DOCSLIB.ORG

Software-Based Analysis of the Security by Design in Embedded Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Software-Based Analysis of the Security by Design in Embedded Devices Software-based Analysis of the Security by Design in Embedded Devices Pierre-Marie Junges, Jerome´ Franc¸ois, Olivier Festor University of Lorraine, Inria, LORIA, France Email: fi[email protected] Abstract—The growth of embedded devices like IoT or net- [10], our approach solely considers software names, versions working devices makes them major targets for attackers in the and functionalities. Internet. They are known to face security issues because of their Our contributions are threefold: bad design and/or configuration. In this paper, we propose a systematic method to evaluate the security of an embedded device. • an analysis framework to collect firmware images from It relies on a firmware analysis to extract relevant information vendors’ websites, unpack and analyze them is designed about its software composition. Based on our large IoT database, and implemented, our work aims at providing a global and long-term (10 years) • metrics to estimate the potential exposure to security risks analysis of the security by design of firmwares and of the awareness and versatility of vendors in regards to security issues. of embedded devices are defined and, • the technique is applied to 6935 devices released between I. INTRODUCTION 2009 and 2019. Our objective is to discuss the evolution of firmware design over 10 years rather than giving an Nowadays, embedded devices are omnipresent in personal instantaneous snapshot. homes, public spaces and in companies. They are composed of many different kinds of Commercial-Off-The-Shelf (COTS) The rest of the paper is structured as follows. Section II devices including networking devices like routers or access introduces the related work. In Section III our security assess- points and, recently, Internet of Things (IoT) devices that ment technique is introduced. In Section IV, we describe our contribute to the large growth of deployed embedded devices. analysis framework. The results of our analysis are detailed in The IoT eco-system is a tremendous playground for attack- Section V followed by concluding remarks in Section VI. ers because many of them are exposed remotely without ap- II. RELATED WORK propriate protection [1]. As IoT devices (smart home devices, Firmware analysis has been largely used to discover security cameras, sensors...) need connectivity, networking equipments flaws and is based on two main techniques: static and dynamic like routers, gateways or access points are generally considered analysis. In [11], the authors presented a dynamic analysis as part of their eco-system and also considered in research framework acting like a software proxy between an emulator, studies about security of IoT and all of them are so grouped performig the instructions, and a real physical device executing under the term of Embedded Devices [2], [3]. Indeed, net- the related I/O operations. Firmadyne [2] uses the QEMU [12] working devices may also be impacted by the same type of emulator and searches for known vulnerabilities. attacks as shown in the case of the Mirai botnet [4]. An hybrid firmware analysis framework was proposed in The work presented in this paper aims at assessing the [7], [10] that features port scanning, a credential analysis [10] security of embedded devices including both IoT and network- and a vulnerability assessment of the emulated web pages and ing devices. Several research studies evaluated the security of the web service source code [7], [10]. embedded devices. On one hand, massive scans over Internet In [9], the authors present a technique to discover hard- combined with fingerprinting techniques is helpful to reveal coded authentication bypass backdoors. The authors of [3] a snapshot of the global level of exposure of specific alive extract security-related information (e.g., RSA private keys, devices [5], [6]. On the other hand, analyzing the firmwares passwords) and discovered unknown vulnerabilities in 693 of a large set of devices gives insight about the level of security firmware images out of the 32,000 initially downloaded. by design. A deep-learning based framework is described in [13] and We propose an hybrid approach based on static analysis to compared embedded functions in binary code to a learning gather software components of firmwares and partial execu- set of known vulnerable methods. tion/emulation of selected binaries. The objective is twofold: Unfortunately dynamic analysis does not scale [3] because evaluating the potential exposure of devices by analyzing of the difficulty to correctly emulate the hardware resources. server programs packaged within a firmware and assessing the Our approach leverages an hybrid analysis, both static and device’s security level through a mapping of vulnerabilities dynamic. Because it is exclusively based on software meta associated with these programs. Unlike other works aiming information (e.g., name, version), the