Software Bill of Materials (SBOMs) are like ingredient labels on food. They are critical to keep consumers safe and healthy, they are somewhat standardized, but it is a lot more exciting to grow or make the food rather than the label. 

What is an SBOM?

What is an SBOM? In short, it is a way to tell another party all of the software that is used in the stack that makes up an application. One benefit of having a SBOM is you know what is in there when a vulnerability comes up. You can easily determine if you are inerme and where. 

As modern software is built utilizing a almohadilla of software already written (no sense in recreating the wheel), it is important that all of the components don’t get lost in the shuffle. It isn’t readily apparent what a particular piece of software utilizes. So, if a vulnerability for Software A arises, you need to know, do I have that piece of software somewhere in my ecosystem, and, if so, where. Then you can remediate if you need to.

I can’t take credit for the food label analogy used in my introduction. I heard it from Allan Friedman, a Senior Advisor and Strategist at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and a key SBOM advocate, when he presented about SBOMs at the RSA Conference 2022 with Kate Stewart, the VP of Dependable Embedded Systems here at the Linux Foundation. Allan made the point that food labels only provide information. The consumer needs to read and understand them and take appropriate action. For instance, if they are allergic to peanuts, they can look at an ingredient label and determine if they can safely eat the food. 

SBOMs are similar – they tell a person what software is used as an “ingredient” so someone can determine if they need to take action if a vulnerability arises. It isn’t a silver bullet, but it is a animoso tool. Without SBOMs no one can track what component “ingredients” are in their software applications.

SBOMs and the Software Supply Chain

Supply chains are impacting our lives more than just restricting availability of consumer goods. Software supply chains are immensely more complicated now as software is built with pre-existing components. This makes software better, more effective, more powerful, etc. But it also introduces risk as more and more parties touch a particular piece of software. Much like our world has become so interdependent, so has our software. 

Understanding what is in the supply chain for our software helps us effectively secure it. When a new risk emerges, we know what we need to do. 

SBOMs and Software Security

SBOMs are increasingly being recognized as an important pillar in any comprehensive software security plan. A completo survey conducted in 2021 Q3 by the Linux Foundation found that 78% of organizations responding plan to use SBOMs in 2022. Additionally, the recently published Open Source Software Security Mobilization Plan recommends SBOMs be universal and the U.S. Executive Order on Improving the Nation’s Cybersecurity requires SBOMs be provided for software purchased by the U.S. government. And, as Allan points out in his talk, “We buy everything.” The E.O. actually lays out a nice summary of SBOMs and their benefits: 

The term “Software Bill of Materials” or “SBOM” means a formal record containing the details and supply chain relationships of various components used in building software.  Software developers and vendors often create products by assembling existing open source and commercial software components.  The SBOM enumerates these components in a product.  It is analogous to a list of ingredients on food packaging.  An SBOM is useful to those who develop or manufacture software, those who select or purchase software, and those who operate software.  Developers often use available open source and third-party software components to create a product; an SBOM allows the builder to make sure those components are up to date and to respond quickly to new vulnerabilities.  Buyers can use an SBOM to perform vulnerability or license analysis, both of which can be used to evaluate risk in a product.  Those who operate software can use SBOMs to quickly and easily determine whether they are at potential risk of a newly discovered vulnerability.   A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration.  The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems.  Understanding the supply chain of software, obtaining an SBOM, and using it to analyze known vulnerabilities are crucial in managing risk.

Allan and Kate spent time in their talk going into the current state of SBOMs, challenges, benefits, tools available for creating and sharing SBOMs, what is a minimum SBOM, standards being developed, making them fully automated, and more. Look for some future LF Blog posts digging into these. 

But there are things you can do now. 

What can you and your organization do now?

Allan and Kate laid out several things you and your organization can do, starting now. Starting within your organization: 

Next week: Understand origins of software your organization is using

  • Commercial: can you ask for an SBOM?
  • Open source: do you have an SBOM for the binary or sources you’re importing? 

Three months: Understand what SBOMs your customers will require

  • Expectations: which standards, dependency depth, licensing info?

Six months: Prototype and deploy

  • Implement SBOM through using an OSS tool and/or starting a conversation with vendor

And participate in ongoing discussions to determine best practices for the ecosystem and contribute to open source project any code developed to support SBOMs. 

But there are also steps you can take as an individual:

Next week: Start playing with an open source SBOM tool and apply it to a repo

Three months: Have an SBOM strategy that explicitly identifies tooling needs

Six months

  • Begin SBOM implementation through using an OSS tool or starting a conversation with vendor
  • Participate in a plugfest and try to consume another’s SBOM

And make sure to share any open source and commercial tools you find helpful and work with the tools to help harden them, test and report bugs, and push them to scale.

How can you shape the future of SBOMs?

First, I want to highlight some upcoming opportunities they shared to help shape the future of SBOMs. CISA is running public Tooling & Implementation work stream discussions in July 2022. They are the same, but occur at different times to help accommodate more time zones: 

  • July 13, 2022 – 3:00-4:30 PM ET
  • July 21, 2022 – 9:30-11:00 AM ET 

If you want to participate, please email SBOM@cisa.dhs.gov

Additionally, there will be “plugfests” to be announced soon, and they suggested organizations already adopting SBOMs publish case studies and reference tooling workflows to help others. 

Conclusion

SBOMs are here to stay. If you aren’t already, get on the train now. It is pulling out of the station, but you still have an opportunity to help shape where it is going and how well the journey goes. 

Allan’s and Kate’s slides are available here. If you registered to attend the RSA Conference, you can now watch their full presentation on demand here.



Source link


SOLIDWORKS Cad is one of the best applications for creating solid-based objects such as pipes, pulleys, gears, and many more. The way it does it is also extraordinary, as it gives you the freedom to design a mechanical part in any way you like. It will provide you with all this information in the form of 2D and 3D images so that you can get a better picture of what it looks like in the efectivo world.

To run this application, you will need a laptop with better specifications as lots of processing and rendering will be included in it so we will be discussing the top 3 laptops that can easily run this application.

Asus ZenBook Flip

This is a 13.3-inch laptop with a 4K display and a hinge that allows it to swivel 360 degrees and be used as a tablet. The display is one of a kind, and you won’t find it in any other laptop with very minimal bezels. When comparing it to other displays, you’ll notice a significant difference. The specifications are also not lacking, as it features a Core i7 11th generation CPU with turbo boost technology that can raise the clock speed to 4.7 GHz. Aside from that, it has 16 GB of RAM, 512 GB or more of storage, and an integrated Iris graphics card.

This application consumes lots of battery life as well, especially if you are rendering, but you don’t need to worry as this laptop can easily run for around 15 hours with a single charge and can easily handle all the tasks related to the application of SOLIDWORKS due to its specifications.

Apple MacBook Pro

This is another great laptop with Apple’s M1 processor, which is quicker and more efficient than any other chip on the market. This chip has an 8-core CPU and an 8-core GPU for faster processing and the capacity to handle huge tasks with ease. Another fantastic feature is that it has a 16-core neural engine for greater optimization and decision-making based on machine learning, which will help to extend the battery life, which is now about 20 hours. Aside from that, it has 8 GB of RAM that can be upgraded to 16 GB, as well as fast storage up to 2TB.

With incredibly fine and vivid colors and a brightness of 500 nits, it is one of the best 14-inch retina screens on the market. The screen has less bezel than in previous generations, and the build quality is highly premium and strong, which will enhance your experience of doing solid work on this laptop even more.

Lenovo ThinkPad X1

This is one of the best Windows-based laptops money can buy, especially for running heavy applications like Silhouette Cameo, and it costs roughly $1800. One of its greatest features is its laptop, which has incredibly soft and easy-to-use keys that will never strain your hand even if you type for lengthy periods of time. This laptop will provide you with a lot of conveniences because you can give it a lot of instructions. Its internals includes a 10th generation Core i7 laptop that can be overclocked to 4.9GHz, as well as 16 GB of RAM and a 512 NVME SSD for storage.

The display of this laptop is great as well, as it comes with a screen size of 14 inches and a resolution of 1920 x 1080. It comes with a full HD display, where the color representation is great and accurate. The maximum brightness of this laptop is 400 nits, whereas the bezel of the screen is quiebro noticeable. compared to some other laptops. It’s a lightweight laptop with a weight of only 2.40 lbs, but its build quality is great.

This laptop’s battery life is also worth noting since it can last up to 19.5 hours, which should be enough time to use it without needing to charge it, making it an ideal choice to use applications like SOLIDWORKS on it.

Conclusion

SOLIDWORKS are one of the greatest software for constructing solid-based things like pipelines, pulleys, and gears, among others. It also achieves it in an exceptional way by allowing you to create a mechanical element in whatever way you like. It will present you with all this information in the form of 2D and 3D photos so that you can get a better idea of how it appears in efectivo life.



Source link


Having a great display is one of the key features that people look for when buying a laptop. The reason is that a better display will enhance your viewing experience and will not put a strain on your eyes, whether you are watching any program, working on any software, or playing a game. In this article, we will be discussing the top 3 laptops that are worth considering.

Acer Predator Helios 300

The Acer Predator Helios 300 is specifically designed for gaming, but you can run all the applications on it, and it’s a great choice for watching media as well. It comes with an RGB laptop that is more appealing to the eyes, and the keys are very soft. The spacing is also great for you to easily type. It comes with a Core i7 10th gen 10750H process with a processing speed that can be overclocked up to 5.0 GHz.

It has 16 GB of DDR4 RAM with a frequency of 2933 MHz, whereas for storage you can have a 512 GB NVME solid-state drive. It’s a 15.6-inch laptop where color reproduction is also great with a better contrast ratio. The 144Hz refresh is also an ideal choice for gaming for a better frame rate and smooth gameplay, and combining it with a 6 GB GDDR6 RTX 2060 graphic card will enhance your gaming experience to the next level.

Buy Acer Predator Helios 300

HP Envy x360

This is one of the best all-rounders on the list because it is convertible. You can use it to watch your favorite show or any program just like a regular laptop, or you can do that by folding it. Also, it comes with a touch screen that can be used for illustrations as well, if you are an art lover. The 15.6-inch IPS display is top-notch as the colors are very accurate and you can adjust it further as per your needs using the in-built settings. But all this doesn’t mean that you can’t use it for gaming as this laptop comes with a 16 GB DDR4 ram, 512 GB NVNE SSD and AMD Radeon graphics.

The processor is also one of the best available on the market, the AMD Ryzen 5 5500, which is sufficient to handle all your applications and gaming as well. Other than that, the laptop is very lightweight at only 4.4lbs and the foráneo looks very premium with a very durable hinge to control the screen movement.

Buy HP Envy x360

LG Gram 15Z90N

If you are looking for a laptop with great color accuracy and brightness that should also be lightweight, then look no further and purchase this laptop. It is one of the most stylish laptops available on the market, which only weighs 2.2 lbs and has an IPS display that you are definitely going to like. The build quality is great, but it is more fragile due to its lightweight, so you need to handle this laptop with care.

It comes with 10th generation i7 CPU, a 15.6-inch screen with a resolution of 1920×1080, 8GB of RAM, and a 256 GB NVME SSD with an integrated graphic card. With all these specs, you can easily run all of the extensive and heavy applications and software with ease, but it lacks gaming due to the unavailability of a dedicated graphics card. Overall, it’s a great laptop with excellent display and performance that we would recommend.

Buy LG Gram 15Z90N

Conclusion

When it comes to choosing a laptop, one of the most important characteristics that consumers seek is a fantastic display. The reason for this is that a better display will improve your viewing experience and reduce eye strain in all situations, whether you’re watching a show, working on software, or playing a game.



