Why secure web-based applications with Kali Linux?

The security of web-based applications is of critical importance. The strength of an application is about more than the collection of features it provides. It includes essential (yet often overlooked) elements such as security. Kali Linux is a trusted critical component of a security professional’s toolkit for securing web applications. The official documentation says it is “is specifically geared to meet the requirements of professional penetration testing and security auditing.“ Incidences of security breaches in web-based applications can be largely contained through the deployment of Kali Linux’s suite of up-to-date software.

today's leftovers

• Which Ubuntu Release (2010-2019) is Your Favourite? Vote Now!

  With the end of the year, and indeed the decade, fast approaching I’ve been spending my time looking backwards, getting all misty-eyed and nostalgic about Ubuntu and how far its come since 2010.

• OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)

  This vulnerability exists in OpenBSD’s dynamic loader versions of OpenBSD 6.5 and OpenBSD 6.6. It is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and could allow local users or malicious software to gain full root privileges. For more technical details on this vulnerability, please see our security advisory. Also refer to our recently published OpenBSD blog post.

• Microsoft begins Windows 10's 1809-to-1909 compulsory upgrade

  Microsoft has begun forcibly upgrading Windows 10 PCs running version 1809 with the latest, the November 2019 Update, aka 1909, which the company launched less than a month ago.

• Xs:code launches subscription platform to monetize open-source projects [Ed: This is basically about making proprietary software add-ons, betraying Free software premises]

  Open source is a great source of free tools for developers, but as these projects proliferate, and some gain in popularity, the creators sometimes look for ways to monetize successful ones. The problem is that it’s hard to run a subscription-based, dual-license approach, and most developers don’t even know where to start. Enter Israeli startup xs:code, which has created a platform to help developers solve this problem. “Xs:code is a monetization platform for open-source projects. Unlike donation platforms which are pretty popular today, xs:code allows open-source developers to provide added value in exchange for payments. That comes on top of what they offer for free. This added value can be a different license, more features, support services or anything they can think of,” Netanel Mohoni, co-founder and CEO of xs:code told TechCrunch. This does not mean the open-source part of this goes away, only that the company is providing a platform for those developers who want to monetize their work, Mohoni said. “Companies pay for accessing the code, and they enjoy better software created by motivated developers who are now compensated for their work. Because our solution makes sure that the code remains open source, developers can continue accepting contributions so the community enjoys better code than ever before,” he explained.

• The Linux Foundation's Automated Compliance Work Garners New Funding, Advances Tools Development [Ed: Of course the Linux Foundation is still promoting Microsoft GitHub (proprietary) and outsourcing everything to it]

• The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development [Ed: The Corporate Linux Foundation is again whitewashing and openwashing a major GPL violator, VMware]

  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced founding member commitments from Google, Siemens and VMware for the Automated Compliance Tooling (ACT), as well as key advancements for tools that increase ease and adoption of open source software. Using open source code comes with a responsibility to comply with the terms of that code’s license. The goal of ACT is to consolidate investments in these efforts and to increase interoperability and usability of open source compliance tooling. Google, Siemens and VMware are among the companies helping to underwrite and lead this collaborative work.

• If you ARIA label something, give it a role

  As a rule of thumb, if you label something via aria-label or aria-labelledby, make sure it has a proper widget or landmark role. The longer version is that several elements created extraneous amount of announcements in screen readers in the past that were not really useful. Especially in the ARIA 1.0 days where a lot of things weren’t as clear and people were still gathering experience, this was an issue for elements or roles that mapped to regions, multiple landmarks of the same type on a page, etc. Therefore, best practice has become to label both widgets (which should be labeled anyway), and landmarks with means such as aria-label or aria-labelledby, to make them more useful.

• Twitter Makes A Bet On Protocols Over Platforms

  It looks like Twitter is making a bet on protocols over platforms for its future.

Latte bug fix release v0.9.5

Latte Dock v0.9.5 has been released containing important fixes and improvements!

Android Leftovers

• Google is Developing the “Next Generation of Android TV” & Launching a New Android TV Player

• Do you use Android TV?

• #TBT: AT&T goes with the spectrum FLO; iPhone 5 design leaked; Android's place in the market … this week in 2010

• You can add 1TB to your Android phone right now for $200 off

• Google’s incredible new live speech translation feature goes live on Android and iPhone

• GoodFirms Reveals the Most Recommended iPhone and Android App Development Companies of 2019

• 5 of the Best Android Tablets