Rule 1

TL;DR: At UserLand, a company I founded a long time ago, we had a rule called Rule 1. It said simply: No breakage. It meant you couldn’t change the environment such that apps that ran in version N did not run in version N+1. It meant you took longer to release a new version because once released, you had to live with it forever. This rule came from bad experiences when we did things that broke users and developers. Since we were both the developers of the platform and users of the platform we had a realistic perspective of this.
I was once having a discussion with someone who wanted to implement a successor to Frontier, intending it to be compatible with Frontier, in some way, but right at the beginning said he was going to make it case-sensitive where Frontier is not case-sensitive.
I’d be happy to debate anyone


Original URL: http://scripting.com/2021/03/30/213101.html?title=rule1

Original article

Judge Denies ROSS’s Motion to Dismiss Thomson Reuters’ Copyright Lawsuit

The judge in the copyright lawsuit brought by Thomson Reuters against ROSS Intelligence has denied ROSS’s motion to dismiss the case, finding that TR’s allegations are sufficient to allow the case to proceed to discovery.
In a memorandum opinion issued yesterday, Delaware U.S. District Chief Judge Leonard P. Stark ruled that TR had sufficiently alleged the four elements of a copyright claim: the original works that are the subject of the claim, ownership of the copyrights in those works, registration with the U.S. Copyright Office, and the acts by which ROSS is alleged to have infringed the copyright.
Read the full memorandum opinion.
Although ROSS argued in its motion to dismiss that Westlaw content is not copyrightable as containing government information, Judge Stark said that, under federal copyright law, a valid certificate of copyright registration is prima facie evidence of the copyright’s validity.
See all stories about this lawsuit.
TR’s complaint alleges that it registers


Original URL: https://www.lawsitesblog.com/2021/03/judge-denies-rosss-motion-to-dismiss-thomson-reuters-copyright-lawsuit.html

Original article

PHP’s Git Server Hacked To Add Backdoors To PHP Source Code

dotancohen writes: Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src Git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. “The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet,” adds BleepingComputer.

“In the malicious commits [1, 2] the attackers published a mysterious change upstream, ‘fix typo’ under the pretense this was a minor typographical correction. However, taking a look at the added line 370 where zend_eval_string function is called, the code actually plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP.”

According to Popov, the first commit was detected a couple hours


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/d9Hr-PKq3Dw/phps-git-server-hacked-to-add-backdoors-to-php-source-code

Original article

Hackers backdoor PHP source code after breaching internal git server

Enlarge (credit: BeeBright / Getty Images / iStockphoto)
A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.
Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.
PHP.net hacked, code backdoored
The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),”


Original URL: https://arstechnica.com/?p=1752909

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: