DEV Community: dammyreginal

Installing Kali linux

dammyreginal — Wed, 22 Sep 2021 06:16:02 +0000

Please treat as urgent. I need help badly for this:
I installed kali linux on my VM. However the boot loader will not install:

Top skills you need as a JavaScript Developer Mahima Jaiswal

dammyreginal — Tue, 27 Jul 2021 14:53:38 +0000

No doubt, JavaScript development is a booming profile. Today there are around currently 12.1 million JavaScript developers in the market worldwide and drawing a salary of $110,673 annually, which equals $47.49 per hour.

These figures are clearly proving the prominence of JavaScript development. The profile is at its peak, and we have stepped into a programmer's world. Those looking to make a career have a bright future.

Though, what I have observed among the students is that their focus is only on their degree. They are not working on their skills. I am not considering them wrong, but I want to clarify that it's not enough; it will not make them the top-notch JavaScript developer they wish to be.

But don't be sad, I have a perfect guide for you. In this blog, I have listed the top skills you need to become a JavaScript developer.

Top JavaScript Developer Skills

1. Expertise in Core JavaScript

The foremost thing in learning JavaScript development is first learning the language itself. Though you don't need to be a master, it has its basic understanding of the paradigm and control flow.

Many people may find JavaScript a tough language to learn. It has gained a good share of quirks and gotchas, but it becomes your habit once you get into it, and you find it easy and more interesting.

It's like school mathematics, where you need to put the right formula to get the right solution. Similarly, many codes that everyone correct are sloppy, but the language is easy and written pretty eloquently when done right.

The fact is that JavaScript is both a dynamic and a prototype-based language, which may sound a bit irritating for a traditional-object background person. Still, there are some better ways that you can learn from an expert or experienced developer.

2. Client-Side Framework and Libraries

We find so many developers confused in the market in choosing the right JavaScript frameworks. But according to the job's perspective and learning curve, I recommend selecting either Angular JS or React JS. These client-side frameworks and libraries enjoy a great demand in the market, and many companies use them for app development.

Both the framework enjoys good popularity in the market or can also make a detailed comparison of these languages to choose the right one. But again, you can trust both unless you have a different requirement. I will suggest you learn both languages if you want a secure and brighter future.

3. Asynchronous Programming

The next important aspect of JavaScript learning is asynchronous programming. It allows the main thread of the program's execution while waiting for some other different method to complete. Also, learn about Prototypes, Hosting, Scope, Coercion, promises, callback, closures, higher-order functions how all these works in JavaScript.

4. Writing Cross-Browser Code

The next thing that you should learn is writing cross-browser code. It means the website or application you develop should be compatible with multiple browsers. JavaScript provides this compatibility to its applications and websites.

So, learn how to write cross-browser code well for developing websites and applications.

5. React JS

React JS, a popular JavaScript library that allows you to do amazing things most quickly and efficiently. It was developed by Facebook and used by top biggies like Reddit, Tesla, PayPal, etc.

This library has a very high demand in the market today. It has a Virtual DOM that allows quick modification and makes one of the important JavaScript development skills for 2021.

6. Redux

Redux is popular state management for React. However, it's a bit tough to learn and grasp. But you can make things easier by learning Context API. After learning this, you can proceed to Redux. The e-commerce functionalities of the React application need Redux. That's why learning Redux also becomes important for JavaScript developers.

7. Node JS

The following important skill for a JavaScript developer is learning Node JS. It is a run-time tool that enables to do Back-end framework. Today, many companies use Node JS for the back-end, making it a valuable skill for a JavaScript developer.

8. Git

The following skill on my list is Git, a version control system and tracking your coding changes. If you make any mistakes, it will take you back to your code's last version. Thus, learn Git as well for JavaScript development.

9. TypeScript

Earlier, JavaScript used to have many issues like browser compatibility, safety, scaling difficulty, and more. But TypeScript has made many things more accessible; it transpile to clean ES5 code, which solves many compatibility problems. It also allows you to write JavaScript in a more traditional object-oriented way like C#/Java.

Learning TypeScript helps you understand concepts like inheritance, interfaces, access control (public, private, etc.), and abstraction better. Another essential fact about TypeScript is that you can use it with a lint file which enforces specific coding standards.

