Posted on

NetNewsWire 5.0 RSS Reader Rebuilt from Scratch, Now Free and Open Source

NetNewsWire 5.0 was released this week as a completely rebuilt, free and open source Mac app. Back in its earlier days, the 17-year old RSS reader was widely regarded as the best available. Since its creation, the app has changed hands multiple times through two acquisitions, finally landing back home with its creator, Brent Simmons, in August 2018.

NetNewsWire 5.0 retains much of its original character while incorporating modern features like JSON Feed support, Dark Mode, a “Today” smart feed, syncing via Feedbin, starred articles, and more. It is a brand new app that doesn’t use any code from previous versions. Users who are updating from older commercial versions can export OPML from the old app and import it into the NetNewsWire 5.0 app.

Notably lacking from the app is the ability to sync data across devices. Right now this is only possible if users hook up Feedbin. Simmons said he is working with contributors on an iOS version of the app.

Although it may not yet have as many features as some of its contemporaries, NetNewsWire’s return was celebrated by those who are hopeful that RSS can be one of the key technologies for unshackling web users from social media silos. NetNewsWire is back in support of this mission, which is highlighted on the app’s homepage:

We support the open web. The big social networking sites are damaging society and eroding democracy — and we believe one of the ways out of this is to get our news via the open web rather than from Twitter and Facebook.

NetNewsWire is part of repairing the web we lost, and it’s part of building the web we want. That future web should not include viral hate speech, abuse, massive corporate surveillance, or successful influence operations by hostile governments and entities opposed to democracy.

NetNewsWire is no longer owned or sponsored by any corporation. In fact, the app’s GitHub repo has a support document that says: “First thing: don’t send money. This app is written for love, not money.” It outlines the project’s values:

NetNewsWire is all about three things:

The open web
High-quality open source Mac and iOS apps
The community that loves both of the above

In contrast to recent experiments and conversations around sustaining open source infrastructure, NetNewsWire’s approach gives the project the creative freedom to take risks and ship software at their own pace.

When one commenter asked on Twitter about NetNewsWire’s business model, Ruby on Rails creator David Heinemeier Hansson commented in defense of the project’s lack of a plan for making a profit.

“Not everything needs a business model,” Hansson said. “Writing open source software for fun, for the intellectual challenge, for the expression of creativity, are valid reasons. Same too goes for writing and sharing. Filtering everything through WHERE’S THE MONEY is a disease of the soul.

“An open source RSS reader that does not operate a service does not need a business model. An individual publisher paying a pittance to host a blog with RSS does not need a business model.”

If you’re looking for a new RSS reader to aggregate your news in a more calm environment than Twitter or Facebook can provide, NetNewsWire is a strong open source option with an exciting future ahead. Few apps have this kind of longevity, and it will be interesting to see how it evolves as an open source Mac app. As of version 5.0, it’s still fairly minimalist in terms of features but has a lot of momentum and a passionate community behind it, which in this case has proven more valuable towards ensuring its future.

Posted on

Get a Bigger Picture With Couchbase N1QL Window Functions and CTE

See Couchbase N1QL window functions more clearly.

Whether it is a personal need to understand your spending pattern from looking at the bank transactions, or seeking to improve the sales performance in your organization by looking at the sales activities, the real insights are only visible with additional aggregation and summarization of the transactional level data.

Traditional RDBMSs provide this capability through the expressive power of SQL aggregation. Window functions were added to the ANSI SQL standard to further extend the ability to express more complex questions with the SQL construct.

Posted on

Using AI to Advance Science

AI could be cooking in 2019

On a recent trip to Accenture’s Dock facility in Dublin, they showcased an AI-based tool to recommend new recipes after having crunched through thousands of existing recipes to come up with potential new flavors.  Though the work is interesting, perhaps such an approach is far more interesting when applied to innovation itself.

A growing proportion of innovation today is what’s known as recombinative, and sees existing ideas and concepts applied in fresh and creative ways. Researchers are increasingly deploying AI-based tools to help devise some of these possible roads to explore.

Posted on

PostgreSQL Backup and Recovery Automation

A critical PostgreSQL client contains valuable data, and PostgreSQL databases should be backed up regularly. Its process is quite simple, and it is important to have a clear understanding of the techniques and assumptions.