dynamic analysis is very at scanning vulnerabilities in binaries [7]–[9] or source code lightweight as we do not need to emulate the full functional- 978-3-903176-32-4 © 2021 IFIP ities of a program. Our goal is not to detect new security flaws in the source or binary code but to analyze the software version up to 2016.73 are by design vulnerable and we can composition. We thus rely on CVEs (Common Vulnerabilities conclude that such products were released by the vendors with and Exposures) similarly to [8]. In [8], the authors leveraged a known vulnerability. binary and ASCII signatures to match versions of zlib and Hence, vulnerable COTS devices can be detected by com- OpenSSL libraries in printer firmwares. Our work is not paring their release and CVEs publication dates. device-specific and focuses on server programs. As illustrated in the previous example, required information In [14], Internet-wide scans were performed to extract RSA about software is limited to software names and versions. In and DSA keys from TLS handshakes and the private keys addition, it might be required to check functionalities of the were reversed if an insecure pseudo random number generator programs since some vulnerabilities are specifically related to was used. In [15], [16], authors discovered that half a million a different alternative of the same software version depending devices had their factory default credentials settings active. on optional functionalities which have been packaged in the Other researchers leverage fingerprinting techniques to detect binary. To gather all the required information, two comple- the presence of exposed industrial systems [6] or IoT [5]. mentary methods are used: Those techniques allow to assess the global exposure of • Static analysis: the firmware is unpacked and the list of deployed devices in Internet and are complementary to a programs present in the file system are retrieved. We firmware analysis. Our work aims at evaluating the security of can infer the names of the programs with their version embedded devices but on a different perspective, by evaluating numbers that sometimes appear in their names also. the potential security risks induced by the firmware design. • Partial execution: software is executed to only get the help message, which contains information, such as the III. SECURITY ASSESSMENT METHOD version or the functionalities, and is generally accessible A. Problem definition (i.e., even if the program cannot work properly) without Finding evidence of security threats in the original designed full firmware emulation. firmware is our main objective. In [1], the authors provide a In the remainder of this paper, we considered a software as comprehensive list of security threats related to IoT and among an executable running a service. them, weak programming practices (firmware released with C. Assessment metrics known vulnerabilities) and unnecessary open ports. Similarly, For each device, having the firmware allows to extract the OWASP published the top 10 IoT 20181 which also highlights software information explained before, which is leveraged to vulnerabilities and risks of IoT, in particular top 2: insecure infer the device exposure to security risks. Network Services (unneeded services that can be exploited by Assuming a set of devices D and set of programs P attackers) and top 5: use of insecure or outdated components. considered as sensitive, 8d 2 D we denote d sw the set of Our approach aims at assessing an individual firmware in programs (retrieved by the static analysis) of the device d. The regards to these two issues. The objectives are to: potential level of exposure, exp(d), of a device d 2 D is the 1) infer the level of potential exposure to attacks by exam- number of sensitive programs it contains: ining server programs in the firmware which are known to be exploited by attackers (e.g., SSH, HTTP servers); exp(d) = jd sw \ P j (1) 2) assess the level of security risk by design by extracting The more services a device deploys, the more vulnerable software components of the firmware and mapping them the device might be. Thus, by combining the type of devices to known vulnerabilities. and services found, an overview of the level of exposition for B. Hybrid firmware analysis each type can be deduced. The vulnerability security assessment of a device d is Properly running a firmware image is challenging because calculated for a given software, s 2 d sw (using static analysis it often needs access to hardware resources (e.g., /dev/nvram, d and partial execution). In the following equations, vers and /dev/gpio) that cannot be properly emulated. However, as last vers are the version of s in d and the latest version of s explained in III-A, we are interested in information regarding when d was released respectively. date(v) is the release date the exposure of the device linked to the design of its firmware of version v. program. To reach our objectives, we rely on information The first metric to evaluate the security of a device is related to software present in the latter.
