Mozilla has helped pioneer technology that has set the Web up as a serious platform for distributing and developing games. Recently, we have seen considerable momentum from the games industry exploring the potential of Mozilla-pioneered technologies like WebGL and asm.js, … Continue reading
Dress to impress with two new boss outfits available now in Solomon’s Store!
Since Guthixian Caches came early last week, we’ve dedicated today’s update to patches, fixes and quality-of-life tweaks.
Google Play Downloader is a simple open source application which can be used to download APKs from Google Play to your computer.According to its developer, the application was created because he “didn’t like [his] Android AOSP system being tainted by Google root services, neither being filed in the Google account database”.Google Play Downloader isn’t some […]
I’m sure many Atom users already know this, but I didn’t get to write an article about it, so here’s a quick update: the Atom developers have started providing 64bit DEB packages for more than a month. Also, 4 days ago, they added official 64bit RPM packages.Of course, this doesn’t mean I’ll stop maintaining Atom […]
The Wine development release 1.7.30 is now available.
More support for fonts in DirectWrite.
Release Team decides on new features
For more information about 3.15, the full schedule, the official
For a quick overv…
Double XP weekend! The final part of the Elf City! New Treasure Trails! A brand new quest! It’s a RuneScape November worth shouting about.
Tune into our Twitch channel this weekend for the grand finale of the Clan Cup!
Berlin, October 30, 2014 – The Document Foundation announces LibreOffice 4.3.3, the third minor release of LibreOffice 4.3 “fresh” family, and LibreOffice 4.2.7, the last minor release of LibreOffice 4.2 “still” family. Together, there are over 200 fixes for bugs and regressions. LibreOffice 4.3.3 “Fresh” is a stable release of the more advanced version of […]
News, vids and events from the RuneScape Community, plus some changes to the Community Chronicle itself.
Get ready for a weekend of double XP with the whole RuneScape community, including live streaming and prizes to go with the XP goodness.
Several members of the GNOME Engagement Team will gather this weekend at FSCONS.
GNOME will be present with a booth where contributors will show the latest version of GNOME,
Details about the event are available on the wiki.
Folder Color is a file manager extension that allows you to easily change folders icon color, useful for instance to organize your folders, make some important folder stand out, etc.The latest Folder Color, which already supported Nautilus, adds support for Caja (the default MATE file manager) and Nemo (the default Cinnamon file manager):Folder Color for […]
The Document Foundation (TDF) announces the first LibreOffice 4.4 bug hunting session, which will happen immediately after the availability of the first beta of the new major release on November 21/23, 2014. Details of LibreOffice 4.4 bug hunting session are available on TDF wiki at https://wiki.documentfoundation.org/BugHunting_Session_184.108.40.206. The list of LibreOffice 4.4 new features that have […]
This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal.
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
Simply updating to Drupal 7.32 will not remove backdoors.
If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised – some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.
Data and damage control
Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.
Take a look at our help documentation, ”Your Drupal site got hacked, now what”
Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.
Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found.
The Drupal security team recommends that you consult with your hosting provider. If they did not patch Drupal for you or otherwise block the SQL injection attacks within hours of the announcement of Oct 15th, 4pm UTC, restore your website to a backup from before 15 October 2014:
While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch.
For more information, please see our FAQ on SA-CORE-2014-005.
Contact and More Information
We’ve prepared a FAQ on this release. Read more at FAQ on SA-CORE-2014-005.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
The biggest issues pointed out by the community had to do with the tone of the language in the documents. Many pointed out that it did not match the values of our community. We took a closer look at organizations such as the Wikimedia Foundation and Mozilla, incorporating some of the approaches they took to make our terms a bit more human. We trimmed and shortened what we could. We clarified where things were ambiguous. The end result is much more in line with our community values.
Some examples of changes include the following:
We did leave some things from the previous draft without major changes, such as bullet points under section C, for example. And we did it for a reason. One of our goals is to make Drupal.org a place where everyone feels comfortable. Additionally, we have to ensure that Drupal.org is protected if a legal issue does arise. Those bullet points are there not because we want to be able to police or censor the activity on the site. This language exists because it protects Drupal.org if one user takes issue with content from another user. We will still use the process outlined in the Drupal Code of Conduct to resolve any issues whenever we can.
With that in mind, please take a look at the latest drafts:
Thank you for all your help in building these documents.
Ubuntu Developer Tools Center (UDTC) 0.1 was released today and it includes support for Eclipse as a standalone IDE, Android ADT support (through Eclipse) and more. A couple of months ago, Canonical released Ubuntu Developer Tools Center (UDTC), a project to “enable quick and easy setup of common developers needs on Ubuntu”. Using it, you can […]
GNOME 3.14 was released back in September and it includes some interesting changes like multi-touch gestures for both the system and applications, re-worked default theme, new animations as well as various enhancements for the code GNOME applications. More information HERE.Unfortunately, Ubuntu GNOME 14.10 (Utopic Unicorn) ships with GNOME 3.12 for the most part (there are […]
Donate to your choice of three charities through the Well of Goodwill – open until 30th November. Pick up two new in-game titles while you’re at it!