Posted on

Jetpack 7.6 Improves AMP Compatibility, Adds Preview and Upgrade Nudge for Blocks Only Available on Paid Plans

Jetpack 7.6 was released this week with several improvements to the plugin’s AMP compatibility. Automattic was one of the earliest publishing partners on Google’s AMP project, as well as the original author of the official AMP plugin for WordPress. This release makes three more Jetpack features compatible with AMP:

  • Related Posts now display on AMP views.
  • AMP images are now rendered via Jetpack’s image CDN if the module is active.
  • AMP plugin is now capable of styling the Jetpack sharing buttons, without loading any additional CSS.

More AMP compatibility improvements are planned for the 7.7 milestone, including AMP support for the WordAds block.

Version 7.6 also fixes a security vulnerability in the Simple Payments description output. This fix only affects those who have Premium or Professional plans and are using the Simple Payments button to sell products or collect donations.

Jetpack is Beta Testing a Preview and Upgrade Nudge for Blocks Only Available on Paid Plans

Jetpack is testing a new way of marketing its Paid plans inside the block editor. One of the more interesting additions to this release is that the plugin now allows for the insertion and preview of any Jetpack block in the editor, even if the block is only available via a Paid plan. Although it was included as part of the 7.6 release, it look like it’s currently only active for sites that have enabled beta testing.

The first iteration was merged as a generic solution that can be extended for all premium blocks but it currently only applies to the Simple Payments block. Prior to this update, users on the free and personal plans would not see the Simple Payments block in the block inserter. This change adds the Simple Payments block to the list of available blocks and allows users to insert and preview it. The block will not show up on the frontend unless the user upgrades.

Clicking on the upgrade nudge takes the user to the checkout with the plan pre-selected and then drops them back to the editor after they purchase the required plan for using the block. After the initial implementation with the Simple Payments block, the Jetpack team plans to do the same for the Recurring Payments, VideoPress, and WordAds blocks.

It’s easy to see why this controversial addition to the plugin was omitted from the release post. It adds new blocks for features that users cannot access without upgrading. The WordPress.org theme directory has struggled with a similar issue, which Justin Tadlock characterized as “crippleware,” where certain features are locked away behind upsells.

If Jetpack’s implementation catches on and other plugins follow suit, it could cause the block inserter to become a frustrating minefield. Users select from existing blocks, not knowing if the blocks they are inserting require a paid upgrade until the upsell pops into the editor. This is one block editor marketing tactic worth keeping an eye on as Jetpack rolls it out for more of its blocks that are restricted to Paid plans.

Posted on

Writing Type-Safe SQL Queries With JPA

JPA is a great technology that maps the database relational model to the Java object-oriented model. It retrieves data and persist back the changes very easily, but it lacks the ability to perform advanced queries. In fact, all the advanced SQL capabilities are simply locked to the Java developer until she chooses to write a hard-to-maintain SQL as a hard-coded string.

FluentJPA project aims to fill this gap in two ways:

Posted on

RNN, Seq2Seq, Transformers: Introduction to Neural Architectures Commonly Used in NLP

Just a few years ago, RNNs and their gated variants (that added multiplicative interactions and mechanisms for better gradient transfer) were the most popular architectures used for NLP.

Prominent researchers, such as Andrey Karpathy, were singing odes to RNNs' unreasonable effectiveness and large corporations were keen on adopting the models to put them into virtual agents and other NLP applications.

Posted on

Power of Arrays Module in DataWeave

We are well aware that DataWeave plays an important role in developing integration applications using MuleSoft. It also contains a lot of modules that enhance its power. Out of all of these modules, we have the Arrays module (dw::core::Arrays), which helps us utilize arrays in our integration application efficiently.

This article will discuss the same Arrays module. Let’s start with the list of available functions.

