May 2, 2016 Security Release Post-Mortem

Jun 29, 2016 On May 2, 2016, we released a major security update, primarily to fix a critical security issue that allowed a user to gain administrative access via the “impersonate” feature. Now that some time has passed and most of our users have had sufficient time to upgrade, we’d like to reflect on what happened, how it occurred, and what we’re doing in the future to improve security in the GitLab code base. Since May 2, we have released a number of security updates to address certain vulnerabilities, but none of the updates have addressed a bug as serious as the one in the “impersonate user” feature, which is now known as CVE-2016-4340. We released this feature in November of 2015 in GitLab 8.2. It enables admins to diagnose issues with their GitLab installation by allowing them to see what their users see. Since the initial implementation, members from


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/--dNqXzIUAw/

Original article

Kill All Feeds

People are spending huge amounts of time scrolling through feeds.

I’m not talking about chat apps like Snapchat or channel apps like Twitch. Those are cool.I’m talking about algorithmic feeds of posts that scroll forever and ever off the bottom of the page.Posts with Upvotes or Hearts or Likes. Posts with Retweets or Shares or Revines or Reblogs.The biggest offenders are Twitter and Facebook.When was the last time you scrolled thru a feed and felt refreshed and invigorated?Felt you’d learned something new and useful?Felt that it was time well spent?Most of the time you read a social feed it’s just a quick diversion, a release, a way to procrastinate. It will give you a few mildly funny things to snort at and a few terrible things to get mad about and maybe a photo of someone’s suntanned feet in the foreground against a white beach and a blue


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/ohptVnt_PWA/no-feeds

Original article

Drupal 7.50 released

Drupal 7.50, the next release in the Drupal 7 series, is now available for download. It contains a variety of new features, improvements, and bug fixes (no security fixes).
Wait… Drupal 7.50?
Yes, there is a version jump compared to the previous 7.44 release; this is to indicate that this Drupal 7 point release is a bit larger than past ones and makes a few more changes and new features available than normal.
Updating your existing Drupal 7 sites is recommended. Backwards compatibility is still being maintained, although read on to find out about a couple of changes that might need your attention during the update.
Download Drupal 7.50
Notable changes
There are a variety of new features, performance improvements, security-related enhancements (although no fixes for direct security vulnerabilities) and other notable changes in this release. The release notes provide a comprehensive list, but here are some highlights.
New “administer fields” permission added for trusted users
The administrative


Original URL: https://www.drupal.org/blog/drupal-7-50

Original article

A new Little Outliner coming sooon

There’s a new version of Little Outliner coming soon. It’s called Little Outliner 2, or LO2 for short.It still needs some testing before I’ll have it replace the old version, but it’s getting pretty close.The previous version, LO1, will still be available, after LO2 ships. So if you liked the way that one worked, you just have to change the URL in your bookmark.What’s newYou can have more than one outline open at a time. The previous version allowed just one to be open at a time.The outlines are in a tabbed interface, much like Fargo.The outlines are stored on a server. So you can access the same outlines from anywhere. LO1 used localStorage which meant your outline could only be accessed on the machine it was created on.You can watch other people’s outlines, if they let you, as in Fargo, but the technology we use in LO2 is more advanced,


Original URL: http://scripting.com/2016/07/07/1361.html

Original article

Mozilla Could Walk Away and Still Get More Than $1 Billion If It Doesn’t Like Yahoo’s Buyer

Kara Swisher, reporting for Recode: Under terms of a contract that has been seen by Recode, whoever acquires Yahoo might have to pay Mozilla annual payments of $375 million through 2019 if it does not think the buyer is one it wants to work with and walks away. That’s according to a clause in the Silicon Valley giant’s official agreement with the browser maker that CEO Marissa Mayer struck in late 2014 to become the default search engine on the well-known Firefox browser in the U.S. Mozilla switched to Yahoo from Google after Mayer offered a much more lucrative deal that included what potential buyers of Yahoo say is an unprecedented term to protect Mozilla in a change-of-control scenario. It was a scenario that Mayer never thought would happen, which is why she apparently pushed through the possibly problematic deal point. According to the change-of-control term, 9.1 in the agreement,


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XANSvrX-WJI/mozilla-could-walk-away-and-still-get-more-than-1-billion-if-it-doesnt-like-yahoos-buyer

Original article

Do You Teach Technology to Law Students?

Do you teach technology to law students? Do you teach a law practice technology course? Do you think law students should have a basic minimum set of tech competencies? Do you know about ABA Standard xxxx which requires that lawyers have basic tech competency? Then, this group is for YOU! At this website, we hope […]


Original URL: http://techforlawstudents.classcaster.net/2016/07/07/do-you-teach-technology-to-law-students/

Original article

Writing a video chat application from the ground up (including codec)

What I cannot create, I do not understand. – Richard Feynman
I do a lot of video chat for work. If it’s not a one on one, it’s pair programming. If it’s not pair programming, it’s a client meeting. I use a lot of Skype and Hangouts.
Sometimes they don’t work for unclear reasons. Sometimes file transfers fail. Sometimes screenshare breaks, or when it’s active you don’t get webcam, too. Or the connection lags or drops even though everything is running fast.
Every time I experience such a failure, I get really angry and think, “I could do this better!” But I never quite got angry enough… until now. I guess the weight of years of frustration finally got to me.
I wrote my own (prototype) video conferencing app. It turned out pretty well. And that’s what these posts are about.
Conventions & Caveats
We will be referencing a 640×480 24 bit color 24fps video stream


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/L5EDQ4Thw_A/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: