We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.
This isn’t an open source problem, it’s a software management problem.
The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.
In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.
A group of developers have started writing their own open-source web browser that primarily is designed to increase web privacy and greater security.
Gngr is written in Java to make use of the Java runtime's sandboxing abilities but ultimately they plan to switch over to some other JVM-based language.
While the code has yet to drop on Gngr, it's said to be coming after the initial release.
Those interested in more information on this privacy-focused web-browser can visit Gngr.info.
Like most families these days, our family is extremely busy. We have four boys who have activities and appointments. My wife and I both have our own businesses as well as outside activities. For years, we've been using eGroupware to help coordinate our schedules and manage contacts. The eGroupware system has served us well for a long time. However, it is starting to show its age. As a Web-based groupware system, it's pretty well polished, but it doesn't hold a candle to Kontact or Thunderbird. Also, my wife finds that she needs to access her calendar from her Android phone, and eGroupware just isn't very mobile-friendly. Sure, we can set up calendar synchronization, but eGroupware seems to have added synchronization as an afterthought, and it really doesn't work as well as we'd like.
If you're interested in security, you've probably already heard of security-focused Linux distros like Tails, Kali, and Qubes. They're really useful for browsing anonymously, penetration testing, and tightening down your system so it's secure from would-be hackers. Here are the strengths and weaknesses of all three.
It seems like every other day we hear about another hack, browser exploit, or nasty bit of malware. If you do a lot of your browsing on public Wi-Fi networks, you're a lot more susceptible to these types of hacks. A security-focused distribution of Linux can help. For most of us, the use cases here are pretty simple.
Google has announced an open source tool for testing network traffic security called Nogotofail. The project is now available on GitHub, and Google is inviting the community to work with it and help improve the security of networks and the Internet.
Many people are familiar with the “HTTPS everywhere” tool, and a related Firefox add-on, which protect online security. Nogotofail is a roughly similar tool, but is more robust. Here are the details.