Load more

Recommended publications
  • Nginx 1 Web Server Implementation Cookbook
    Nginx 1 Web Server Implementation Cookbook Over 100 recipes to master using the Nginx HTTP server and reverse proxy Dipankar Sarkar BIRMINGHAM - MUMBAI This material is copyright and is licensed for the sole use by 2135 Lymington on 26th March 2012 2135 Lymington, Carrollton, 75007 Nginx 1 Web Server Implementation Cookbook Copyright © 2011 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2011 Production Reference: 1180511 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849514-96-5 www.packtpub.com Cover Image by Javier Barria ([email protected]) This material is copyright and is licensed for the sole use by 2135 Lymington
    [Show full text]
  • Additional Software 1 Additional Software
    Additional Software 1 Additional Software 1 Additional Software 15 Feb 2014 1 1.1 Description 1.1 Description Where to get software written by other parties that might be useful (or necessary) when running mod_perl. 1.2 Perl Perl is probably already installed on your machine, but you should at least check the version you are using. It is highly recommended that you have at least Perl version 5.004. You can get the latest perl version from http://cpan.org/src/. Try the direct download link http://cpan.org/src/stable.tar.gz. You can get Perl documentation from the same location (although copious documentation is included in the downloaded Perl distribution). 1.3 CPAN Downloads You can download most of the Perl modules from CPAN. There are many mirrors of this site. The main site’s URL is http://cpan.org/. You may want to search the Perl modules database by using http://search.cpan.org/. Either use the search form, or type in the name of the package the module is distributed in. For example if you are looking for Apache::DumpHeaders, you can type: http://search.cpan.org/search?dist=Apache-DumpHeaders . 1.4 Apache Get the latest Apache webserver and documentation from http://httpd.apache.org. Try the direct download link http://httpd.apache.org/dist/. 1.5 Squid - Internet Object Cache http://www.squid-cache.org/ Squid Linux 2.x Redhat RPMs : http://home.earthlink.net/~intrep/linux/ 1.6 thttpd - tiny/turbo/throttling HTTP server http://www.acme.com/software/thttpd/ 1.7 mod_proxy_add_forward Ask Bjoern Hansen has written the mod_proxy_add_forward.c module for Apache that sets the X-Forwarded-For field when doing a ProxyPass, similar to what Squid does.
    [Show full text]
  • Server: Apache
    Modern Trends in Network Fingerprinting SecTor [11.21.07] Jay Graver Ryan Poppa // Fingerprinting Topics Why, What, Who & How? Tools in action Why Tools Break Tools EOL New Approaches New Tool // Why Fingerprint? WhiteHat needs accurate identification of hosts in a PenTest report BlackHat reconnaissance SysAdmins track down and identify new services or hosts when they appear on their network // What is a Fingerprint? Looking at something common … 192.168.2.187:8004 192.168.2.187 [152] 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK. 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f .Connection: clo 73 65 0d 0a 41 6c 6c 6f 77 3a 20 4f 50 54 49 4f se..Allow: OPTIO 4e 53 2c 20 47 45 54 2c 20 48 45 41 44 2c 20 50 NS, GET, HEAD, P 4f 53 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e OST..Content‐Len 67 74 68 3a 20 30 0d 0a 44 61 74 65 3a 20 46 72 gth: 0..Date: Fr 69 2c 20 30 32 20 4e 6f 76 20 32 30 30 37 20 32 i, 02 Nov 2007 2 32 3a 32 35 3a 31 38 20 47 4d 54 0d 0a 53 65 72 2:25:18 GMT..Ser 76 65 72 3a 20 6c 69 67 68 74 74 70 64 2f 31 2e ver: lighttpd/1. 34 2e 31 35 0d 0a 0d 0a 4.15...