SQL Dump

The idea behind this dump method is to generate a text file from DataCenter1 with SQL commands that, when fed back to the DataCenter2 server, will recreate the database in the same state as it was at the time of the dump. In this case, if the Client cannot access the primary server, they can have access to the BCP server. PostgreSQL provides the utility program pg_dump for this purpose. The basic usage of this command is:  pg_dump dbname >backupoutputfile.db.

Posted on

Couchbase N1QL Query With Self-Referencing Hierarchy

Let's look at a Couchbase N1QL query.

A data construct that often appears in business applications is the hierarchical data structure. Hierarchy captures the parent-child relationship often between the same object. For instance, a company structure captures the reporting line between employees. A business organization captures the relationship between parent companies and subsidiaries. Territory hierarchies in Sales. Book of accounts in financial applications.

Due to the self-referencing nature of hierarchy, querying the structure efficiently along with its associated data can be a challenge for RDBMSs, particularly from a performance perspective. In this article, I will discuss how a traditional RDBMS handles hierarchical queries, the challenges that it has to deal with, and how this issue can be similarly addressed with Couchbase N1QL and Couchbase GSI.

Posted on

API Security Weekly: Issue #46

Facebook patching their APIs like

This week, Cisco and Facebook have patched their APIs, a detailed report on Solr parameter injection is out, and GitHub continues their fight against API keys and tokens in public repositories.

You may also like: RESTful API Security.

Vulnerabilities: Cisco

Cisco has released patches for several critical API security flaws in its Cisco Unified Computing System (UCS) software and Small Business 220 Series Smart Switch routers. The patches center around the APIs behind the web-based management interfaces.

Posted on

Use Case-Specific Error Handling in Mule 4

Often times when you are processing data through a flow, you may want to treat certain errors differently than others. For instance, if you are trying to select records from Salesforce, you would want to handle a record not found error differently than an out of memory error. For this reason, MuleSoft allows us to handle errors based on use cases as well as the types of errors that are being thrown.

Experts in their field.
You may also like: Creating a System API Using Mulesoft

Processor Level Error Handling

In Mule 4, a try scope is used when you want to attempt to perform an action and catch the error and attempt to handle the error before failing an entire flow. The basic process for a try scope is:

Posted on

GraphQL Java Example for Beginners [Spring Boot]

Chicks like GraphQL Java Examples with Spring Boot too!

GraphQL is a query language for APIs that allows clients to request limited data they need, making it possible for clients to gather data in a limited number of requests. GraphQL is a strongly-typed protocol and all data operations are validated against a GraphQL schema.

In this article, we will look at a GraphQL Java example and build a simple GraphQL server with Spring Boot.

Posted on

Scikit-Learn and More for Synthetic Dataset Generation for Machine Learning

Synthetic dataset generation for machine learning

Synthetic Dataset Generation Using Scikit-Learn and More

It is becoming increasingly clear that the big tech giants such as Google, Facebook, and Microsoft are extremely generous with their latest machine learning algorithms and packages (they give those away freely) because the entry barrier to the world of algorithms is pretty low right now.

The open source community and tools (such as scikit-earn) have come a long way, and plenty of open source initiatives are propelling the vehicles of data science, digital analytics, and machine learning. Standing in 2019, we can safely say that algorithms, programming frameworks, and machine learning packages (or even tutorials and courses how to learn these techniques) are not the scarce resource but high-quality data is.

Posted on

StandardJS Ends Controversial Funding Experiment

Feross Aboukhadijeh, maintainer of StandardJS, has formally ended the funding experiment he started lasted week, which inserted ads in the terminal whenever Standard 14 is installed.

Although the experiment met widespread aversion, it successfully captured public attention and put a spotlight on the critical need for a viable model of funding open source infrastructure. It also uncovered some intense presuppositions that developers have when it comes to protecting their workflow in the terminal.

“If nothing else, it’s nice that funding forced open source ‘consumers’ – folks who enjoy the benefits of open source software without ever contributing anything back – to reconsider their relationship with open source,” Aboukhadijeh said. “I think we successfully pushed back against the entitlement to free labor that is pervasive in the interactions that open source consumers have with maintainers.”

