Uber to Release Fusion.js Framework

New tool is focused on creating small fast applications
06 August 2018   857

JavaScript-framework with open source Fusion.js is built on the use of plug-ins. The tool is focused on creating small fast applications. The code can be executed both in the browser and on the server, which will allow you to monitor the work and increase productivity.

Features of Fusion.js

  • Support for ECMAScript 2017 and JSX.
  • Separation of packages.
  • Hot reboot in development mode.
  • Server-side development using the Koa.js.
  • Server-side processing and using async.
  • Packet analysis tools.
  • Universal processing for server and browser.
  • Use the fusion-core package to create a common entry point.

Fusion.js uses React and Redux libraries, command line, Koa server and webpack / babel transpiler. Plug-ins allow you to create single-page applications, and also simplify control over the execution of code. For testing in Jest, Enzyme and Puppeteer, the framework received the necessary environment and integration utilities. You can download the software from the GitHub repository.

Uber is not the first time to release open source software. In June 2018, the company introduced a set of tools for large-scale geodatabase visualization kepler.gl.

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   575

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.