxbin — a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.

[SIDE NOTE: Nearly two dozen domain names used by Doxbin were very recently included on the “Domain Block List” (DBL) maintained by Spamhaus, an anti-abuse group that many Internet service providers work with to block spam and malicious activity online. As a result, the Doxbin is currently unreachable on the open Internet].

As KrebsOnSecurity reported earlier this year, the previous owner of the Doxbin has been identified as the leader of LAPSUS$, a data extortion group that hacked into some of the world’s largest tech companies this year — including Microsoft, NVIDIA, Okta, Samsung and T-Mobile.

That reporting also showed how the core members of LAPSUS$ were involved in selling a service offering fraudulent Emergency Data Requests (EDRs), wherein the hackers use compromised police and government email accounts to file warrantless data requests with social media firms, mobile telephony providers and other technology firms, attesting that the information being requested can’t wait for a warrant because it relates to an urgent matter of life and death.

From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley.

Weaver said it’s clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases.

“I don’t think these [people] realize what they got, how much money the cartels would pay for access to this,” Weaver said. “Especially because as a cartel you don’t search for yourself you search for your enemies, so that even if it’s discovered there is no loss to you of putting things ONTO the DEA’s radar.”

The DEA’s EPIC portal login page.

ANALYSIS

The login page for esp.usdoj.gov (above) suggests that authorized users can access the site using a “Personal Identity Verification” or PIV card, which is a fairly strong form of authentication used government-wide to control access to federal facilities and information systems at each user’s appropriate security level.

However, the EPIC portal also appears to accept just a username and password, which would seem to radically diminish the security value of requiring users to present (or prove possession of) an authorized PIV card. Indeed, KT said the hacker who obtained this illicit access was able to log in using the stolen credentials alone, and that at no time did the portal prompt for a second authentication factor.

It’s not clear why there are still sensitive government databases being protected by nothing more than a username and password, but I’m willing to bet big money that this DEA portal is not only offender here. The DEA portal esp.usdoj.gov is listed on Page 87 of a Justice Department “data inventory,” which catalogs all of the data repositories that correspond to DOJ agencies.

There are 3,330 results. Granted, only some of those results are login portals, but that’s just within the Department of Justice.

If we assume for the moment that state-sponsored foreign hacking groups can gain access to sensitive government intelligence in the same way as teenage hacker groups like LAPSUS$, then it is long past time for the U.S. federal government to perform a top-to-bottom review of authentication requirements tied to any government portals that traffic in sensitive or privileged information.

I’ll say it because it needs to be said: The United States government is in urgent need of leadership on cybersecurity at the executive branch level — preferably someone who has the authority and political will to eventually disconnect any federal government agency data portals that fail to enforce strong, multi-factor authentication.

I realize this may be far more complex than it sounds, particularly when it comes to authenticating law enforcement personnel who access these systems without the benefit of a PIV card or government-issued device (state and local authorities, for example). It’s not going to be as simple as just turning on multi-factor authentication for every user, thanks in part to a broad diversity of technologies being used across the law enforcement landscape.

But when hackers can plunder 16 law enforcement databases, arbitrarily send out law enforcement alerts for specific people or vehicles, or potentially disrupt ongoing law enforcement operations — all because someone stole, found or bought a username and password — it’s time for drastic measures.

Categories: Technology, Virus Info

Google Flutter 3 backs macOS, Linux

Info World - Thu, 05/12/2022 - 04:00

Google has launched Flutter 3, a major release of the cross-platform development toolkit that adds stable support for building macOS and Linux desktop apps. Flutter already provided stable support for iOS, Android, web, and Windows targets.

Unveiled May 11, Flutter 3 features new interaction and input models, compilation and build support, and platform-specific integration for macOS and Linux. For macOS, Flutter backs both Intel and Apple Silicon processors, with Universal Binary support allowing apps to package executables running natively on both architectures. Flutter also takes advantage of the Dart language’s support for Apple Silicon.

To read this article in full, please click here

Categories: Technology

Google Flutter 3 stabilizes macOS, Linux support

Info World - Thu, 05/12/2022 - 04:00

Google has launched Flutter 3, a major release of the cross-platform development toolkit that adds stable support for building macOS and Linux desktop apps. Flutter already provided stable support for iOS, Android, web, and Windows targets.

Unveiled May 11, Flutter 3 features new interaction and input models, compilation and build support, and platform-specific integration for macOS and Linux. For macOS, Flutter backs both Intel and Apple Silicon processors, with Universal Binary support allowing apps to package executables running natively on both architectures. Flutter also takes advantage of the Dart language’s support for Apple Silicon.

To read this article in full, please click here

Categories: Technology

How to compress and decompress strings in C#

Info World - Thu, 05/12/2022 - 04:00

When developing applications you will often need to deal with strings. And because string objects are costly in terms of performance, you will often want to compress your string content, i.e., the data inside your string objects, to reduce the payload. There are several libraries available to do this but two popular techniques are GZip and Brotli.

In this article we’ll discuss how you can compress and decompress strings using the GZip and Brotli algorithms in C#. To work with the code examples provided here, you should have Visual Studio 2022 installed in your system. If you don’t already have a copy, you can download Visual Studio 2022 here.

To read this article in full, please click here

Categories: Technology

9 questions you should ask about your cloud security

Info World - Thu, 05/12/2022 - 04:00

In order for cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film Patton).

In an early scene, the camera focuses on a book Patton is reading by German General Erwin Rommel. The point is to show how Patton does not rely solely on military intelligence to plan the next battle. He’s being proactive in learning as much as he can about how his adversary thinks and operates. The next scene depicts Patton’s troops launching a devastating attack on German tanks and infantry. Peering through his binoculars, Patton smiles and yells “Rommel, you magnificent (expletive), I read your book!” 

To read this article in full, please click here

Categories: Technology

Pages

Subscribe to Some Place in Ohio aggregator - Technology