Supporting work with advertising is nothing new, but the shock of seeing ads in the terminal activated an urgency in the open source community to collectively brainstorm and consider new approaches.

“While I didn’t like the approach, I understood the goal,” ESLint creator Nicholas C. Zakas said. “There is little involved in mindlessly typing ‘npm i’ and getting something for free. This experiment at least broke people out of that mode, even if only momentarily.”

Google Chrome engineer Chris Palmer said he saw Aboukhadijeh’s experiment as “a live demonstration of the fact that it’s very very hard to get people to pay, in any way, for information goods, which are indeed scarce. It has been as delightful and as bracing as it always is.”

In his recap of the funding experiment, Aboukhadijeh contends that the phrase “open source sustainability” isn’t ideal, because maintainers are often simply subsisting, as opposed to thriving, on the few donations they receive, despite creating millions of dollars of value for the companies that use their work.

“The dirty secret of open source is that much of it is powered by maintainer guilt,” Aboukhadijeh said. “A lucky few manage to land day jobs that allow them to work on open source. But most folks have to be more creative – squeezing in time after work, secretly doing open source maintenance at work, or opting out of normal society completely.”

Aboukhadijeh is particularly concerned about finding solutions for the “invisible” maintainers of transitive open source dependencies, packages that no one installs directly:

But reliable, error-free transitive dependencies are invisible. Therefore, the maintainers are invisible, too. And, the better these maintainers do their job, the more invisible they are. No one ever visits a GitHub repository for a transitive dependency that works perfectly – there’s no reason to do so. But a developer investigating an error stack trace might visit the repository if for no other reason than to file an issue. At least then there’s a small chance they’ll see the maintainer’s plea in the README.

We need solutions that work for these folks too.

Although this particular funding experiment did not prove to be successful, Aboukhadijeh said he has more sponsors who are interested and more experiments in the works that he is excited about.

“Maybe ads aren’t the answer – fine,” he said. “But telling maintainers to bury their appeals where no one bothers to look is not the answer, either.

“Approximately 100% of the Fortune 500 use open source code. Maintainers are just starting to wake up to our own power. Expect to be surprised. This certainly won’t be the last open source funding experiment.”

Posted on

Spring Bean Lifecycle: Using Spring Aware Interfaces

Through Spring Aware interfaces, you can access Spring bean lifecycle events.

Spring Aware interfaces allow you to look into the inner workings of the Spring Framework. Through Spring Aware interfaces, you can access the Spring context, or Spring bean lifecycle events.

Your Spring beans might require access to framework objects, such as ApplicationContext, BeanFactory, and ResourceLoader. To gain access, a bean can implement one of the many Aware interfaces of the Spring Framework.

Posted on

Variable Fonts vs. Static Fonts and Cross-Browser Compatibility, Part 1

Variable Fonts have unleashed a whole new world of creative possibilities along with enhancing website’s readability, accessibility, performance, flexibility, and responsiveness. Developers no longer need to rely on standard static fonts bound with fixed design limitations, but, rather, can embrace variable fonts to unlock thousands of typographic variations along with font animations to create unique custom font styles.

Variable fonts are part of the ‘OpenType’ specification originally developed as a joint collaborative project between the four giants – Apple, Microsoft, Adobe, and Google. The key concept behind variable fonts is to utilize unlimited font style variations of a specific typeface by relying on just a single font file. This allows a developer to fully utilize the potential of RWD (responsive web design) by modifying or animating the typeface based on a device'c viewport, type, orientation, mouse events, etc. On the contrary, standard static font requires separate font files for each font style, resulting in dreadful site performance.

Posted on

Need some help with secure attribute access

So I've successfully written a metaclass that gives python the functionality of private attributes in classes.

