Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case.
Turns out, the cloud service did address the issue, still plenty of secrets have been affected:
Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.
While cloud technology is all great economically, this is another sample of why commercial software vendors need to consider third party vendors in their threat profiles.
WhatsApp usually makes it a big thing they introduced end-to-end encryption. It’s a demonstration of how the larger corporate behind the messaging service, Facebook, values privacy and individual freedom of speech.
Only, it turns out, messages sent through WhatsApp are not that private as they seem to be. ProPublica found and validate how Facebook can still screen private messages despite their “end-to-end encryption”.
Usually, I’d say this comes to no surprise. However, I’d rather take this as an opportunity to recommend signal.org as an alternative. The team at Signal is committed to the mission of developing open source privacy technology that protects free expression and enables secure global communication. It is recognised by the community.
ProPublica
WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors.
Bislang hat WhatsApp, das zu Facebook gehört, immer behauptet, alle Nachrichten seien geheim. Niemand könne sie lesen. Das US-Magazin “ProPublica” hat jetzt festgestellt, dass das nicht die volle Wahrheit ist. Von Marcus Schuler.
Für die “Macaroni and Cheese” zunächst die Macaroni nach Packaungsangabe in Salzwasser kochen & das Wasser danach abgießen.
Milch, Senf und Mehl zwischenzeitlich in einer Pfanne, am besten beschichtet, vermengen und mit Salz und Pfeffer würzen. Die Sauce über die Makaroni geben und erhitzen, bis die Sauce dickflüssig wird.
Den Käses dazugeben und schmelzen lassen. Gut verrühren und auf 4 Tellern anrichten. Mit übrigem Käse bestreut servieren.
It’s been a tough year and the project paused for a good three months. Meanwhile, I feel capable enough to re-start the project for the rest of the year. It helps me look forward and focus on something. Structure in live allows growth, just like this rose needs to cut back every once in a while, the pause may have had a good effect. Stepping out, looking at the situation from the outside, reflecting, all these are things that fall short in our busy life. Nonetheless, they are important to see the important aspects.
And so will this project again serve as a daily source of reflection and inspiration, to keep a healthy balance.
Sixt announced this on their official LinkedIn Profile earlier today. Traditional news outlets like Focus are picking up the news. The announcement was made at the Internationale Automobilausstellung (IAA)
Movie Car (Source: FOCUS Online)
Autonom unterwegs, das war bisher etwas für Menschen, die im gemütlichen Zuckeltempo vom Bahnhof Bad Birnbach zum Ortskern wollen. Oder in der Hamburger Hafencity von einer Straßenecke zur nächsten. Ab 2022 schalten die Intel-Tochter Mobileye, der chinesische Autohersteller Nio und der Autovermieter Sixt in München einen Gang höher: Sie führen echte Robotaxis ein.
