This Bot Tweets Photos and Names of People Who Bought 'Drugs' on Venmo

Found on Motherboard on Sunday, 22 July 2018
Browse Software

A new bot called “Who’s buying drugs on Venmo” tweets the usernames and photos of Venmo users who have marked their transaction with a particular drug keyword or emoji.

The bot also potentially exposes people in ways they didn’t originally anticipate, touching on issues of consent and privacy.

Venmo, owned by PayPal, is a social-network-mobile-payment-service crossover, allowing users to easily and quickly send money to each other. Users can make all their transactions and activity private, but by default, Venmo publicly presents the username, name, photo, and message sent with the money within the service’s app for others to see.

You have to ask why a service would, by default, make your transaction details possible; but hey, it's Paypal and that's pretty much the kind of crap you can expect from this company. They should get a big lawsuit for violating basic privacy rules.

It walks, it talks, it falls over a bit. Windows 10 is three years old

Found on The Register on Monday, 16 July 2018
Browse Software

Flushed with success having "fixed" the disastrous Windows Vista with the jumped-up service pack of Windows 7 in 2009, Windows boss Steven Sinofsky had a relatively free hand with the next version of the platform.

Coming six years after the release of the beloved Windows 7, Windows 10 had a lot to live up to.

From now on changes would be incremental, regular and a lot more frequent. Whether users wanted them or not.

It's Microsoft biggest failure; apart from Vista. They don't listen to users, but spy on them and shove everything they want down the throats of the users without giving them much of a choice.

Compromised JavaScript Package Caught Stealing npm Credentials

Found on Bleeping Computer on Friday, 13 July 2018
Browse Software

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the poisoned package inside their projects.

"We determined that access tokens for approximately 4,500 accounts could have been obtained before we acted to close this vulnerability. However, we have not found evidence that any tokens were actually obtained or used to access any npmjs.com account during this window," Silverio said.

This is the third incident in the past year when a hacker has inserted malicious code in an npm package.

The sooner NPM vanishes, the better.

Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days

Found on Bleeping Computer on Friday, 29 June 2018
Browse Software

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.

Since Zerodium drew everyone's attention to the exploit brokerage market in 2015, the market has gotten more and more crowded, but also more sleazy, with some companies being accused of selling zero-days to government agencies in countries with oppressive or dictatorial regimes, where they are often used against political oponents, journalists, and dissidents, instead of going after real criminals.

With rewards like that, it's suprising that many researchers still announce the bugs they find so that they can be fixed.

Firefox 61 arrives with better search, tab warming, and Accessibility Tools Inspector

Found on Venturebeat on Tuesday, 26 June 2018
Browse Software

The release builds on Firefox Quantum, which the company calls “by far the biggest update since Firefox 1.0 in 2004.”

Mozilla doesn’t break out the exact numbers for Firefox, though the company does say “half a billion people around the world” use the browser. In other words, it’s a major platform that web developers have to consider.

Firefox is constantly dropping in terms of usage numbers. Mozilla really does it's best to recreate another Netscape fiasco.

Firefox Is Back. It’s Time to Give It a Try.

Found on New York Times on Sunday, 24 June 2018
Browse Software

The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads.

Most notably, Firefox now offers privacy tools, like a built-in feature for blocking ad trackers and a “container” that can be installed to prevent Facebook from monitoring your activities across the web. Most other browsers don’t include those features.

In addition to the normal Firefox browser, Mozilla offers Firefox Focus, a privacy-centric mobile browser that blocks trackers by default and purges your web browsing history as soon as you close out of a page.

Focus should be the default then. With the endless tracking and profiling, browsers need to be more aggressive and do everything to protect privacy.

Oracle's new Java SE subs: Code and support for $25/server/month

Found on The Register on Saturday, 23 June 2018
Browse Software

Big Red’s called this a Java SE Subscription and pitched it as “a commonly used model, popular with Linux distributions”.

Peter Jansen of Oracle licensing consultancy Navicle told The Register Oracle has made an exception for general purpose use of Java, but that the definition of such use means almost nobody other than code tinkerers will be able to get Java for free.

It took Oracle quite some time to finally put a pricetag onto Java; and as before with other projects (remember why OpenOffice turned into LibreOffice), this will be the end for Java in the long run.

Microsoft Introduces Cloud Database Backup Service for SQL Server

Found on eWEEK on Monday, 11 June 2018
Browse Software

This approach frees administrators from managing backup agents, servers, storage and other components that are typically required to maintain database backups and recover data when disaster strikes, explained Anurag Mehrotra, a Microsoft Azure Backup program manager, in a blog post.

Looks like you can sell everything if you just slap a "cloud" sticker onto it.

Nadella tells worried GitHub devs: Judge us by our actions

Found on The Register on Tuesday, 05 June 2018
Browse Software

"We love developers, and we love open source developers," he said on a call formally announcing the deal on Monday morning before promising, repeatedly, that GitHub will remain open and independent.

The desire to soothe fears took up most of the call, a situation that was most apparent when Nadella pleaded with software developers to "judge us by the actions we have taken in the recent past, our actions today and in the future."

There is a direct correlation between vague marketing speak and the likelihood that a company is planning to do something you won't like.

Being judged by the actions they have taken in the past is most likely the exact reason why so many are complaining and leaving.

Microsoft Acquires GitHub For $7.5B

Found on Slashdot on Monday, 04 June 2018
Browse Software

As rumored, Microsoft said Monday that it has acquired code repository website GitHub for a whopping sum of $7.5B in Microsoft stock. Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives.

In a conference call with reporters, Mr. Nadella said today the company is "all in with open source," and requested people to judge the company's commitment to the open source community with its actions in the recent past, today, and in the coming future. GitHub will remain open and independent, Mr. Nadella said.

Just like Whatsapp data will never be integrated into Facebook. Companies will forget their promises as soon as more money can be made by breaking them.