Q: But what about inst.__private?
A:

>>> class A(object):
    __slots__ = ['__private']

    def __new__(cls):
        inst = object.__new__(cls)
        inst.__private = 10
        return inst

    def showprivate(inst):
        return inst.__private

>>> inst = A()
>>> inst.showprivate()
10
>>> inst._A__private = 20 # security through obscurity never works
>>> inst.showprivate() # sorry not private
20

With my metaclass, private attributes are inaccessible outside native and super-native namespaces:

class A(object, metaclass=privatetype):
    __slots__ = ['A']
    __private__ = ['B'] # NOTE: __slots__ is enforced for security regardless of local definition

    def __new__(cls): # native
        inst = object.__new__(cls)
        inst.B = 10 # can only be accessed here
        return inst

class B(A):
    # NOTE: __slots__ = ['B'] is not allowed
    __private__ = A.__private__ # inheritance would add insecurity
    # ^ with this we can restrict specific private attributes to superclasses

    def method(inst):
        return inst.B # or here (including further subclasses)

# NOTE: you can not add methods after class creation and expect to access private attributes.

So how does it work?
The answer is frame validation, to make sure we're in a native namespace before looking up private attributes from an external dictionary.

Since the code for this is currently written in python,
it's currently exploitable by accessing __closure__[1].cell_contents of either B.__getattribute__ or B.__setattr__ (both are the same function).
This will give you access to a mappingproxy (read-only dict) of ['attr'](inst, *val) functions,
the functions return either static values, or the result of a member_descriptor (__get__/__set__) call.

What's __closure__[0].cell_contents?
It's a frozenset (read-only set) containing native code objects the function uses to validate frame f_code objects with.
This would only be useful to a hacker if they could modify it, allowing them to add "native" functions to classes to manipulate private attributes.

So there's 2 things I want to ask here before I show the code for the metaclass.

1: is it possible to restrict access to the mappingproxy to close the final backdoor and prevent external access to manipulating private attributes??

2: I'm having an issue with super-native functions where calling a super-native while supplying the class/instance operates on super-class private attributes...

To explain this a bit further:

class A(object, metaclass=privatetype):
    __private__ = ['B']

    B = {'A':10, 'B':20} # static

    def __new__(cls):
        inst = object.__new__(cls)

        for k,v in inst.B.items():
            print( '%s = %s'%(k,v) )

        return inst

class B(A):
    __private__ = A.__private__

    B = {'A':30, 'B':40, 'C':50} # static

    def __new__(cls):
        return A.__new__(cls)

When we call inst = B() the result prints this: (hash order ignored)

A = 10
B = 20

This is because we're calling A.__new__ which has the private context of class A instead of B as expected

How can I use the context of class B without compromising security??

For the metaclass code, keep in mind this isn't final, so it's still a bit messy:

from sys import _getframe, _functools import reduce
class _c(object): __slots__=['_a']; _m=lambda i: None
mappingproxy = _c.__dict__.__class__; method = _c()._m.__class__; del _c # yeeted

getstatic = lambda value: lambda inst, *val: None if val else value # getset for static items
newtype = type.__new__
class privatetype(type):
    def __new__( typ, name, bases, NS ):
        # won't be so hacky in C
        def __getsetattr__(inst,attr,*val):
            # return typical methods from super-class (extended security for preventing access here)
            if attr == '__setattr__': return None if val else super(cls,inst).__setattr__
            if attr == '__getattribute__': return None if val else super(cls,inst).__getattribute__
            try:
                f = _getframe(1)
                return privateattrs[attr](inst,*val) if f.f_code in nativecodes else( # getset private attribute
                    super(cls,inst).__setattr__(attr,*val) if val else super(cls,inst).__getattribute__(attr) ) # normal attribute
            finally: del f
        NS['__getattribute__'] = NS['__setattr__'] = __getsetattr__
        oldslots = NS.get('__slots__',frozenset()) # backup

        # check for subclass globalization of private attributes
        superprivateslots = reduce(frozenset.union, (frozenset(getattr(cls,'__private__', frozenset())) for cls in bases))
        for attr in oldslots:
            if attr in superprivateslots:
                raise AttributeError("can't make private attribute '%s' public."%attr)

        # remove private static attributes from NS
        nativecodes = { None, __getsetattr__.__code__ }; addnativecode = nativecodes.add
        privateattrs = {}
        privateslots = set(NS.get('__private__', set()))
        for privateattr in privateslots:
            if privateattr in NS: # make static
                item = NS.pop(privateattr)
                privateattrs[privateattr] = getsetstatic(item)
                addnativecode(getattr(item, '__code__', None)) # private methods are native too