    [Show full text]
  • Next Generation Web Scanning Presentation
    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
    [Show full text]
  • 공개sw 솔루션 목록(2015.12.30)
    OS/DBMS/WEB/WAS 공개SW 솔루션 목록(2015.12.30) 순번 분류 솔루션명 라이선스 기술지원 홈페이지 제품개요 1 DBMS C-JDBC LGPL community http://c-jdbc.ow2.org/ 데이터베이스 클러스터 2 DBMS DB4 오브젝트(db4o) GPL & dOCL prof/community http://www.db4o.com 객체지향 메모리 데이터베이스 엔진 GPL v2, GPL v3, 3 DBMS Drizzle community http://www.drizzle.org/ MySQL 6.0에서 파생된 RDBMS BSD 4 DBMS H2 EPL, MPL community http://www.h2database.com/ 자바기반 RDBMS HSQLDB 5 DBMS (Hyper Structured Query BSD community http://www.hsqldb.org 경량의 Java 기반 관계형 데이터베이스 Language Database) 데이터 웨어하우스, OLAP서버, BI 시스템 운용을 목적으 6 DBMS LucidDB GPL v2, LGPL v2 community http://luciddb.sourceforge.net 로 개발된 오픈소스 DBMS GPL v3, AGPL v3, 7 DBMS Neo4j community http://www.neo4j.org 그래프 데이터베이스 commercial AGPL v3, 8 DBMS VoltDB Proprietary prof/community http://voltdb.com/ 인메모리기반 RDBMS License 오픈소스 관계형 데이터베이스 관리 시스템. 9 DBMS 마리아DB(MariaDB) GPLv2, LGPL prof/community https://mariadb.org/ MySQL과 동일한 소스 코드를 기반 세계에서 가장 널리 사용되고 있는 대표적인 10 DBMS 마이에스큐엘(MySQL) GPL v2 prof/community http://www.mysql.com 관계형 데이터베이스 ※ prof : Professional Support(전문업체 기술지원) ※ community : Community Support(커뮤니티 기술지원) OS/DBMS/WEB/WAS 공개SW 솔루션 목록(2015.12.30) 순번 분류 솔루션명 라이선스 기술지원 홈페이지 제품개요 IBM에서 기증한 cloudscape 소스 기반으로 11 DBMS 아파치 더비(Apache Derby) Apache v2 community http://db.apache.org/derby/ 개발된 Java 기반의 관계형 데이터베이스 Berkeley 오라클 버클리 DB Database License http://www.oracle.com/kr/products/database/ 슬리피캣을 인수한 오라클에서 제공하는 12 DBMS prof/community (Oracle Berkeley DB) or berkeley-db/index.html 고성능 임베디드 데이터베이스 Sleepycat License GPL or Postgresql 데이터베이스의 기반으로 상용화된 13 DBMS 잉그레스(Ingres) prof/community
    [Show full text]
  • ECE 435 – Network Engineering Lecture 4
    ECE 435 { Network Engineering Lecture 4 Vince Weaver http://web.eece.maine.edu/~vweaver [email protected] 13 September 2018 Announcements • HW#1 was due. • HW#2 will be posted. Write a mini webserver. • Cybersecurity club Linux Security Lab on Saturday 1 WWW wrapup 2 What if Server Overloaded? • Slashdot effect (modern: HackerNews?) • caching/proxy { squid • Content Delivery Network { akami • Server farms 3 Security • SSL { Secure Socket Layer • Replaced by TLS (Transport Layer Security) • Port 443 for https • Public key encryption. 4 Setting Up a Web-server • Apache • Easy to do, more difficult to secure 5 Web Seach • Web-bots index the web. robots.txt file • Altavista, Hotbot, Excite, Inktomi, etc. • Curated search like Yahoo (people organize links rather than automatically search) • Google (1996 some machine in Stanford, 1997-1998) • MSN search 1999, rebranded Microsoft Bing 2009 6 Remote Connections 7 telnet/rlogin/rsh/ssh • telnet { login to remote system (tcp port 23) everything (including passwords) sent in plain text • rsh/rlogin { remote shell, remote login. (tcp port 514) Didn't even need password, could configure to let you run commands on remote machine. Security based if you had same username on both machines, assumption was getting root on a UNIX machine and connected to Ethernet was expensive/difficult 8 SSH secure shell • tcp port 22 • can login, run commands, tunnel tcp/ip, tunnel X11, file transfer (scp, sftp) • Large number of RFCs • Version 1: 1995, originally freeware but became private • Version 2: 2005, openBSD based on last free version • For security reasons there's a push to drop Version 1 • uses public-key cryptography • transport layer: arranges initial key exchange, server 9 authentication, key re-exchange • user authentication layer: can have password, or can set up keys to allow passwordless, DSA or RSA key pairs • connection layer: set up channels • lots of encryption types supported, old ones being obsoleted as found wanting • Various ssh servers/clients.