Source link


Choosing the right laptop for a computer scientist is a very crucial task as they need to sit in front of it and do lots of programming for a long time. So it is ideal for them to find a laptop with a better display to protect their eyes from straining; a good keyboard so they can write for a longer period without getting tired. Other than that, high-end specifications where they can do all the coding and graphic designing and longer battery life will also be highly recommended for them. We will be discussing three of the best laptops that are worth your money.

Apple MacBook Pro

In comparison to its predecessors, the Apple MacBook Pro 2020 is still one of the greatest on the market. It is equipped with Apple’s proprietary M1 microprocessor, which is quicker and more efficient than Intel and AMD-based CPUs. This chip comes with an 8-core processor and an 8-core GPU capability for better processing speeds, and if you are a graphic designer, then it will generate and render video and animations a lot faster as well. This also means that you can run all the important programming applications with ease, such as Visual Studio and Android Studio.

Another great feature is that it comes with a 16-core neural engine for better optimization and decision-making based on machine learning which will also come in handy in improving the battery life, which is around 20 hours. Other than that, it also comes with 8GB of RAM that can be enhanced up to 16GB and fast storage up to 2TB as well.

It features one of the best 14-inch retina displays on the market, with highly sharp and crisp colors and a brightness of 500 nits, which should be plenty to use whether you’re inside or outside in the open. The screen has also come with less bezel compared to its previous versions, and the build quality is very premium and robust.

The camera and mic quality are also great so others can see and hear you properly, and it doesn’t lack ports as there are plenty of them as well, such as 2 thunderbolt ports, a display port, thunderbolt 3, USB 3.1, and USB 4. This laptop is a must-buy if money is not an issue for you as generally Apple laptops are expensive, and this laptop will cost you around under $1750.

Buy Apple MacBook Pro M1

Lenovo ThinkPad X1

This is one of the best Windows-based laptops you can buy, especially for computer scientists, and it costs roughly $1800. However, you can get an earlier version for a lot less money. One of its greatest features is its keyboard, which has incredibly soft and easy-to-use that will never strain your hand even if you type for lengthy periods of time. Its internals includes a 10th generation Core i7 laptop that can be overclocked to 4.9GHz, while it also features 16GB of RAM and a 512 NVME SSD for storage.

The display on this laptop is excellent as it has a resolution of 1920×1080 under the 14-inch screen. It comes with a full HD display, where the color representation is great and accurate. The maximum brightness of this laptop is 400 nits, whereas the bezel of the screen is finta noticeable compared to some other laptops. It’s a lightweight laptop with a weight of only 2.40 lbs, but its build quality is great.

This laptop’s battery life is also worth noticing since it can last up to 19.5 hours, which should be enough time to use it without needing to charge it. The speakers are also excellent, providing clear sound, and the cooling fan smoothly maintains the laptop’s temperature. Overall, this is an excellent laptop for programmers and computer scientists, whether you’re coding or designing on it.

Microsoft Surface Book 2

The unique feature of the Microsoft Surface Book 2 is that it comes with a detachable screen that you can remove from the keyboard. It comes with a touchscreen, which makes it super useful as now you can use it as a table, and you no longer need to carry the keyboard along with it. Other than that, it also has some of the most advanced specifications available on the market, just like the other laptops.

It comes with a core i7 10th gen processor that can be overclocked up to with the ram of 16 GB and the storage of 512 GB SSD NVME. Whereas the build quality is very premium, the keyboard is great with backlights that are finta visible even in the dark areas. The bezels are very thin from all sides, and it weighs around 2.38 lbs, which is a lot lighter compared to the other laptops.

It has a screen of 15 inches and comes with an LCD display having a resolution of 3260 x 2160 pixels, so the colors are very accurate and crisp. The sound quality is also great, and the laptop doesn’t vibrate at all at maximum level and has a very efficient cooling system so that your laptop doesn’t get hot even if you use it for a longer period. So, it’s a great laptop for programmers to run their favorite applications but it’s far better for designers as you can detach the laptop and can-do wonders with it.