Posted on

API Security Weekly: Issue #43

This week, we have a conference talk recording demonstrating API pen testing; see how the w3af web scanner can be used for APIs; look at SAP’s API security best practices; watch Cisco pay $8.6 million for not fixing vulnerabilities quickly.

Conference talks

The OWASP Global AppSec Tel Aviv conference has published a video recording of the “Testing and Hacking APIs” talk by Inon Shkedy.

Posted on

Artrendex Announces ArtPI for Fine Art Analysis Via AI

Artrendex, a company that provides AI technology to the art world, has announced the release of ArtPI, which the company describes as “a new interface or API driven by artificial intelligence that’s poised to transform the way art gets discovered, displayed, and sold.” The new service takes advantage of AI’s strengths in pattern matching and trend recognition. 

Posted on

The Top Drivers of Employee Engagement

These women certainly look engaged on the job.

 (Could employee engagement be the key to customer happiness and business success? According to a recent study by the Harvard Business Review, they are directly linked as engagement performance indicators.

However, the study found that only 24 percent of respondents said their employees were engaged even though 71 percent rank employee engagement as very important to achieving organizational success.

Posted on

Employee Engagement Is *Not* HR’s Job

If only employee engagement could be solved with a ring...

I just came across a wonderful post from the Harvard Business Review on not only how to keep employees happy but also engaged in their work (because let's be honest, they really are an extension of the same thing).

As I'm sure most of you reading this are aware, keeping employees engaged in their work is a worldwide challenge for many businesses. There are, however, many ways to fix this challenge and improve productivity across the entire company.

Posted on

EditorsKit 1.9 Introduces Block Styles, Utility Classes, and Full Height Editor Screen

EditorsKit 1.9 was released this week with a new Block Styling feature for the image and cover blocks. It allows users to change these blocks to be displayed as circular, diagonal, inverted diagonal, rounded corners, or with a shadow. It also adds a “full screen height” display option to the Advanced block settings panel. This makes it easy to turn the Cover, Image, and Media & Text blocks into a hero section.

Jeffrey Carandang, the plugin’s author, has also added a full height toggle option to the editor screen. It makes the editor’s minimum height match the browser’s viewport so that metaboxes are not in view until the user scrolls down. This creates a cleaner interface when creating new posts and pages. It is also optional, so it doesn’t exclude sites where the content added to the metaboxes is more important than the main posting area.

Version 1.9 introduces a feature called Utility Classes to the Advanced CSS Class(es) option. The classes can be removed in one click from the selected block and the preview instantly updates to reflect the change. It also includes auto-suggestion for classnames so they can be easily re-applied.

Carandang shared sample code for how theme developers can add their own utility classes using a custom PHP filter. This makes it more extensible but seems unlikely to that theme authors would go to the trouble, given the plugin’s relatively small user base at the moment.

He is working on improving interoperability with other plugins in the ecosystem by adding filters for plugin and theme developers to make better use of EditorsKit. He also continues to add tweaks and improvements for those using Jetpack, Block Lab, the Genesis Framework, CoBlocks, Thrive Comments, ACF, and other popular third party extensions.

Carandang launched EditorsKit on Product Hunt where new users are discovering the plugin for the first time. He also set up a new “frontenberg style” live demo that lets users test EditorsKit features on the frontend of the site. Demo sites like this are a good way to market Gutenberg blocks, making it convenient for users who would otherwise have to install the plugin on their own test sites.

“My main objective is for EditorsKit to be known in the community,” he said. “I feel like it’s really solid plugin and I need to reach more people. With tons of blocks plugin available, utility plugins like EditorsKit are being left out.”

Although Carandang has no plans to release a pro version of EditorsKit at the moment, he has considered creating commercial extensions for it in the future. Marketing a utility plugin has so far proven to be more of a challenge than plugins that offer custom blocks.

