Annie  Emard

Annie Emard

1651605480

Advisory DB: Security Advisory Database for Rust Crates

RustSec Advisory Database

The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io. A human-readable version of the advisory database can be found at https://rustsec.org/advisories/.

We also export advisory data to the OSV format, see the osv branch.

The following tools consume this advisory database and can be used for auditing and reporting (send PRs to add yours):

  • cargo-audit: Audit Cargo.lock files for crates with security vulnerabilities
  • cargo-deny: Audit Cargo.lock files for crates with security vulnerabilities, limit the usage of particular dependencies, their licenses, sources to download from, detect multiple versions of same packages in the dependency tree and more.

Reporting Vulnerabilities

To report a new vulnerability, open a pull request using the template below. See CONTRIBUTING.md for more information.

Advisory Format

See EXAMPLE_ADVISORY.md for a template.

Advisories are formatted in Markdown with TOML "front matter". Below is the schema of the "front matter" section of an advisory:

# Before you submit a PR using this template, **please delete the comments**
# explaining each field, as well as any unused fields.

[advisory]
# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
# identifier e.g. RUSTSEC-2018-0001. Please use "RUSTSEC-0000-0000" in PRs.
id = "RUSTSEC-0000-0000"

# Name of the affected crate (mandatory)
package = "mycrate"

# Disclosure date of the advisory as an RFC 3339 date (mandatory)
date = "2021-01-31"

# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
# a change log entry, or a blogpost announcing the release (optional)
url = "https://github.com/mystuff/mycrate/issues/123"

# Optional: Categories this advisory falls under. Valid categories are:
# "code-execution", "crypto-failure", "denial-of-service", "file-disclosure"
# "format-injection", "memory-corruption", "memory-exposure", "privilege-escalation"
categories = ["crypto-failure"]

# Optional: a Common Vulnerability Scoring System score. More information
# can be found on the CVSS website, https://www.first.org/cvss/.
#cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

# Freeform keywords which describe this vulnerability, similar to Cargo (optional)
keywords = ["ssl", "mitm"]

# Vulnerability aliases, e.g. CVE IDs (optional but recommended)
# Request a CVE for your RustSec vulns: https://iwantacve.org/
#aliases = ["CVE-2018-XXXX"]

# Related vulnerabilities (optional)
# e.g. CVE for a C library wrapped by a -sys crate)
#related = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"]

# Optional: metadata which narrows the scope of what this advisory affects
[affected]
# CPU architectures impacted by this vulnerability (optional).
# Only use this if the vulnerability is specific to a particular CPU architecture,
# e.g. the vulnerability is in x86 assembly.
# For a list of CPU architecture strings, see the "platforms" crate:
# <https://docs.rs/platforms/latest/platforms/target/enum.Arch.html>
#arch = ["x86", "x86_64"]

# Operating systems impacted by this vulnerability (optional)
# Only use this if the vulnerable is specific to a particular OS, e.g. it was
# located in a binding to a Windows-specific API.
# For a list of OS strings, see the "platforms" crate:
# <https://docs.rs/platforms/latest/platforms/target/enum.OS.html>
#os = ["windows"]

# Table of canonical paths to vulnerable functions (optional)
# mapping to which versions impacted by this advisory used that particular
# name (e.g. if the function was renamed between versions). 
# The path syntax is `cratename::path::to::function`, without any
# parameters or additional information, followed by a list of version reqs.
functions = { "mycrate::MyType::vulnerable_function" = ["< 1.2.0, >= 1.1.0"] }

# Versions which include fixes for this vulnerability (mandatory)
[versions]
patched = [">= 1.2.0"]

# Versions which were never vulnerable (optional)
#unaffected = ["< 1.1.0"]

License

All content in this repository is placed in the public domain.

Author: RustSec
Source Code: https://github.com/RustSec/advisory-db/
License: View license

#rust 

Advisory DB: Security Advisory Database for Rust Crates

How to Install AWS CLI on Arch Linux Step By Step

Using AWS CLI, or Amazon Web Services Command-Line Interface, you can manage your AWS services. This tool allows users to control different AWS services via the command line. It’s a great tool for managing everything in AWS.

