Node’s new lead, Windows security disappoints, TCL is 25 and Brightbox is dim – Snippets


  • New project leader for Node.js: Isaac Schlueter has announced he’s standing down from project leading Node.js and handing the reins to TJ Fontaine who’s been working as “the primary point of contact keeping us all driving the project forward together”. Schlueter is off to create npm Inc, a company focussed on npm products and services; it will be interesting to see how that pans out.

  • Windows Native Isolation inadequate: Joanna Rutokowska, CEO of Invisible Things Labs, had previously said that they would be looking into using Windows Native Isolation (WNI) as a way of bringing their research with Qubes OS and its security isolated application architecture to Windows. Now in a posting Rutokowska says despite the time invested in creating Qubes WNI, the results have been disappointing and adds “today we publish a technical paper about our findings on Windows security model and mechanisms and why we concluded they are inadequate in practice”.

  • Tcl is 25: Tcl (Tool Command Language (often pronounced Tickle)) never really made the major leagues in programming languages but it did lead the way in embeddable scripting languages. A 25th birthday posting at TkDocs picks up on the oddness of syntax and some of the sweet of the ideas in Tcl, like Tk – a GUI language which worked everywhere? Madness!

  • EE’s Brightbox isn’t bright: The EE Brightbox has quite a few holes in its security. In an article by Scott Helme, Scott takes his Brightbox apart in a step by step look at finding vulnerabilities in routers. Guides like this are useful for developers to see so they get a better idea of what people are prepared to do to their code to get access. And get to the end for a 11 second guide on disposal of insecure devices.