10. jQuery

The next JavaScript library you should learn is jQuery. It's designed specifically to simplify HTML DOM tree traversal and manipulation, including the CSS, animation, and Ajax. Also, it's available free and open-source software. Today more than 73% of 10 million websites are using jQuery.

11. Communication Skills

Now coming to skills that are vital in every profession, i.e., communication skills. Yes, without it you can't get a good or your dream job, I can say. It's essential from a business standpoint.

You should be strong enough to get your things clear to your team and clients. Therefore, work on your communication skills too while preparing for JavaScript development.

12. Stay Updated With the Latest Technology

As you know, technology is evolving; you always have to keep yourself updated with the latest technological trends and advancements prevailing in the market. It will allow you to develop a market-ready web application for your clients.

No matter how many skills you have learned, going up with the latest practices is essential, and being a developer, you can't skip any updates. So, always keep on learning and brushing up your skillsets.

Final Thoughts
That's all it is! All these are the primary skills that every JavaScript developer should possess. Learn each and everything or consult an expert for a better understanding and guidance. But don't skip any single skillset. As you can see, every skill has a role.

If you want to become the industry's best JavaScript developer, mark Sheryl Sandberg's words, "Build your skills, not your resume."

I hope you find this post helpful in knowing the skill sets you need for becoming a full-stack JavaScript developer. Let me also know your feedbacks and suggestions in the comment section.

Good luck!

Next article NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

dammyreginal — Mon, 26 Jul 2021 11:37:07 +0000

Author:
Lisa Vaas
July 21, 2021 2:11 pm
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass.

A credentials-stealing code bomb that uses legitimate password-recovery tools in Google’s Chrome web browser was found lurking in the npm open-source code repository, waiting to be planted within the sprawling galaxy of apps that pull code from that source.

Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker’s command-and-control (C2) server and can upload files, record from a victim’s screen and camera, and execute shell commands.

npm (originally short for Node Package Manager, or NPM) is the default package manager for the JavaScript runtime environment Node.js, which is built on Chrome’s V8 JavaScript engine. It’s similar to other code repositories such as GitHub, RubyGems and PyPI in that it’s part of a (very long) software supply chain.

“Vast” would be an understatement to describe the ecosystem: npm hosts more than 1.5 million unique packages, and serves up more than 1 billion requests for JavaScript packages per day, to around 11 million developers worldwide.

Abusing Google ChromePass Utility
Besides textual JavaScript files, npm also holds various types of executables, such as PE, ELF and Mach-O. ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled “Win32.Infostealer.Heuristics”, it showed up in two packages: nodejs_net_server and temptesttempfile.

At least for now, the first, main threat is nodejs_net_server. Some details:

nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019. It was last updated six months ago and was authored by somebody using the name “chrunlee”. According to ReversingLabs, chrunlee also seems to be an active developer on GitHub, where the developer is working on 61 repositories.

nodejs_net_server NPM package summary. Source: ReversingLabs.

chrunlee’s github profile. Source: ReversingLabs.

Using static analysis, researchers found the Win32.Infostealer.Heuristics file in several versions of the nodejs_net_server package. Its metadata showed that the file’s original name was “a.exe” and that it was located inside the “lib” folder. A single-letter filename with an extension like that raises a red flag to threat hunters, the researchers noted. Sure enough, a.exe turned out to be a utility called ChromePass: a legitimate tool used to recover passwords stored inside of a Chrome web browser.

chrunlee buffed up the nodejs_net_server package through 12 versions until finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, “probably because the author didn’t want to have such an obvious connection between the malware and their website,” researchers theorized.

chrunlee published the first version “just to test the publishing process of an NPM package,” the analysts described. Three months later, the malware maker implemented remote shell functionality that was polished over several subsequent versions. Then, in April 2020, chrunlee made minor modifications to the shell functionality in versions 1.0.7 and 1.0.8. Finally, in December 2020, version 1.1.0 was updated with a script to download the password-stealing tool.

The Second Problem Package
temptesttempfile: over 800 total downloads. This one’s a bit of a head-scratcher, given that “homepage and GitHub repository links to this package lead to non-existing webpages,” the analysts observed.
One of chrunlee’s npm packages – tempdownloadtempfile – also has non-existing links. One of its files – file/test.js – implements the same remote shell functionality as the ones found in versions of the nodejs_net_server package, but this package doesn’t perform execution hijacking, and it lacks a persistence mechanism, making its purpose “a bit unclear,” ReversingLabs said.