#aws #cli #arch #linux 

How to Install AWS CLI on Arch Linux Step By Step
Shawn  Pieterse

Shawn Pieterse

1639677600

Arch Vs Ubuntu Comparison For Beginners

Arch Vs Ubuntu Comparison For Beginners

For different tasks, we need a computer and for operating a computer, we need some operating system like Windows, macOS, and Linux. Where Linux further contains a list of distributions like Arch, Ubuntu, Fedora, Debian, and Kali Linux. In this article, we will make a comparison between Arch and Ubuntu, but before making any comparison, let us discuss some overview of Ubuntu and Arch.

⭐️You can see more at the link at the end of the article. Thank you for your interest in the blog, if you find it interesting, please give me a like, comment and share to show your support for the author.

#ubuntu #arch 
 

Arch Vs Ubuntu Comparison For Beginners
Dianna  Farrell

Dianna Farrell

1623979732

🔥 Arch Linux 2021 Review and First Thoughts

In this Arch Linux 2021 review video, we take a look at this distro’s features, specifications, and interface.

In this video we use the GNOME desktop

Enjoy the video!

⏰Timestamps⏰

  • 00:00 Welcome
  • 00:31 Introduction
  • 01:58 Review
  • 12:54 Thoughts on ArchLinux 2021.06.01
  • 14:06 Outro

#arch #linux

🔥 Arch Linux 2021 Review and First Thoughts
Hassan  Koussa

Hassan Koussa

1618413180

Install Arch Linux the EASY WAY - Archfi Guide (2021)

Installing Arch Linux is easy with this simple script. It takes two commands to launch the installer and once you in you are taken though everything you need to do resulting in a strong Arch install!

00:00​ - Installing Arch the EASY Way!
01:00​ - Launch Archfi
03:17​ - Partition Disks
05:08​ - Format and Mount
06:53​ - Installing Arch Linux
10:00​ - Installing GRUB Bootloader
11:08​ - archdi Script
11:41​ - Package Manager/AUR
12:50​ - Console/System Packages
18:12​ - Installing XOrg/GPU Drives
21:26​ - Desktop Environment
23:34​ - User Packages
25:58​ - Config Menu/Add User
27:14​ - Unmount and Reboot

Subscribe: https://www.youtube.com/channel/UCjSEJkpGbcZhvo0lr-44X_w

#linux #arch

Install Arch Linux the EASY WAY - Archfi Guide (2021)

What is Archer DAO Governance Token (ARCH) | What is ARCH token

Miners are the invisible guardians of Ethereum. Every Ethereum transaction is published by a miner and stored on the shared ledger. Every mined block further secures Ethereum’s rich history.

Today, miners are compensated by block reward subsidies and transaction fees. Archer introduces a valuable new revenue stream for miners by executing profitable on-chain opportunities.

Archer is a sustainable revenue source that boosts miner revenue and strengthens the Ethereum ecosystem.

The Unstable Foundation of Mining Revenue

Ethereum miners currently earn around 11,500 ETH per day in block rewards. Historically, these rewards have formed the vast majority of revenue. However, miners cannot fully rely on revenue from block rewards. For example, in August 2020, Ethereum community members proposed a block reward reduction of 75%.

This summer, miners began to accrue significant transaction fees. In September, for the first time ever, miners earned more in transaction fees than block rewards.

Image for post

A history of variable mining rewards (Source: The Block)

Mining operations carry risk. Revenue is variable and forecasting is an exercise in uncertainty. Unlike Bitcoin’s famous four-year halving schedule, Ethereum block reward subsidies are subject to significant change on short notice. Meanwhile, operating expenses (e.g. electricity) and capital expenditures (e.g. mining equipment) are certain and usually paid in fiat.

Archer gives miners more certainty by boosting and diversifying revenue streams.

How Archer Boosts Miner Revenue

Archer uses on-chain incentive mechanisms to boost miner revenue.

