Also included: FBI hacks 8,000 with single warrant, new Cinnamon desktop release, “government-backed attackers” after journalists, and FOSS Force adds beef to newsfeed.
FOSS Week in Review
Okay, Thanksgiving is over. Let the sales begin. Which reminds me, I have to buy a new cheap Wi-Fi router — cheap being the operative word. Any suggestions?
Otherwise, it’s back to FOSS news…
FBI mass produces due process: Why does law enforcement have so much disdain for the constitution it’s pledged to serve and protect? Why does it see the constitution as a roadblock to get around? Those are rhetorical questions; there’s no need to answer.
On Wednesday, The Hacker News reported that when the FBI was conducting its now famous — or infamous, take your pick — campaign against child pornography site Playpen, it hacked more than 8,000 computers in 120 different countries, all using a single warrant. How’s that for efficiency, eh? Not sure that’s what our founding parents envisioned when they wrote and ratified the Fifth Amendment, but I guess this saved our government a lot of hassle.
WordPress dodges a security bullet: Here’s a case of open source security working as advertised. Wordfence is a company that publishes the Wordfence plugin for the open source WordPress content platform. As the most popular security plugin for WordPress, it has skin-in-the-game as far as WordPress security issues are concerned.
On Tuesday, Wordfence notified it’s users that it had found a security hole in WordPress’s automatic update system used to automatically update themes, plugins and minor point WordPress releases to WordPress sites. The hole could have resulted in the WordPress update server passing along malicious “updates” that could have given control of sites to any black hats exploiting the vulnerability.
Long story short: Wordfence notified the security folks at Automattic, the company that owns WordPress, who quickly fixed the issue. From the way I understand it, the entire vulnerability was within WordPress’s internal ecosystem, so no updates at the site level was required. Good job!
Disney on the open source bandwagon: These days we’re seeing a lot of companies that aren’t officially in the software business releasing code developed in-house for internal use under open source licenses. You can now add Disney to that list, which includes Capital One, Walmart and others.
This was pointed out on Wednesday by InfoWorld’s Paul Krill, who notes that in addition to Mickey Mouse, Pinocchio and Nemo, the company has given us advanced image projects such as OpenEXR, as well as DevOps tools for the Mac, such as Munki. More information on Disney’s open source projects can be found on its GitHub page.
It’s nice to see everyone working and playing well together.
Quick takes: Softpedia reported on Thursday that Cinnamon 3.2.2 has been released with many improvements…. On Wednesday, Ars Technica reported that Google has been warning prominent journalists and professors, including such names as Paul Krugman and Keith Olbermann, that “Google may have detected government-backed attackers trying to steal your password.” As the Strawbs once said, it’s a grave new world….
Sorry. I couldn’t resist. Didn’t mean to bum you out man.
Parting shot: For a couple of years now, one of the best features on FOSS Forse, IMHO, is our news feed, which updates to various mostly open source oriented news sites every half hour. There’s good news in that we’ve upgraded the FOSS Force News Feed, and it now pulls from even more sources. In the process, for technical reasons we’re removed it from our article pages, but you can find it at the top of our home page. Get on board.
That does it for now my little Mouseketeers. Till next time, may the FOSS be with you…