How a JIRA misconfiguration leaks data of NASA and hundreds of Fortune 500 companies.

Thousands of companies filters, dashboards and staff data were publically exposed. It occurs because of the wrong permissions scheme set to filters and dashboards hence providing their access even to non-logged in users and hence leading to leaking of sensitive data. […] Some of the companies were from Alexa and Fortune top list including big giants like NASA, Google, Yahoo, etc and government sites as well.

This is not a misconfiguration, though, it’s extremely poor UI/UX by JIRA. Creating a filter gives you the option to share it with “Everyone”, which sounds like “Everyone in the Company”, but means “public”. “Everyone in the company” is actually called “Open” - and not even part of the Share Filter UI.

» View Post

How YouTube killed IE6:

We somehow got away with our plan to kill IE6 without facing any meaningful corrective action. Few people even knew we were involved at all and those that did, did not want to bring attention to it or risk encouraging similar behavior. At a beer garden in San Francisco, our boss, winking his hardest, made us swear to never do anything like this again. We agreed, toasted IE6 falling into single digit percentages, and never snuck anything into production again.

Not that I particularily miss IE6, but imagine the outcry if the situation had been reversed, and it would have been Microsoft employees killing off some other piece of software!

» View Post