What is Truffle?

Small introduction to the most popular Ethereum development framework
11 December 2017   2539

Truffle is a development environment, testing framework and asset pipeline for Ethereum, aiming to make life as an Ethereum developer easier. 

According to the developers, these are main features: 

  • BUILT-IN SMART CONTRACT COMPILATION, LINKING, DEPLOYMENT AND BINARY MANAGEMENT
    • Truffle takes care of managing your contract artifacts so you don’t have to. Includes support for custom deployments, library linking and complex Ethereum applications.
  • AUTOMATED CONTRACT TESTING FOR RAPID DEVELOPMENT
    • Bring your dapp development to the 21st century. Write automated tests for your contracts in both JavaScript and Solidity, and get your contracts developed quickly.
  • SCRIPTABLE DEPLOYMENT & MIGRATIONS FRAMEWORK
    • Write simple, manageable deployment scripts that acknowledge your application will change over time. Foster your dapp’s evolution and ensure you can maintain your contracts far into the future.
  • NETWORK MANAGEMENT FOR DEPLOYING TO BOTH PUBLIC & PRIVATE NETWORKS
    • Don’t manage network artifacts ever again. Let Truffle do it for you, and put your focus on dapp development where it belongs.
  • ACCESS TO HUNDREDS OF EXTERNAL PACKAGES
    • Pull in hundreds of smart contract dependencies from NPM and EthPM to have your code stand on the shoulders of giants.
  • INTERACTIVE CONSOLE FOR DIRECT CONTRACT COMMUNICATION
    • Use Truffle to save time and talk to your contracts via an interactive console, which includes access to all your built contracts and all available Truffle commands.
  • EXTERNAL SCRIPT RUNNER THAT EXECUTES SCRIPTS WITHIN A TRUFFLE ENVIRONMENT
    • Use Truffle to bootstrap your contracts and run a network-aware script, without hassle.
  • BUILT FOR SPEED
    • Whether you’re compiling contracts or running unit tests, Truffle includes clever optimizations to ensure you only compile what you have to and your tests run as quickly as possible. When used along with Ganache, you can develop your dapps quickly and get real code deployed, fast.

Learn more at official website

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   31

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.