There was some discussion in the EditorsKit community on Facebook about recent EditorsKit features straying into the design aspect of site building. While the new Block Styling options may be a useful for some users, custom shapes and layouts straddle the line between design and editing features. It seems like a slight departure from the more utilitarian editor features the plugin became know for, such as markdown formatting, block visibility, drag-and-drop import/export, and the ability to disable auto-saving.

Carandang may need to tread carefully to keep the plugin from becoming a catch-all drawer of “features that would be nice to have for Gutenberg,” for the sake of marketing it more effectively.

“I don’t plan on adding design utility classes,” he said. “Just padding, margin and flexbox. The rest should be from the theme. I’m planning to help out theme devs that will support EditorsKit with the integration. I don’t want the plugin file to be huge and filled with CSS for design. My goal is still Gutenberg Editor Toolkit.”

A loose EditorsKit roadmap is public with upcoming features outlined in issues on the plugin’s GitHub repo. Most of of those listed seem more aligned with editing than design, so future versions of the plugin likely will not bloat the plugin with too many design-related block settings panels.

Posted on

Creating Self-Signed Certificate

As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.

Step 1

Verify OpenSSL installed or not

Posted on

Rock, Paper, Scissors With Python

In this article, we will discuss Python Operators and Conditions, their syntax and different ways to use them in order to create a game of Rock, Paper, Scissors. 

Python Operators

Operators are symbols or statements that manipulate the value of operands.

Posted on

These Seven Non-Tech Domains Call Big Data the Big Daddy

In “Big Data: A Revolution That Will Transform How We Live, Work, and Think,” Viktor Mayer-Schönberger and Kenneth Cukier argue that “big data analytics is a revolutionary tool, used mainly in business, science, research, media industries, and social life.” I cannot argue more in favor of their analysis. The way big data has jumped the high walls of standard technology-based industries to the usefulness of other non-tech domains is fascinating.

Here are the seven industries in which big data is now the big daddy!

Posted on

Most Effective AppSec Tools and Techniques

To understand the current and future state of application security, we obtained insights from five IT executives. We asked them, “What are the most effective application security techniques and tools?” Here’s what they told us:

  • Runtime Application Self Protection (RASP) is effective because it actually protects vulnerabilities through automatic remediation without code changes. This leverages insights into applications, applying the right protection where and when it matters.
  • Analyzer engines/scanners tools are continuous watchdogs for production APIs and production applications. We need to always be analyzing. Netflix does 300 production changes per day. They need to constantly look in production. Get away from dependence on operating system agents, proxies, and firewalls. They are non-scalable and are not effective. Automate at scale and look for anomalies. Humans for risk management and policy enforcement (HIPPA, SOX, etc.).
  • There is no single set of effective techniques and tools. As with any field, it is imperative to avoid putting all your eggs into one “technique or tool” basket. You’ll just create a false sense of security. A good security strategy involves looking for vulnerabilities from multiple different angles and handling the risk. Remember the majority of security breaches are done by employees or recent ex-employees, not hackers (source: 2018 IT Risks report). That means effective modeling of your release process and setting up a bulletproof role-based access control scheme is very important for controlling these internal threats.
  • Many of the techniques mandated by PCI are the foundations of a good security posture — regular vulnerability scans, penetration testing, risk assessments, and ethical hacking go a long way. During these processes, open-source tools like Nmap, Wireshark, P0f and Argus can help.
  • Technologies that analyze apps throughout the lifecycle from the beginning to end.
    Three technologies: 1) SAST (static application analysis) analyzes applications for the existence of vulnerabilities, 2) DAST (dynamic application security testing)  analyses application behavior at runtime, and 3) SCA (static code analysis) detects open source components with vulnerabilities. Fewer than 50% of enterprises adopt these technologies. They keep buying firewalls. Those that have invested are not testing the entire portfolio of applications, just one or two, so most vulnerabilities are not fixed. I have not seen any company investing enough to test all of its applications. They keep doing what they’ve been doing for years — buying firewalls. The government is doing nothing to stop the attacks. 140 million records of Americans are available to hackers stealing money and performing malicious actions. This is a direct result of our negligence and our stupidity of not protecting applications.