        # create private members
        NS['__slots__'] = frozenset(oldslots).union(frozenset(privateslots.difference(privateattrs))) # exclude static
        cls = newtype(typ, name, bases, NS)

        # remove remaining private items and add super-natives
        for attr in dir(cls): # dir() to get ALL public items, not just cls.__dict__ local items
            item = getattr(cls,attr)
            if isinstance(item, staticmethod): item = item.__func__
            if isinstance(item, property):
                for a in ('fget','fset','fdel'): addnativecode(getattr(getattr(item,a), '__code__', None))
            else: addnativecode(getattr(item, '__code__', None))
            if attr in privateslots:
                delattr(cls, attr)
                privateattrs[attr] = method(lambda dsc, inst,*val: dsc.__set__(inst,*val) if val else dsc.__get__(inst), item) # getset method

        # freeze to prevent modification (won't be so easy to access once written in C)
        nativecodes = frozenset(nativecodes)
        privateattrs = mappingproxy(privateattrs) # not sure why this isn't builtin
        # note that private mutable objects can still be modified

        cls.__slots__ = oldslots
        return cls

No I will not follow PEP8, I'm sorry if you're offended.

Posted on

7 Best WordPress Invoice Plugins Compared (2019)

Are you looking for the best invoicing plugins for WordPress? An invoicing plugin can make it easy to automatically generate invoices, collect orders, and manage your finances.

As a business owner, there’s a lot to manage and manual invoices can take up significant amount of your time. Your invoices may look different each time, which isn’t very professional.

Using a professional invoicing software allows you to automate all invoicing and payment processes, so you can focus on growing your business.

In this article, we will share some of the best WordPress invoices plugin for various needs.

Best invoicing plugins for WordPress

Choosing the Best Invoicing Plugins for WordPress

There are several WordPress plugins that you can use to create online invoices and collect payments from your customers. All these WordPress invoice plugins offer different features which makes it difficult for beginners to choose the right invoice plugin for their business.

The key features that you should look for in a good WordPress invoicing plugin are:

  • One-time and recurring payment collection
  • Partial payment options
  • Automatic tax deduction and tax reporting
  • Single dashboard to manage all invoices and taxes
  • Credit card and other payment gateways
  • Payment scheduling and late fee option

It would be a bit difficult to find a solution that caters to all your invoicing needs. You’ll need to review the features and find a solution that suits your invoicing and payment requirements.

That being said, let’s take a look at our top picks for the best invoicing plugins for WordPress.

1. WPForms

WPForms

WPForms is the most business friendly WordPress form plugin. It comes with a drag and drop builder which allows you to easily create any type of form including user registration forms, newsletter signup form, request a quote form, donation form, payment collection form, etc.

With WPForms, you can easily generate an online order form which gives you the option to automatically send an invoice to the customer. You and your customers also get an instant email notification upon completion of the payment.

WPForms integrates with PayPal and Stripe to collect payments. This allows you to easily accept credit card payments without using a shopping cart plugin or eCommerce software.

While WPForms is not as robust as some other WordPress invoice plugins below, it has all the essentials features that you’ll need, and it will save you money because it can serve multiple purposes such as help you build contact forms, request a quote lead forms, collect feedback via surveys, etc.

You can use our WPForms coupon to get an additional 50% off.

2. FreshBooks

FreshBooks

FreshBooks is popular accounting software for small businesses. It allows you to create professional invoices in a few clicks. You can fully customize the invoice by adding your business logo and personalized note.

It has an automated system to send reminders to customers for the overdue payments. FreshBooks also charges your clients’ credit card securely for recurring payments and sends notifications to you and your customers.

You can add your work hours and expenses in the invoices to display a proper breakdown of the payment. It also offers tax collection, preferred currency selection, discount codes, and pre-payment option.

Freshbooks is a SaaS invoicing platform that works with all best website builders including WordPress. It is the most robust invoice software in the list, but their pricing is a bit more expensive since they charge you based on the number of billable clients.

