Enlarge / One of the Perl programming language’s best-loved nicknames is “the Swiss Army chainsaw.” The nickname also seems unfortunately applicable to Perl’s recent community discourse. (credit: Coffeatus via Getty Images) The Perl community is in a shambles due to disputes concerning its (nonexistent) Code of Conduct, its (inconsistent) enforcement of community standards, and an […]
Enlarge / Despite the encryption, Stingle Photos is a distinctly minimalist app which comes closer to the simple feel of an analog album than most of its competitors do. (credit: Kohei Hara / Getty Images ) With Google Photos killing off its Unlimited photo backup policy last November, the market for photo backup and sync […]
Enlarge Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of security firm JFrog said they […]
Enlarge / MuseScore (the website) offers access to hundreds of thousands of sheet music arrangements. MuseScore (the application) allows easy editing and modification, MIDI playback, and more. (credit: Muse Group) Muse Group—owner of the popular audio-editing app Audacity—is in hot water with the open source community again. This time, the controversy isn’t over Audacity—it’s about […]
Enlarge / Familiar to many an at-home podcaster. (credit: Jim Salter) Over the fourth of July weekend, several open source news outlets began warning readers that the popular open source audio editing app Audacity is now “spyware. ” This would be very alarming if true—there aren’t any obvious successors or alternatives which meet the same […]
Enlarge (credit: Getty Images) Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked those of legitimate and often widely used packages […]
Enlarge / FreeBSD’s core development team, for the most part, does not appear to see the need to update their review and approval procedures. (credit: Aurich Lawson (after KC Green)) At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, […]
Enlarge (credit: Gab.com) Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the critical vulnerability—or at least one very much like it—was introduced […]
Enlarge (credit: Getty Images) Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far. The technique […]
Enlarge / Ctrl IQ provided us with this diagram of its proposed technology stack. (Thankfully, spelling correction is not one of the core services Ctrl IQ offers.) (credit: Ctrl IQ) Gregory Kurtzer, co-founder of the now-defunct CentOS Linux distribution, has founded a new startup company called Ctrl IQ which will serve in part as a […]