Here’s who shared their insights:

Posted on

How AppSec Has Changed

To understand the current and future state of application security, we obtained insights from five IT executives. We asked them, “How has application security changed?” Here’s what they told us:

  • Application security is no longer based on strobe-light scanning processes that tell you how secure you were last Wednesday. Modern security is continuous and can act to protect vulnerabilities rather than just making inaccurate lists.
  • Operations and network security have fallen short. Companies are losing millions of records on a regular basis. We used to have a perimeter defense; however, now, the apps are on the public cloud and available on an app store. Because of mobile and cloud, the perimeter is now applications and identity. You have to make sure you have good identity and AppSec controls to protect your data. We’ve moved from static code analysis to new techniques and tools. Old tools do a terrible job of providing tangible vulnerabilities to fix.
  • Application security has been evolving as the amount of data being managed has increased exponentially. In order to respond to the increased threat, we are developing innovative ways of finding vulnerabilities faster and handling the logistics involved in ensuring all of these vulnerabilities are removed in order to protect the world’s ever-growing production environments. There have been even more changes beyond what the public-facing interfaces of services offer. Due to the exponential growth of the number of devices on the Internet (Internet of Things, containers, etc.), safe, walled network gardens (DMZs) are on the brink of becoming obsolete. Managing machine identities and controlling which machine can access which service (both of which are very similar to role-based access control for humans), is becoming a concern that enterprises are starting to have to manage.
  • Security has gone from being an afterthought to central to the success of any application. As digital transformation accelerates, organizations are increasingly relying on applications and networks for the daily operation of critical systems. In the past, an organization could get away with insecure and outdated applications, but in today’s environment application, security is critical to business success.
  • We are not winning the war. One of the most severe vulnerabilities is SQL injections. In 2018, 40% of all apps were vulnerable to a SQL injection. That’s the same percentage we saw in 2017, 2016, 2010, and 2005. Remediation time has increased by either six or 10%. It now takes an average of 139 days to remediate the most severe vulnerabilities and 210 days to remediate moderate vulnerabilities. We are creating microservices that are less secure because they’re delivered faster. Every year, companies spend $12 billion on firewalls and web security gateways, knowing we are not protecting assets any better. We invest a tiny percentage of the IT budget on AppSec, but we’re not really protecting assets.

Here’s who shared their insights:

Posted on

Playing With TOTP (2FA) and Mobile Applications With Ionic

Today I want to play with Two Factor Authentication. When we speak about 2FA, TOTP comes to mind. There are many TOTP clients (e.g. Google Authenticator).

My idea with this prototype is to build one mobile application (with Ionic) and validate one TOTP token in a server (in this case a Python/Flask application). The token will be generated with a standard TOTP client. Let’s start

Posted on

Alert Controller In Objective-C

Introduction

We have seen a security alert in iOS applications that looks like the following image:

In this article, we will learn how to create a security alert in Objective-c using Xcode. If you are a beginner and need help getting started, check out this tutorial on getting started with Xcode. 

Posted on

PostgreSQL: Simple C Extension Development for a Novice User (and Performance Advantages)

One of the great features of PostgreSQL is its extendability. My colleague and senior PostgreSQL developer Ibar has blogged about developing an extension with much broader capabilities including callback functionality. In this blog post, I am trying to address a complete novice user who has never tried but wants to develop a simple function with business logic. Towards the end of the blog post, I want to show how lightweight the function is by doing simple benchmarking, which is repeatable and should act as a strong justification for why end-users should do this kind of development.

Generally, PostgreSQL and extension developers work on a PostgreSQL source build. For a novice user, that may not be required. Instead, dev/devel packages provided for the Linux distro would be sufficient. Assuming that you have installed PostgreSQL already, the following steps can get you the additional development libraries required.