Fun Developer F-Up
ReversingLabs analysts dug up a development “fun fact” when picking through nodejs_net_server code: Its author, chrunlee, not only authored a credential-stealer but also accidentally published their own, stored login credentials, cheek-to-jowl with the password grabber, opening the author themself up to attack.

“It appears that the published versions 1.1.1 and 1.1.2 from the npm repository include the results of testing the ChromePass tool on the author’s personal computer,” researchers observed. “These login credentials were stored in the ‘a.txt’ file located in the same folder as the password-recovery tool, named ‘a.exe’.”

Another fun fact: That text file has 282 login credentials captured from chrunlee’s browser, some of which may still be valid (ReversingLabs didn’t verify them). And, some of those credentials feature the lamest of lame passwords (“111,” for example) and user names (“admin,” anyone?).

Some of the passwords that malware author chrunlee recovered from their own browser. Source: ReversingLabs.

“Just looking at some of the recovered credentials…shows that the author didn’t always care about best password policy practices,” the analysts gracefully understated.

UPDATE: Bad Packages Now Removed
ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn’t removed the packages from the repository.

When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: “Both packages were removed following our investigation.”

Earlier npm Hijacks
This isn’t the first time that npm has been infiltrated by poisonous code. Earlier this year, three malicious software packages were published to npm; any applications corrupted by the code could steal tokens and other information from Discord users, researchers said.

In July 2018, an attacker compromised the npm credentials of an ESLint maintainer and published malicious versions of the popular “eslint-scope” and “eslint-config-eslint” packages to the npm registry. The malicious code copied the npm credentials of the machine running eslint-scope and uploaded them to the attacker.

A few months later, in November 2018, another malicious package was discovered: it was a dependency to version 3.3.6 of the popular package, “event-stream.” The malicious package, called “flatmap-stream,” contained an encrypted payload that was tailored to steal Bitcoins from the Copay application.

Repositories Are Increasingly Popular Targets
While the fact that this malware has been lingering on the npm registry for over three years is concerning, the fact is that, thankfully, those years have given antivirus engines a chance to catch up: VirusTotal shows that 46 security vendors have flagged the a.exe file as malicious. So noted Sonatype senior security researcher Ax Sharma, who told Threatpost on Wednesday that the Chrome password-stealing malware “further confirms how attacks on open source ecosystems are here to stay and can go undetected for years.”

It’s not just npm in cyberattacker crosshairs, mind you. Earlier this month, researchers stumbled on a group of cryptominers that infiltrated PyPI, aka the Python Package Index (PyPI), a repository of software code created in the Python programming language.

According to the report, the npm infiltration is just the latest example of how developers are putting too much trust in third-party code, reusing libraries to get fast, easy results and “rarely [making] in-depth security assessments before including them into their project.”

Granted, there’s a whole lot of code to suss out.

“This omission is a result of the overwhelming nature, and the vast quantity, of potential security issues found in third-party code,” according to ReversingLabs. “Hence in general, packages are quickly installed to validate whether they solve the problem and, if they don’t, move on to the alternative. This is a dangerous practice, and it can lead to incidental installation of malicious software.”

Sharma said that what’s of particular note about the discovery of a.exe is the fact that it employs a legitimate password-recovery Windows utility, ChromePass, to steal passwords from a user’s Chrome browser. “Threat actors often rely on legitimate components and services to conduct their sinister activities so as to evade detection,” he said via email.

In the report’s conclusion, ReversingLabs noted that software supply-chain attacks are becoming “a powerful strategy” for malicious actors, with developers being targeted as a critical entry point to their organization and its client base.

“One of the most frequent attack vectors targeting developers is exploitation of public package repositories,” the report warned. “As these repositories have a large number of hosted packages, they offer a good hiding place for malware to lurk in. Repetitive discovery of malicious packages in these repositories has proven that there is a growing need for security solutions that can provide reliable identification and protection against these types of attacks.”

072121 15:09 UPDATE: Added input from Ax Sharma.
072121 16:18 UPDATE: Updated story to include GitHub’s statement.
072121 17:44 UPDATE: Corrected GitHub’s initial statement: At this point, both packages have been removed.

