Submitted via IRC for SoyCow3941
Security researchers have found a security flaw in Electron, a software framework that has been used in the past half-decade for building a wealth of popular desktop applications.
Apps built on top of Electron include Microsoft's Skype and Visual Studio Code, GitHub's Atom code editor, the Brave browser, along with official desktop apps for services like Signal, Twitch, Discord, Basecamp, Slack, Ghost, WordPress.com, and many more.
The framework has become very popular among today's software development community because it allows developers to easily port web-based apps coded in HTML, JS, and CSS to run on the desktop. The software framework is a custom API wrapped around the Node.js server-side JavaScript server.
Source: https://www.bleepingcomputer.com/news/security/security-flaw-impacts-electron-based-apps/
(Score: 4, Insightful) by Anonymous Coward on Tuesday May 22 2018, @03:40PM (2 children)
People will look back on this era, and shake their heads in disbelief at the utterly ramshackle nature of software "engineering" (i.e., asking StackOverflow a question, and then copy-pasting the answer into production code).
The bell curve needs culling.
(Score: 4, Funny) by BsAtHome on Tuesday May 22 2018, @04:02PM
Yes, indeed, the bell curve must be culled. Lets all agree then that we should strive to have all our programmers at the Balmer Peak(*) level. Then anything will work, fast, good, perfect, great and flawless.
Cheers!
(*) for details, see XKCD #323
(Score: 2) by takyon on Tuesday May 22 2018, @04:02PM
Never going to happen.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by LoRdTAW on Tuesday May 22 2018, @04:02PM
Another fad that needs to be taken out back and shot dead: one word names for shitty frameworks.
(Score: 3, Touché) by iWantToKeepAnon on Tuesday May 22 2018, @04:31PM (1 child)
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 2) by Hyperturtle on Tuesday May 22 2018, @04:56PM
And in related news about terms being stupid, my networks have always been software defined! I haven't had to set dip switches or move abacus beads to choose between subnets in... oh.. forever.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 22 2018, @05:17PM (7 children)
How is using a copy of chrome to run an embedded web app a framework?
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @05:43PM
More of a framework than a cross platform UI toolkit, it's just greasy as hell.
You couldn't reasonably say Qt Quick [doc.qt.io] and QML [blog.qt.io] are not an application framework.
(Score: 5, Insightful) by LoRdTAW on Tuesday May 22 2018, @06:28PM (5 children)
Programming? Ain't got time for that! Just glue some javascript frameworks together and run it in an embedded browser. Who cares if your app with three buttons is 15MB in size, requires 1GB RAM and needs four 2GHz cores to plow through the wretched pile of code. So long as it works and makes you money in the app store.
(Score: 4, Insightful) by crafoo on Tuesday May 22 2018, @06:51PM (4 children)
Right! Fuck it! Hardware is cheap! Can we go deeper? Can we wrap this in yet another "abstraction layer"? Javashit glue logic is hard to learn. Can we possibly "abstract" this difficult process away?
(Score: 0) by Anonymous Coward on Tuesday May 22 2018, @06:57PM
We could run the node.js backend on a raspberry pi and put that in a data center? Would that be enough abstraction?
(Score: 2) by LoRdTAW on Tuesday May 22 2018, @07:18PM (2 children)
Say it with me Bro: CONTAINERS!
(Score: 1, Funny) by Anonymous Coward on Tuesday May 22 2018, @07:33PM (1 child)
I'm more of a regular bro, the whole capitalization thing is just so reminiscent of the historic patriarchy giving arbitrary importance to the selected few. Don't try and contain me bro!
(Score: 2) by LoRdTAW on Tuesday May 22 2018, @09:37PM
sorry bro.
(Score: 1) by HonestFlames on Wednesday May 23 2018, @12:09PM
Aside from.. oh, I don't know, popular implementations of cryptocurrency wallets.