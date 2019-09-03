WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.

Authentication is the first step to a solid defense, as most breaches start with poor authentication practices. A bad actor will procure a legitimate login credential (a password) from an unsuspecting user via phishing, social engineering, or even plain theft. When the password is obtained, it allows the bad actor to log in to systems as someone they are not. The network doesn’t recognize that it is a malicious actor entering the credentials, allowing them to access anything as a "legitimate" user who has permission to access. Fortunately, several tactics and technologies can help further strengthen authentication tactics. [...] Single sign-on (SSO) technologies and implementing multi-factor authentication can eliminate the problem of too many passwords and the lack of security as it relates to the password itself. SSO enables a user to utilize a single, strong password across the entire range of systems they need to access. Another advantage of SSO is that it can apply stronger authentication methods to systems that don’t natively support them. For example, natively many UNIX and Linux systems transmit passwords in clear-text -- an obvious risk; but an SSO solution that enables an Active Directory (AD) log-on to work for Unix/Linux will automatically extend AD’s password encryption and stronger authorization to those non-Windows systems.

OSS Leftovers Workarea Commerce Releases Platform to Open Source Community Workarea, the enterprise commerce platform built to unify commerce, content management, merchant insights and search, is releasing its software to the open source community. Built upon open source technologies from inception, including Ruby on Rails, MongoDB, and Elasticsearch, Workarea touts unparalleled flexibility and scale in modern cloud environments. The platform source code and demo instructions are now available on GitHub.

Debating the Cryptographic Autonomy License If one were to ask a group of free-software developers whether the community needs more software licenses, the majority of the group would almost certainly answer "no". We have the licenses we need to express a range of views of software freedom, and adding to the list just tends to create confusion and compatibility issues. That does not stop people from writing new licenses, though. While much of the "innovation" in software licenses in recent times is focused on giving copyright holders more control over how others use their code (while still being able to brand it "open source"), there are exceptions. The proposed "Cryptographic Autonomy License" (CAL) is one of those; its purpose is to give users of CAL-licensed code control over the data that is processed with that code. Van Lindberg first went to the Open Source Initiative's license-review list with the CAL in April. At that point, it ran into a number of objections and was rejected by the OSI's license review committee. The license has since been revised to address (most of) the objections that were raised; a third version with minor tweaks was posted on August 22. At its core, the CAL is a copyleft license; distribution of derived products is only allowed if the corresponding source is made available under the same (or a compatible) license. The third version added one exception: release of source can be delayed for up to 90 days if required to comply with a security embargo.

Six Reasons COBOL Has Survived to Age 60 This month in 2019 marks the 60th anniversary of COBOL. That’s right: In a world in which something can be outdated almost as fast as it moves off the shelf, COBOL (common business-oriented language), a code technology that predates Microsoft Windows, UNIX, Java and Linux, is 60 years old. COBOL is a high-level programming language for business applications. It was the first popular language designed to be operating system-agnostic and is still in use in many financial and business applications today. COBOL was designed for business computer programs in industries such as finance and human resources. Unlike some high-level computer programming languages, COBOL uses English words and phrases to make it easier for ordinary business users to understand. The language was based on Rear Admiral Grace Hopper's 1940s work on the FLOW-MATIC programming language, which was also largely text-based. Hopper, who worked as a technical consultant on the FLOW-MATIC project, is sometimes referred to as the "grandmother of COBOL."

Mozilla Cloud Services Blog: A New Policy for Mozilla Location Service Several years ago we started a geolocation experiment called the Mozilla Location Service (MLS) to create a location service built on open-source software and powered through crowdsourced location data. MLS provides geolocation lookups based on publicly observable cell tower and WiFi access point information. MLS has served the public interest by providing location information to open-source operating systems, research projects, and developers. Today Mozilla is announcing a policy change regarding MLS. Our new policy will impose limits on commercial use of MLS. Mozilla has not made this change by choice. Skyhook Holdings, Inc. contacted Mozilla some time ago and alleged that MLS infringed a number of its patents. We subsequently reached an agreement with Skyhook that avoids litigation. While the terms of the agreement are confidential, we can tell you that the agreement exists and that our MLS policy change relates to it. We can also confirm that this agreement does not change the privacy properties of our service: Skyhook does not receive location data from Mozilla or our users. Our new policy preserves the public interest heart of the MLS project. Mozilla has never offered any commercial plans for MLS and had no intention to do so. Only a handful of entities have made use of MLS API Query keys for commercial ventures. Nevertheless, we regret having to impose new limits on MLS. Sometimes companies have to make difficult choices that balance the massive cost and uncertainty of patent litigation against other priorities. Mozilla has long argued that patents can work to inhibit, rather than promote, innovation. We continue to believe that software development, and especially open-source software, is ill-served by the patent system. Mozilla endeavors to be a good citizen with respect to patents. We offer a free license to our own patents under the Mozilla Open Software Patent License Agreement. We will also continue our advocacy for a better patent system.