The Web as a Commercial Platform for Games Gathers Momentum

Mozilla has helped pioneer technology that has set the Web up as a serious platform for distributing and developing games. Recently, we have seen considerable momentum from the games industry exploring the potential of Mozilla-pioneered technologies like WebGL and asm.js, … Continue reading

Solomon’s General Store – Boss Outfits

Dress to impress with two new boss outfits available now in Solomon’s Store!

Patch Week

Since Guthixian Caches came early last week, we’ve dedicated today’s update to patches, fixes and quality-of-life tweaks.

Download APKs From Google Play To Your Computer With Google Play Downloader

Google Play Downloader is a simple open source application which can be used to download APKs from Google Play to your computer.According to its developer, the application was created because he “didn’t like [his] Android AOSP system being tainted by Google root services, neither being filed in the Google account database”.Google Play Downloader isn’t some […]

Official Atom 64bit RPM And DEB Packages Available For Download [Quick Update]

I’m sure many Atom users already know this, but I didn’t get to write an article about it, so here’s a quick update: the Atom developers have started providing 64bit DEB packages for more than a month. Also, 4 days ago, they added official 64bit RPM packages.Of course, this doesn’t mean I’ll stop maintaining Atom […]

Wine 1.7.30 Released

The Wine development release 1.7.30 is now available.
What’s new in this release:

More support for fonts in DirectWrite.
Improved ATL thunk support.
A few more C runtime functions.
Regedit import/export fixes.
Various bug fixes.

The sour…

Development: Release Team decides on new features

Hello all,

Release Team decides on new features

For more information about 3.15, the full schedule, the official
module lists and the proposed module lists, please see our colorful 3.15
page:
http://www.gnome.org/start/unstable

For a quick overv…

Behind the Scenes – November 2014

Double XP weekend! The final part of the Elf City! New Treasure Trails! A brand new quest! It’s a RuneScape November worth shouting about.

Clan Cup Final Live Stream

Tune into our Twitch channel this weekend for the grand finale of the Clan Cup!

The Document Foundation announces LibreOffice 4.3.3 and LibreOffice 4.2.7

Berlin, October 30, 2014 – The Document Foundation announces LibreOffice 4.3.3, the third minor release of LibreOffice 4.3 “fresh” family, and LibreOffice 4.2.7, the last minor release of LibreOffice 4.2 “still” family. Together, there are over 200 fixes for bugs and regressions. LibreOffice 4.3.3 “Fresh” is a stable release of the more advanced version of […]

Community Chronicle – 30/10

News, vids and events from the RuneScape Community, plus some changes to the Community Chronicle itself.

Double XP: Starts 31st October, 12pm UK Time

Get ready for a weekend of double XP with the whole RuneScape community, including live streaming and prizes to go with the XP goodness.

GNOME: Engagement team members will gather at FSCONS this weekend

Several members of the GNOME Engagement Team will gather this weekend at FSCONS.
FSCONS is an annual gathering for free software in the Nordic countries, taking place in Gothenburg Sweden.

GNOME will be present with a booth where contributors will show the latest version of GNOME,
answer questions and help new people get involved. There are also plans for an Engagement
hackfest.

“We are excited to have this many GNOME contributors attending FSCONS 2014″ -Oliver Propst FSCONS organizer and Engagement team contributor

Details about the event are available on the wiki.

 

-FSCONS Logo

Folder Color Gets Caja And Nemo File Managers Support, Other Changes

Folder Color is a file manager extension that allows you to easily change folders  icon color, useful for instance to organize your folders, make some important folder stand out, etc.The latest Folder Color, which already supported Nautilus, adds support for Caja (the default MATE file manager) and Nemo (the default Cinnamon file manager):Folder Color for […]

LibreOffice 4.4 bug hunting session coming soon

The Document Foundation (TDF) announces the first LibreOffice 4.4 bug hunting session, which will happen immediately after the availability of the first beta of the new major release on November 21/23, 2014. Details of LibreOffice 4.4 bug hunting session are available on TDF wiki at https://wiki.documentfoundation.org/BugHunting_Session_4.4.0.0. The list of LibreOffice 4.4 new features that have […]

Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003


Description

This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal.

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.

If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

Data and damage control

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

Take a look at our help documentation, ”Your Drupal site got hacked, now what”

Recovery

Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.

Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found.

The Drupal security team recommends that you consult with your hosting provider. If they did not patch Drupal for you or otherwise block the SQL injection attacks within hours of the announcement of Oct 15th, 4pm UTC, restore your website to a backup from before 15 October 2014:

  1. Take the website offline by replacing it with a static HTML page
  2. Notify the server’s administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack
  3. Consider obtaining a new server, or otherwise remove all the website’s files and database from the server. (Keep a copy safe for later analysis.)
  4. Restore the website (Drupal files, uploaded files and database) from backups from before 15 October 2014
  5. Update or patch the restored Drupal core code
  6. Put the restored and patched/updated website back online
  7. Manually redo any desired changes made to the website since the date of the restored backup
  8. Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with.

While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch.

For more information, please see our FAQ on SA-CORE-2014-005.

Written by

Coordinated by

Contact and More Information

We’ve prepared a FAQ on this release. Read more at FAQ on SA-CORE-2014-005.

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Drupal version: 

Next Steps for the Drupal.org Terms of Service and Privacy Policy

Thanks to the hard work of staff and the Drupal.org Content Working Group, we have completed another round of updates to our draft privacy policy and terms of service. We were able to respond to much of the feedback provided in our earlier announcement.

The biggest issues pointed out by the community had to do with the tone of the language in the documents. Many pointed out that it did not match the values of our community. We took a closer look at organizations such as the Wikimedia Foundation and Mozilla, incorporating some of the approaches they took to make our terms a bit more human. We trimmed and shortened what we could. We clarified where things were ambiguous. The end result is much more in line with our community values.

Some examples of changes include the following:

  • When possible, we changed the tone of both documents to make them more friendly.
  • We removed capital letters and used other means to make specific parts of the document noticeable.
  • We deleted a couple of references to collecting data that we do not actually collect.
  • We clarified that we won’t block accounts “for any and no reason”, but only in cases of Terms of Service, Code of Conduct and Git access policy violations.
  • We clarified active notification of users about material changes to policy. We will send an email at least 72 hours prior to changes going into effect. This will give users time to delete their accounts if they don’t want to accept new policies.
  • We added contact info and updated all phone numbers, addresses etc. to be formatted according to international standards.
  • We clarified that you don’t need to create an account to access the Website, just some parts of it.
  • We clarified how to notify us in case of unauthorized access to user account.
  • We clarified how long do we store data after it has been removed from user profile.

We did leave some things from the previous draft without major changes, such as bullet points under section C, for example. And we did it for a reason. One of our goals is to make Drupal.org a place where everyone feels comfortable. Additionally, we have to ensure that Drupal.org is protected if a legal issue does arise. Those bullet points are there not because we want to be able to police or censor the activity on the site. This language exists because it protects Drupal.org if one user takes issue with content from another user. We will still use the process outlined in the Drupal Code of Conduct to resolve any issues whenever we can.

With that in mind, please take a look at the latest drafts:

Terms of Service
Privacy Policy

We will be putting these documents into place on Wednesday, 5 November, 2014. All comments added to this thread will be included in our planning for the next revision. We hope to review the Terms of Service and Privacy Policy quarterly and update them with community feedback.

Thank you for all your help in building these documents.

Ubuntu Developer Tools Center 0.1 Released With Eclipse And Android ADT Support

Ubuntu Developer Tools Center (UDTC) 0.1 was released today and it includes support for Eclipse as a standalone IDE, Android ADT support (through Eclipse) and more. A couple of months ago, Canonical released Ubuntu Developer Tools Center (UDTC), a project to “enable quick and easy setup of common developers needs on Ubuntu”. Using it, you can […]

How To Install GNOME 3.14 In Ubuntu GNOME 14.10

GNOME 3.14 was released back in September and it includes some interesting changes like multi-touch gestures for both the system and applications, re-worked default theme, new animations as well as various enhancements for the code GNOME applications. More information HERE.Unfortunately, Ubuntu GNOME 14.10 (Utopic Unicorn) ships with GNOME 3.12 for the most part (there are […]

Well of Goodwill Opens 1st November with New Charities

Donate to your choice of three charities through the Well of Goodwill – open until 30th November. Pick up two new in-game titles while you’re at it!