What is Truffle?

Small introduction to the most popular Ethereum development framework
11 December 2017   1799

Truffle is a development environment, testing framework and asset pipeline for Ethereum, aiming to make life as an Ethereum developer easier. 

According to the developers, these are main features: 

  • BUILT-IN SMART CONTRACT COMPILATION, LINKING, DEPLOYMENT AND BINARY MANAGEMENT
    • Truffle takes care of managing your contract artifacts so you don’t have to. Includes support for custom deployments, library linking and complex Ethereum applications.
  • AUTOMATED CONTRACT TESTING FOR RAPID DEVELOPMENT
    • Bring your dapp development to the 21st century. Write automated tests for your contracts in both JavaScript and Solidity, and get your contracts developed quickly.
  • SCRIPTABLE DEPLOYMENT & MIGRATIONS FRAMEWORK
    • Write simple, manageable deployment scripts that acknowledge your application will change over time. Foster your dapp’s evolution and ensure you can maintain your contracts far into the future.
  • NETWORK MANAGEMENT FOR DEPLOYING TO BOTH PUBLIC & PRIVATE NETWORKS
    • Don’t manage network artifacts ever again. Let Truffle do it for you, and put your focus on dapp development where it belongs.
  • ACCESS TO HUNDREDS OF EXTERNAL PACKAGES
    • Pull in hundreds of smart contract dependencies from NPM and EthPM to have your code stand on the shoulders of giants.
  • INTERACTIVE CONSOLE FOR DIRECT CONTRACT COMMUNICATION
    • Use Truffle to save time and talk to your contracts via an interactive console, which includes access to all your built contracts and all available Truffle commands.
  • EXTERNAL SCRIPT RUNNER THAT EXECUTES SCRIPTS WITHIN A TRUFFLE ENVIRONMENT
    • Use Truffle to bootstrap your contracts and run a network-aware script, without hassle.
  • BUILT FOR SPEED
    • Whether you’re compiling contracts or running unit tests, Truffle includes clever optimizations to ensure you only compile what you have to and your tests run as quickly as possible. When used along with Ganache, you can develop your dapps quickly and get real code deployed, fast.

Learn more at official website

New Versions of Spectre Vulnerability Found

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread
13 July 2018   102

The information about new vulnerabilities in the mechanism of work of processors is published. The attack is based on the principles of the Spectre operation and consists in restoring the data in the processor cache when the instructions are speculative. Chrome introduces strict isolation of sites.

How it works

Specter 1.1
It is based on the principles of the Specter 1. Unlike the previously identified vulnerability, the code is executed, not read. This causes the buffer to overflow and cache the results. This method of attacks allow to restore the contents of the cache and send information to third-party channels that analyze the access time to the cached and not pro-cached data.

Specter 1.2.
The principle of operation is similar to the execution of Spectra 1 scenarios, but memory areas with a "read only" flag are used. In doing so, Specter 1.2 only achieves the definition of pointer and metadata values ​​to bypass the constraints of sandbox environments.

Solution

The available methods for eliminating vulnerabilities require further development and modernization. One of the many scenarios involves adding LFENCE instructions to the application compilation process or at the hardware level. In addition, existing buffer overflow modes can also be an effective protection against vulnerabilities.

Browsers

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread. It is based on opening a page with a decorated JavaScript code and forms in JIT the necessary set of instructions for the attacker. This code execution script allows to read the contents of the process address space and get information about stored keys and passwords.

In this regard, Google introduces strict isolation of sites for 99% of users of Chrome 67. The mechanism is to place different pages of sites in the memory of different processors using a personal safe execution environment. The introduction of the strict isolation mode will increase the processor's memory consumption by the browser by 10-13%.