Firefox vs. Flash
In Firefox 48, Mozilla will enable a new Firefox plug-in blocklist by default. Initially the blocklist will be small, mostly containing URLs of Flash SWF files that have been identified by Mozilla as supercookies (i.e. cookies that are very hard to shake off) or fingerprinting files (i.e. they scan your system and create a unique fingerprint, again usually for tracking purposes).
Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month.
The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website.
As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.
Pornhub’s bug bounty program and its relatively high rewards on Hackerone caught our attention. That’s why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP.
The attack also abused DNSSEC because, the criminals have cleverly fathomed, the DNS security protocol generates larger responses and can therefore be used to boost DNS amplification still further. Akamai has mentioned such tactics in several of its traffic reports during 2015 and 2016 but it is ironic that a security standard should end up being manipulated in this way.
Once upon a time in IT, using open source simply meant Linux instead of Windows, or maybe MySQL instead of Oracle.
Now, there is such a huge diversity of open source tools, and almost every leading digital business and tech startup is making extensive use of them. It’s been a remarkable turnaround for open source over the last 10 years, placing the trend firmly at the heart of the digital revolution.
The explosive growth of e-commerce, mobile and social media has completely altered the customer’s lifestyle and buying habits. Today, organizations are expected to engage with customers in Omni-channel environment. They need to create a customer journey. This is the driver of digital transformation.
Please note that while we think of ourselves as an open source company it would be more accurate to call it an open core company since we ship both the open source GitLab Community Edition and the close source GitLab Enterprise Edition. Thanks to paxcoder for pointing this out on Hacker News.
GitLab began as a labor of love from Dmitriy Zaporozhets and Valery Sizov, who built the first version together in 2011. Like many open source authors, they were only able to work on the project part time. Sid Sijbrandij joined forces a year later and created GitLab.com, the first SaaS offering and first experiment with monetization.
Today GitLab is a model for open source sustainability and stewardship. It is being used in over 100,000 organizations including RedHat, NASA, Intel, Uber, and VMWare, to name just a few. Large organizations buy enterprise licenses, sustaining and growing both the company and the free open source project. GitLab now has over 90 employees, including Sid and Dmitriy who serve as CEO and CTO, respectively.
Interview with Wire CTO and co-founder Alan Duric about open source.
Clearly, open source marketing apps have their place. These days, marketing departments are responsible for a sizable percentage of enterprise application purchases and deployment decisions. In fact, Gartner has predicted that by 2017 chief marketing officers (CMOs) will spend more on IT than chief information officers (CIOs) do.
While the accuracy of that forecast is open to debate, marketing teams are certainly becoming more involved in the selection of software. The marketing automation industry alone is now worth an estimated $1.62 billion per year, and many marketing teams are also involved in choosing content management systems, customer relationship management, ecommerce software and other solutions.
This week I was a guest on the Snappy Sprint in Heidelberg, hosted by Canonical, because I'm the maintainer of snaps packages on Arch Linux.
Actually with official packages on Arch Linux, you can only use snaps without confinement (aka you can only install packages in devmode) and this is bad for security since any snap is not confined and it can do (almost) anything it want.
The reason is that snap for confinement uses the ubuntu-patched version of apparmor not available in mainline kernel yet.
Distributing apps as packages (deb, rpm, etc) is problematic. For example, the Pitivi package depends on the GTK package and Pitivi 0.95 broke in the distributions which updated to GTK version 3.20, because of the incorrect way we were using a virtual method. This is not the first time something like this happens. To avoid the slippery dependencies problem, two years ago we started making universal daily builds. They allowed everybody to run the latest Pitivi easily by downloading a large binary containing the app and all the dependencies.
The latest release candidate of the upcoming LibreOffice 5.2.0 feature release is available for installation from the snap store. This makes it very easy to install this prerelease of LibreOffice for testing out new features (an incomplete glimpse on what to look forward for can be found on the LibreOffice 5.2 release notes page, which is still under construction, go on #libreoffice-qa if you want to help with testing).