    [Show full text]
  • Authenticated Encryption in SSH
    Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp Overview (both lectures) • Secure channels and their properties • AEAD (revision) • AEAD ≠ secure channel – the [APW09] attack on SSH • The state of AEAD in SSH today • A new attack on CBC-mode in OpenSSH • Security analysis of other SSH and OpenSSH modes – CTR, ChaChaPoly, gEtM, AES-GCM. 2 Secure channels and their properties Why do we need secure channels? • Secure communications is the most common real- world application of cryptography today. • Secure communications systems are extremely widely-deployed in practice: • SSL/TLS, DTLS, IPsec, SSH, OpenVPN,… • WEP/WPA/WPA2 • GSM/UMTS/4g/LTE • Cryptocat, OTR, SilentCircle • OpenPGP, iMessage, Telegram, Signal, and a thousand other messaging apps • QUIC, MinimalT, TCPcrypt 4 Security properties • Confidentiality – privacy for data • Integrity – detection of data modification • Authenticity – assurance concerning the source of data 5 Some less obvious security properties • Anti-replay • Detection that messages have been repeated. • Detection of deletion • Detection that messages have been deleted by the adversary or dropped by the network. • Detection of re-0rdering • Ensuring that the relative order of messages in each direction on the secure channel is preserved. • Possibly re-ordering the event of violation. • Prevention of traffic-analysis. • Using traffic padding and length-hiding techniques. 6 Possible functionality requirements • Speedy • Low-memory • On-line/parallelisable crypto-operations • Performance is heavily hardware-dependent. • May have different algorithms for different platforms. • IPR-friendly • This issue has slowed down adoption of many otherwise good algorithms, e.g. OCB. • Easy to implement • Without introducing any side-channels.
    [Show full text]
  • Deviceside Software Update Strategies for Automotive Grade Linux
    Device­side Software Update Strategies for Automotive Grade Linux Konsulko Group, sponsored by ATS Advanced Telematic Systems GmbH Overview This whitepaper explores the area of software update strategies for devices running Automotive Grade Linux. The starting point is understanding several key use cases for updating software in an AGL1 system. Several open source device­side software update mechanisms are compared with a focus on their ability to meet the stated use cases. Finally, recommendations are made for an approach that can be implemented for inclusion in AGL. Use Cases and Requirements The topic of software update on any computing device is very broad and can only be examined properly by narrowing the scope of the system, operating conditions, and the policies established for executing a software update. The following sections describe the use cases considered when evaluating the various mechanisms that could be employed in an AGL software update strategy. System Description AGL systems include both IVI2 and ADAS3 devices that run Linux on at least one processor in the system. The complete IVI or ADAS system is not necessarily limited to a single processing node, but is normally part of a larger network that includes a number of ECU4 nodes throughout the automobile. Due to this distributed architecture it is often necessary to update software on 1 Automotive Grade Linux (https://www.automotivelinux.org/agl­specification) ​ 2 In­Vehicle Infotainment 3 Advanced Driver Assistance System 4 Electronic Control Unit Copyright 2016 Konsulko Group and ATS Advanced Telematic Systems GmbH CC BY­SA 3.0 US (https://creativecommons.org/licenses/by­sa/3.0/us/) ​ ​ the ECUs as well as the node running AGL.
