Welcome to This Week in Modern Software, or TWiMS, our weekly roundup of the need-to-know news, stories, and events of interest surrounding software analytics, cloud computing, application monitoring, development methodologies, programming languages, and the myriad other issues that influence modern software.
This week, our top story concerns a possible death rattle for Adobe Flash.
TWiMS Top Story:
Flash Is Back on Firefox After Bug Fix—CNNMoney
What it’s about: Adobe Flash is no stranger to bad press, but the Flash Player—which enables all manner of multimedia content in a Web page—had a terrible, horrible, no good, very bad week. After two new zero-day exploits came to light, Mozilla announced it would block the Flash plugin from its Firefox browser unless users specifically clicked-to-play. It later reinstated Flash after Adobe issued a patch, but the damage was done. Meanwhile, Facebook CSO Alex Stamos tweeted a call for Adobe to set an end-of-life date for Flash. The latest vulnerabilities were revealed when Italy’s Hacking Team was itself hacked, and actually included a third Flash exploit that Adobe patched earlier in the week.
Why you should care: Adobe’s situation should be a very loud warning bell for anyone who writes software for the Web. Security and reliability matter, not just when you write the code but as long as it is in use. As noted in TechTarget, despite Adobe’s best efforts many experts have long considered Flash “unfixable” from a security perspective, and the widespread frustration over these new security risks will likely put the final nail in the platform’s coffin—perhaps sooner rather than later.
But that’s only part of the story. Flash’s troubles also point out an ongoing issue for developers who still depend on third-party solutions like Flash to deliver rich experiences. HTML 5 solved most of those problems, and Flash’s latest issues should encourage more site owners to make the transition. A more immediate question, though, is how did Firefox users react to sites that no longer worked when the browser was busy blocking Flash? If your site used Flash, how quickly did you become aware of the issue, and what did you do to preserve the user experience of Firefox users? More to the point, delivering ever-richer media experiences to Web users is an inherently difficult security issue—are you working to stay ahead of similar situations that might crop up in the future, whether from Flash or any other source?
- Adobe Patches Flash to Quash Last Two Zero-Days Unearthed in Hacking Team’s Cache—ComputerWorld
- Firefox Blocks Flash, and Facebook Calls for Its Death—CNNMoney
- Once Again, Adobe Flash Releases Emergency Flash Patch for Hacking Team Zero Days—Ars Technica
- No, Seriously: It’s Time for Adobe Flash to Die—BGR
NSA Chief Expects More Cyberattacks Like OPM Hack—The Wall Street Journal
What it’s about: The U.S. Office of Personnel Management (OPM) announced near the end of last week that the impact of two separate but related recent hacks now appears to be much worse than initially feared. The second breach, which occurred in June, affects the data of more than 21.5 million people. Combined with another hack earlier this year, and accounting for people impacted by both incidents, sensitive data regarding more than 22 million people was stolen.
Why you should care: First, this breach is turning out to be far more serious than we were told. Second, when the head of the National Security Agency says—and we’re paraphrasing here—“This is gonna keep happening, folks,” we should all probably pay attention. The sheer scope of this breach sets it apart from other high-profile data security incidents in recent years.
As Reuters notes, the number of affected people equates to 7% of the entire American population. Basically, the combined populations of New York and Connecticut, give or take, just got hacked. In fact, only two states, California and Texas, boast a greater number of people than those affected by the OPM breaches. Just as important, very personal data—including fingerprints!—was obtained about government workers, many in sensitive positions. Clearly, no one’s data is entirely safe, and the security measures currently being taken hardly seem sufficient.
- Millions More Americans Hit by Government Personnel Data Hack—Reuters
- Information About OPM Cybersecurity Incidents—OPM.gov
- The OPM Breach Exposed More Than a Million Fingerprints. Here’s Why That’s Terrible News—The Washington Post
What it’s about: Over at DZone, BIDS Trading CTO Jim Bird offers a recap of a new book, DevOps: A Software Architect’s Perspective, co-authored by Len Bass, Ingo Weber, and Liming Zhu. Bird cites the book’s presentation of five fundamental DevOps best practices: engaging ops as a “first-class stakeholder” in development; engaging developers in incident handling; managing code and configuration changes with automated, trackable, and repeatable processes; implementing continuous deployment; and managing infrastructure as code.
Why you should care: You mean aside from better understanding the technical implications of the rise of DevOps in the enterprise? Bird recaps the book’s analysis of microservices and cloud architecture in the DevOps context, an increasingly important knowledge area in cloud environments. He also covers another topic near and dear to New Relic’s heart: monitoring. In Bird’s terms, the book “explains what you need to monitor and why, DevOps metrics, challenges in monitoring systems under continuous change, monitoring microservices and monitoring in the cloud, common log management, and monitoring tools for online systems.”
If you’re already a DevOps pro well versed in areas like microservices, cloud architecture, and other facets of modern software, you may not learn much new here. But it can help DevOps newbies, companies looking to move legacy enterprise apps to the cloud, and devs who want to better understand their counterparts in ops.
12 Most Influential Programmers Working Today—VentureBeat
Why you should care: Did you make the cut? OK, probably not—but that’s nothing to hang your head about. The fun part of any list like this is arguing about who got left out and who doesn’t belong. Who would be on your list?
What it’s about: It’s a planet! No, it’s not! ASTRONOMY FIGHT! Seriously, fans of deep space exploration had a cool week, as we earthlings got our first close-up looks at Pluto and its moon Charon, thanks to NASA’s New Horizons probe. The spacecraft’s first images showed, among other findings, a mountain range with 11,000-foot peaks, and indications that the planet dwarf planet may still be geologically active.
Why you should care: You thought you had data latency problems. Of course, in New Horizons’ case, it’s not really a problem, per se. It’s just the reality that Pluto is, uh, really far away! 3 billion miles or so from Earth. Gizmodo put together a good breakdown of how New Horizons will capture, store, and beam back the high-res images it’s snapping of Pluto—and why it’s going to take a while for the full-resolution images to make their way back to NASA’s offices in Maryland. Gizmodo sums it up nicely: It’s basically a 3-billion-mile Snapchat.
- NASA’s New Horizons Pluto Images: What We’ve Learned—The Telegraph
- PlayStation Processor Powering Pluto Probe—TechRadar
- Mountains on Pluto, Chasms on Charon Thrill Scientists—CBS News
Want to suggest something that we should cover in the next edition of TWiMS? Email us at email@example.com.