3. WP Invoicing

WP Invoicing

WP Invoicing is a feature-rich WordPress invoicing plugin. It runs on your WordPress site and can help you create and send invoices to customers.

It can also automatically manage taxes in the invoices. This helps you save time while automating the process for you and your customers.

The plugin supports multiple payment gateways like PayPal, Stripe, Authorize.net, and more. It can also be used to set up recurring payments and automatically generate invoices for each payment.

While the base WP Invoicing plugin is free, you will have to pay for individual extensions, or you can buy a bundle membership which is a much better deal.

4. Sliced Invoices

Sliced Invoices

Sliced Invoices is a professional WordPress invoicing plugin. It has multiple pre-built templates and designs to generates invoices quickly. You can also create custom invoices with your logo and text, so you can send quotes directly to customers.

It comes with a reporting system to manage all your invoices and quotes in one place. Sliced Invoices is translation ready which would enables you to send invoices in your customers’ language. It also includes extensions for PDF invoices, recurring payments, deposit invoices, and more.

Slide Invoices is a free plugin, but you will have to pay for individual extensions, or you can buy a bundle membership which is a much better deal.

5. Sprout Invoices

Sprout Invoices

Sprout Invoices is a full-fledged invoicing plugin for WordPress sites. It can estimate the cost of your services and generate detailed invoices for customers automatically.

The plugin integrates with 300+ apps for payments, invoice designs, workflows, and more. It has a powerful payment scheduling system to set terms for customers like payment amount, due date, late fees, etc.

6. WooCommerce PDF Invoices

WooCommerce PDF Invoices

WooCommerce PDF Invoices is a WooCommerce extension to send a PDF invoice with every order confirmation email. It has a ready-made template for the PDF invoices, and you can also create your own custom invoice templates.

It manages a sequence number for the invoices, so that you can keep track of all the payments. The customers can download invoices from their account page on your eCommerce website. You can also connect a printer with the plugin to print invoices as soon as the customers confirm the order. If you run an online store using WooCommerce, then this plugin can be the answer to your invoicing needs.

This plugin does not work with other WordPress eCommerce plugins, but most other solutions have their own invoice extensions.

7. WP-Invoice

WP-Invoice

WP-Invoice is a free WordPress invoicing plugin. It’s perfect for digital agencies, general contractors, web developers, and any business that needs to send invoices to their customers.

It allows you to create the invoice within your WordPress dashboard. Once you generate the invoice, your customer will receive an email, and they can follow the link to make payments easily. You can also fully customize the email notification. WP-Invoice is a little limited in terms of features, but it can be an easy to use solution for many small businesses.

We hope this article helped you find the best invoicing plugins for WordPress. You may also want to check out our expert pick of the best WordPress plugins, best email marketing services, and best business phone services for small businesses.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 7 Best WordPress Invoice Plugins Compared (2019) appeared first on WPBeginner.

Posted on

95% Off: Get the Facebook Ads and Facebook Marketing Course for only $9.99

Over the last decade, there were hundreds of social media channels introduced on the market. Some have stood the test of time, while others never caught on. Despite the introduction of different social channels, Facebook still remains to be the biggest social media platform to date. In fact, this behemoth social media platform has over […]

The post 95% Off: Get the Facebook Ads and Facebook Marketing Course for only $9.99 appeared first on designrfix.com.

Posted on

Survey Reveals Rapid Growth in Kubernetes Usage, Security Still a Concern

Do you have the keys to unlock DevOps security?

The rapid adoption of container technology, DevOps practices and principals, microservices application architectures, and the rise of Kubernetes as the de facto standard for container orchestration are the key drivers of modern digital transformation. Whether an application is built in the cloud, on-premises, or in hybrid environments using container technologies, or it's being ported to a containerized infrastructure, containerization has clear advantages in terms of scalability, portability, and continuous development and improvement.

In a medium article, Tinder's Engineering Team recently announced their move to Kubernetes to solve scale and stability challenges. Twitter is another company that has announced their own migration from Mesos to Kubernetes. New York Times, Reddit, Airbnb, and Pintrest are just a few more examples.