    [Show full text]
  • Wind River® Vxworks® 7 Third Party License Notices
    Wind River® VxWorks® 7 Third Party License Notices This document contains third party intellectual property (IP) notices for the BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY Wind River® VxWorks® 7 distribution. Certain licenses and license notices THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, may appear in other parts of the product distribution in accordance with the OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN license requirements. ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Trademarks All company, product and service names used in this software are for ACPICA identification purposes only. Version: 20170303 Component(s): Runtime Wind River and VxWorks are registered trademarks of Wind River Systems. Description: Provides code to implement ACPI specification in VxWorks. UNIX is a registered trademark of The Open Group. IBM and Bluemix are registered trademarks of the IBM Corporation. NOTICES: All other third-party trademarks are the property of their respective owners. 1. Copyright Notice Some or all of this work - Copyright (c) 1999 - 2016, Intel Corp. All rights reserved. Third Party Notices 2. License 2.1. This is your license from Intel Corp. under its intellectual property rights. You may have additional license terms from the party that provided you this software, covering your right to use that party's intellectual property rights. 64-Bit Dynamic Linker Version: 2.2. Intel grants, free of charge, to any person ("Licensee") obtaining a copy Component(s): Runtime of the source code appearing in this file ("Covered Code") an irrevocable, Description: The dynamic linker is used to load shared libraries.
    [Show full text]
  • Python Language
    Python Language #python Table of Contents About 1 Chapter 1: Getting started with Python Language 2 Remarks 2 Versions 3 Python 3.x 3 Python 2.x 3 Examples 4 Getting Started 4 Verify if Python is installed 4 Hello, World in Python using IDLE 5 Hello World Python file 5 Launch an interactive Python shell 6 Other Online Shells 7 Run commands as a string 7 Shells and Beyond 8 Creating variables and assigning values 8 User Input 12 IDLE - Python GUI 13 Troubleshooting 14 Datatypes 15 Built-in Types 15 Booleans 15 Numbers 15 Strings 16 Sequences and collections 16 Built-in constants 17 Testing the type of variables 18 Converting between datatypes 18 Explicit string type at definition of literals 19 Mutable and Immutable Data Types 19 Built in Modules and Functions 20 Block Indentation 24 Spaces vs. Tabs 25 Collection Types 25 Help Utility 30 Creating a module 31 String function - str() and repr() 32 repr() 33 str() 33 Installing external modules using pip 34 Finding / installing a package 34 Upgrading installed packages 34 Upgrading pip 35 Installation of Python 2.7.x and 3.x 35 Chapter 2: *args and **kwargs 38 Remarks 38 h11 38 h12 38 h13 38 Examples 39 Using *args when writing functions 39 Using **kwargs when writing functions 39 Using *args when calling functions 40 Using **kwargs when calling functions 41 Using *args when calling functions 41 Keyword-only and Keyword-required arguments 42 Populating kwarg values with a dictionary 42 **kwargs and default values 42 Chapter 3: 2to3 tool 43 Syntax 43 Parameters 43 Remarks 44 Examples 44 Basic
    [Show full text]
  • An Analysis of Python's Topics, Trends, and Technologies Through Mining Stack Overflow Discussions
    1 An Analysis of Python’s Topics, Trends, and Technologies Through Mining Stack Overflow Discussions Hamed Tahmooresi, Abbas Heydarnoori, and Alireza Aghamohammadi F Abstract—Python is a popular, widely used, and general-purpose pro- (LDA) [3] to categorize discussions in specific areas such gramming language. In spite of its ever-growing community, researchers as web programming [4], mobile application development [5], have not performed much analysis on Python’s topics, trends, and tech- security [6], and blockchain [7]. However, none of them has nologies which provides insights for developers about Python commu- focused on Python. In this study, we shed light on the nity trends and main issues. In this article, we examine the main topics Python’s main areas of discussion through mining 2 461 876 related to this language being discussed by developers on one of the most popular Q&A websites, Stack Overflow, as well as temporal trends posts, from August 2008 to January 2019, using LDA based through mining 2 461 876 posts. To be more useful for the software topic modeling . We also analyze the temporal trends of engineers, we study what Python provides as the alternative to popular the extracted topics to find out how the developers’ interest technologies offered by common programming languages like Java. is changing over the time. After explaining the topics and Our results indicate that discussions about Python standard features, trends of Python, we investigate the technologies offered web programming, and scientific programming 1 are the most popular by Python, which are not properly revealed by the topic areas in the Python community.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]