3 DAY BOOT CAMP. Become a junior software developer.

dammyreginal — Thu, 15 Jul 2021 03:20:38 +0000

Learn Html5,CSS,Javascript, nodejs this summer. Click
Reserve a space!
https://chat.whatsapp.com/CqHg2Yz0QgkEwUQIVAkFZc
This program costs three thousand naira only. Limited space available

LEARN WEB DESIGN FOR FREE

dammyreginal — Tue, 15 Jun 2021 23:54:07 +0000

Hello guys!!!
I've tried to bridge the gap between in coding/programming by producing videos teaching web designing on YouTube. Now unlike most YouTube videos, these videos follow a curriculum so that you can become a pro from novice. You'll even get certified!
https://youtu.be/ijabRy-8TI4

Follow the channel above, that's all!
Don't Fail to subscribe.

Beware of Fraudulent POS ~cybersafety

dammyreginal — Tue, 15 Jun 2021 21:09:22 +0000

so dear friends,
how has your day been! In times past on my podcast, I've always shared the experiences of others who have been victims of cybercrime.
Well, today is quite different. Today I will be sharing my own story. Yes, my story if how I was swindled of some hard earned cash and I'd like you all to tell me yours too! let's share and help others avoid the pit falls. more especially, let's learn from each other.
so on this faithful day, I decided to visit the high court at Ikeja. many of us are familiar with this place if you are in Lagos Nigeria.
I went to process an affidavit. after the process I decided to withdraw from the nearest POS outlet to pay for the services rendered. Just about then, the lady in charge brought out a phony POS machine(see pics below). I was skeptical about it as it looked like an android phone. I was sure it was smart and could capture data. However, it was the only POS stall available. so I gave it the benefit of doubt.
after my transaction, I visited one of my transacting banks to transfer some cash to the bank I've just made withdrawal from. All was fine not until a few hours later I got a debit alert of about 34k from my account. Lo and behold when I checked I saw web purchase! So I checked if had erroneously made a purchase. None to be found. Hence, the only logical explanation was that I had fallen victim to information theft.

Please share any experiences you may have so others can learn.

My Tech Startup story

dammyreginal — Fri, 21 May 2021 04:28:46 +0000

Months ago, I desired to learn a new programming language(nodejs). I loved it because of one single feature- it is asynchronous! which means no matter the amount of request it receives at the same time its response speed is never affected(no down time). Also, Facebook, Netflix, bookings.com and other renowned tech companies had migrated to it. I told a friend who was a Developer to put me through, but he hadn't time for me. so i launched a self taught program. Fast forward a few Months later, i did not just learn the language, I now have a tech startup that supports other tech companies to accelerate the integration of this seamless application.
lesson: never give up. what does not kill you makes you stronger.
Https://www.intelhubtech.com

In Memory of Hiny Umoren - a podcast episode on security

dammyreginal — Fri, 14 May 2021 03:30:15 +0000

I'm hurt. I'm sorry guys if today I'm not posting anything related to codding. I feel hurt and bad about the recent happenings in Nigeria. Although not peculiar to Nigeria only. So I've decided to write instead about security. Please follow up with the podcast link below.
The security situation in the country is getting worse. In a world were the devil and his cohorts are in control we can not expect any less. Meanwhile, we must endeavor to take responsibility for our safety. What can we do? Listen.
https://anchor.fm/dami-okoro/episodes/RAPED-AND-MURDERED-in-memory-of-Hiny-Umoren-e10rj7q

Top 10 Reasons Why New Businesses Fail

dammyreginal — Sun, 09 May 2021 09:12:40 +0000

No one starts a business expecting to fail. Starting a business can be a lot of fun and excitement. Success requires a lot of planning and starting the business the right way.
Many developers are not efficient when it comes to growing their businesses. So it's one thing to be a Developer and another to be able to break into the market and profit from your innovations!
In my podcast below, I've stated some reasons why most fail to profit from their ideas.
👇
https://anchor.fm/dami-okoro/episodes/Top-10-Reasons-Why-New-Businesses-Fail-evo63l
Enjoy! Don't forget to feedback.

I'm looking for COLLABORATORS FOR A NEW PROJECT

dammyreginal — Sat, 01 May 2021 12:03:53 +0000

Haven seen the proliferation of hail taxis all over the world, why not throw in a compete for price and increased returns for drivers and passengers alike. What if passengers are able to earn points for each trip which they can use in later trip? Do you think you can join our team to make this happen? Reply to indicate your interest and/view.
Thanks. Yours in coding
Dammy