"Roads" by Max Böck https://mxb.dev/blog/roads/
Brilliant satire on modern web development.
"Projects vs Tasks"
Several years too late, but built in PGP support is coming to Thunderbird.
Google, Xiaomi, and Huawei devices affected by zero-day flaw that unlocks root access https://thenextweb.com/security/2019/10/04/google-xiaomi-and-huawei-devices-affected-by-zero-day-flaw-that-unlocks-root-access/
"There *was* a logic error in Signal that can cause an incoming call to be answered even if the callee does not pick it up."
"In summary, usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo will ignore package and download the wrong dependency"
Disclosure of a Lightning network bug/vulnerability (already fixed in recent versions):
"Software Security Field Guide for the Bewildered"
LastPass releases update for security vulnerability:
– The vulnerability allowed extracting credentials of previously-visited websites.
– Tavis Ormandy: "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs."
– fixed in v4.33.0/v4.33.
"Basic Electron Framework Exploitation"
ProtonMail adds support for Web Key Directory (WKD), DANE, and MTA-STS:
– WKD is also available for external keys now
– DANE is also available for custom domains
– Besides, they added HTTP headers (Expect-CT, Public-Key-Pins-Report-Only), DNS CAA, and monitoring (e.g., TLSRPT)
– There will be an independent security audit of all Proton apps