Conclusion

Because computer scientists spend most of their time in front of a computer screen, they require a laptop that can suit their demands in any scenario. We looked at three of the best laptops for getting the work done swiftly and effectively.



Source link


MongoDB is an open-source database management system that allows its users to add downloads and connect them easily with the server. As the name implies, like other databases, it will store data and will allow users to manage it. For this purpose, it has several functions (i.e. updateMany()). UpdateMany() is the command line function that is used to modify documents in the collection of MongoDB depending on the query we used. Modification is always related to either replacing the existing data or adding a new field in the record. Our current topic refers to the updateMany() feature in MongoDB. Let us start with the implementation to see how this command is relatable to each scenario.

When you open the terminal, you are now supposed to write any command regarding MongoDB. If you are not sure on the database you are connected with, simply write ‘db’. This will bring the name of the database.

The database will be either the default or a user-defined db. If you have not created a database of your own, then most probably MongoDB will use the default database, ‘test’. But to use the database of your own, you are required to use a command of ‘use’ with the database name.

Hence, demo is the user-defined database. MongoDB terminal will respond to which the database is switched from the test to the demo database.

Collection creation

Merienda you are done with database connectivity and creatione, your concern will rely on data entry. Similar to other databases, MongoDB also offers containers to store data. These are COLLECTIONS. Let’s see how collections are formed by using the name ‘test’.

>> db.createCollection(‘test’)

The createcollection command with the db keyword is used to create a collection along with the name in parenthesis. Make sure that the collection is created in the same database you want to use in the future. Because while creating a collection, the database name is not specified.

The response of MongoDB is ‘ok’, which means the collection is created successfully without any exception. We had already added data to the collection. Three attributes are added and assigned with the values respectively. To see all data, use the find() command.

>> db.test.find().pretty()

This command will fetch all the records of the test collection.

You can observe that 4 rows are entered into the collection.

UpdateMany()

Sometimes, you have entered the wrong data, or you need to add more fields to the record. In other words, you need modification of data. So, it is done through the UPDATE command.

MongoDB provides a facility to update the existing documents. There are two types to update the documents.

  • db.collection.updateOne() – It updates a single attribute in a collection.
  • db.collection.updateMany() – It is used to update many attributes through a single command, in the collection.

Note: Both Update types are useful, but it is recommended by the developers to use UpdateManny() as it consumes less time and makes the code shorter.

As our topic under discussion is updateMany, so we will go with it by describing the syntax.

# db.collection_name.updateMany(FILTER, name OF the attribute/document , options)

Here db denotes the current database and collection_name is the collection on which you want to apply the update command. Mainly there are three arguments in the function of the updateMany parameter.

  • Filter: It acts the same as the find() method. It shows the selection criteria for the update.
  • Document: It contains the value you want to add in the row or the one that can be used for replacement.
  • Options: It is an optional value that can be removed.

As we have created a collection and added sample data to it already, let’s apply the updateMany command on the collection.

Example 1: Update an existing record

This example refers to the modification of an already existing value. For instance, the filter portion of the command will find the name attribute. When the match is found, the value of the age feature is replaced.

>> db.test.updateMany({name: «david»}, {$set:{age: 20}})

In response to the command, MongoDB will acknowledge the query as true and will show that one match was found in the whole record. Then, the concerned row is modified.

To see the record we will use the find () command

>> db.test.find().pretty()

As a result, you will notice that the age of David was 26 when the record was entered but on applying the updateMany() function, the age feature is replaced with 20.

Example 2: Add a new attribute to the existing record

Now we will update a single field in the record of more than one person. Previously, we have used a name that is a unique attribute. It specifies only a single person. To target more, we have selected a section attribute. This time we will not modify the existing record, but the new one will be added. The attribute is “team” with a value. This will be added only in those rows that have section A.

>> db.test.updateMany({SECTION: «A»}, {$set:{Team: «Fruit»}})

The command will return that 2 rows are modified after finding the match. On using the find() function, you will get:

Example 3: Modify all record

If you want to add a new field in each row, we do not use any attribute in the filter of the command but empty brackets are mentioned.