Opportunities take the form of dex arbitrage, lending liquidations and other zero-risk or risk-minimized ways to add value to mined blocks. The system evaluates each opportunity and sends miners transactions that maximize their revenue. In short, Archer replaces low-value transactions with high-value transactions.

Suppliers are an elite group of on-chain analysts who are responsible for discovering on-chain opportunities. Suppliers who submit profitable opportunities share revenue with miners.

Image for post

Example transaction from technical pilot

Archer Benefits the Application Layer

The core benefit of Archer for miners and suppliers is clear: better revenue. Stakeholders on the application layer also benefit from a reliable connection to block producers.

On-chain incentive mechanisms become more effective and front-running becomes less effective. These benefits lead to many potential improvements to the Ethereum user experience, including:

  • Lower collateral ratios due to more robust liquidations
  • Consistent spot prices across dexes
  • More reliable incentive mechanisms
  • Less front-running
  • Private channels to submit transactions

The losers in this equation are existing bots, especially those that front-run transactions in the mempool and strain the network.

Archer aims to improve the Ethereum ecosystem by focusing on sustainable revenue and contributing to a well-functioning network.

An Ownership Economy with Archer DAO

Archer has been designed to be managed as a DAO from its inception due to its many diverse stakeholder groups. Archer affects all Ethereum users, regardless of whether they are aware it exists and whether they actively participate in the Archer network.

Active participants in the network will be rewarded ARCH governance tokens. These tokens may be used to join private discussion channels and vote on issues facing the network.

We look forward to productive discussions about the short- and long-term effects of Miner Extractable Value, leading to tangible outcomes from governance processes.

Archer is Live in Production Today

Archer has been running in production since August, consistently producing additional revenue for miners. This highly successful technical pilot has allowed us to streamline new integrations to a five-minute process for block-producing nodes.

We are currently working to expand the network by including more miners and suppliers. If you are interested in joining the network, please  book an intro call and join our community.

ARCH Token

The tokens will be distributed in the following way, with a 100M ARCH total supply:

Image for post

ARCH token distribution

We have sold 11% of the ARCH tokens in an initial sale. In total, 11M ARCH tokens were sold for USD 1.3M (average price per token USD 0.13). The sale rounds and vesting schedules are as follows:

  • **4,000,000 at USD 0.10 **— 25% unlocked; 75% six-month vesting schedule
  • **6,250,000 at USD 0.12 **— 25% unlocked; 75% six-month vesting schedule
  • 750,000 at USD 0.20 — unlocked

The initial circulating supply from the sale will be 3,312,500 ARCH tokens.

1% of the tokens — 1,000,000 ARCH — will be used for dex liquidity. Any resulting liquidity tokens will be owned by the DAO treasury. The liquidity will be locked for no less than six months.

14% of the tokens belong to the founding team and advisors. All team and advisor tokens vest over two years with a six-month cliff.

All vesting balances mentioned above will vest in a smart contract according to a linear and continuous schedule. Grantees may claim unlocked balances at any time. All tokens in the vesting contract count towards voting power in Archer DAO.

50% of the ARCH token supply will be held by the DAO treasury. These tokens are intended to incentivize DAO participation, as explored in our  overview of network governance.

The remaining 24% of ARCH tokens will be held in a team multisig. These tokens are earmarked for foundation, marketing and development budgets over the next 12 months. It is reasonable to assume the following:

  • Foundation tokens will be locked until they are required.
  • Marketing and Development tokens are effectively vesting over the 12-month period and will only be utilized for extreme value-add activities.

Would you like to earn token right now! ☞ CLICK HERE

Looking for more information…

☞ Website
☞ Explorer
☞ Source Code
☞ Social Channel
Message Board
☞ Coinmarketcap

Thank for visiting and reading this article! I’m highly appreciate your actions! Please share if you liked it!

Create an Account and Trade NOW

Binance
Bittrex
Poloniex

#blockchain #bitcoin #cryptocurrency #archer dao governance token #arch

What is Archer DAO Governance Token (ARCH) | What is ARCH token