>> db.test.updateMany({}, { $set: {eligibility: «True»}})

So the new eligibility attribute will be added in all rows.

Conclusion

This discussion was to provide the use of the updateMany() command in the MongoDB database. We gave a brief introduction to the database, collections, and insertion of data because they are the prerequisites for applying the updateMany() command. The update command can be further used in two subfields; Updateone() and UpdateMany(). UpdateMany is used in detail by using some examples that assist in learning and understanding this concept.



Source link


JavaScript animations are created by making incremental programming changes in the element’s style. These animations have the ability to perform the task that CSS can not do on its own. DOM is known as Document Object Model and the whole HTML document is represented by a document object.  According to the logical equation or function, you can move several DOM elements across the page using JavaScript.

In this post, you will learn about the basics related to JavaScript animation utilizing the simple example. So, let’s start!

Functions used for creating JavaScript Animation

In JavaScript, there are three functions are commonly used for creating animation.These are:

  • setTimeout (function, duration): The total setTimeout() function sets a timer which executes a function or specified piece of code after some delay or duration.
  • clearTimeout (setTimeout_variable): The clearTimeout() function is used to clear the timer that has been set by the setTimeout().
  • setInterval (function, duration): The setInterval() function sets a timer which repeatedly executes a function or piece of code according to the specified duration.

Let’s take a simple example of creating JavaScript animation to understand how it works.

How to create a JavaScript Animation

In this example, we will create a JavaScript animation web page using HTML. To do so, first of all, we will create a HTML file named “Animation_JS.html”.

In this HTML file, we will add a button named “Move” and add two containers named “container” and “javascriptAnimation”. For the first “container”, we will set its properties such as height, width, position, background, border-radius, and display. Moreover, we will set its “position” as “relative” which indicates that this container is positioned normally.

Similarly, we will specify the values for the width, height, and background-color properties of the “javascriptAnimation” container, while setting its “position” as “absolute”. Upon doing so, this container will be positioned to its nearest ancestor:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

</html>
<!DOCTYPE html>
<html>
    <head>
        <title>What is JavaScript Animation</title>
    </head>
<style>
#container {  
  width: 420px;  
  height: 420px;  
  position: relative;  
  background: purple;  
  border-radius: 50%;
  display: inline-block;
}  
#javascriptAnimation {  
  width: 55px;  
  height: 55px;  
  position: absolute;  
  background-color: orange;  
}
</style>
<body>
<p>
<button onclick=«animation()»>Move</button>
</p>
<div id =«container»>
<div id =«javascriptAnimation»></div>
</div>
</body>
</html>

Next, inside the <script> tag, we will define an “animation()” function that will be called when the user clicks the “Move” button. This “animation()” function will first fetch the “javascriptAnimation” HTML  element. Then, we will assign an “id” to the “clearInterval()” function, which invokes the “frame()” function after “5” milliseconds.

In the “frame()” function, the number of frames will be set per second. If the position of element reaches 305px, then the “clearInterval()” function clears it Otherwise the fetched HTML “javascriptAnimation” element will moves top and moves according to the “position” value:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

<script>
var id = null;
function animation() {
var elem = document.getElementById(«javascriptAnimation»);
    var position = 0;
    clearInterval(id);
    id = setInterval(frame, 5);
    function frame() {
        if (position == 305) {
            clearInterval(id);
        } else {
            position++;
            elem.style.top = position + ‘px’;
            elem.style.left = position + ‘px’;
        }
    }
}
</script>

Here is the snippet of the script code:

Execution of the above-given JavaScript program will show the following output:

Then click on “Move” button to view the created JavaScript animation:

That was all essential information related to JavaScript animation. You can further explore as required.

Conclusion

Animation is known as simulation of movement made by the series of Images. JavaScript animations are created by making small programming modifications to the style of an element. In JavaScript, you can create animations using the three most commonly used functions named setTimeout(), setInterval() and clearTimeout(). In this post, we have discussed JavaScript animation and its related functions with the help of a simple example.



Source link