My Articles Community Articles Guest Writing

My Articles

These are articles written by me, Jimi Wikman. These articles are written on a wide range of topics. The main focus is of course on Atlassian, but as I am also very much interested in other areas that I have worked, or are just interested in you will also find other categories here. Under Ways of Working you will find articles relates to the build process management, design, requirements, development, test, operations and support. Under Interesting I write about security, e-commerce and Invision Community. Under professional, I write about work as a consultant, work related health issues, business related news and other topics related to professional work.

When personal information is exposed it is always bad, but when adult sites expose thousands of people personal information such as ID, nationality, home address, parents name, personal signature and even fingerprints (!), then that could lead to very bad things indeed. This is what was found on a S3 amazon bucket by the vpnMentor cybersecurity research team.
This leak has exposed the personal data and likeness of over 4,000 models among more than 875,000 files and has high-risk, real life implications for said models. Some are are old, others within the last weeks and the content is more than enough to steal someone's identity for identity theft.

The more severe implications however is that exposing information that can identify these models in detail is that it can lead to harassment or even life threatening situations. Among the exposed models are LGBTQ people and with around 70 countries still consider this a criminal offense it could lead to prison sentences or even murder.
It took the company several days to respond to the communication from vpnMentor and the response is not exactly what I would expect from a company that just illegally exposed information on thousands of people in their employment.
I sincerely hope that none of the people that had their information exposed come to any harm, emotionally or otherwise. I also hope that legal actions are taken towards this company for their negligence. Finally I hope this company hire someone to help them secure this kind of information so the people they employ can have their private data secured.
You can read the full post about this incident here.

By 💫 Jimi Wikman in Ways of working · January 17, 20205 yr

1 comment
807 views

Two WordPress plugins, InfiniteWP Client and WP Time Capsule have been found to suffer from a critical authorization bypass bug that allows people to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in.
Both plugins are designed to allow users to authenticate to multiple WordPress installations from one central server. That allows site owners to “perform maintenance such as one-click updates for core, plugins, and themes across all sites, backup and site restores, and activating/deactivating plugins and themes on multiple sites simultaneously".
This was reported on January 7th and on January 8th a new release for InfiniteWP Client and WP Time Capsule was released. WebArx publicly disclosed the bugs on January 14th.
Based on the WordPress plugin library, the InfiniteWP Client plugin is active on 300,000+ websites. The InfiniteWP site claims they have 513,520 sites active.
Link to WPScan Vulnerability Database: https://wpvulndb.com/vulnerabilities/10011

By 💫 Jimi Wikman in Ways of working · January 17, 20205 yr

0 comments
888 views

Polypane is a browser built from the ground up to create websites and apps and it just released version 2.1 with some nice new features. The aim is to give you better insights into your site and make the entire developer/designer workflow faster and the features to do so is pretty great.
What's new?
Quick list of the major new features:
Live CSS Edit all panes at the same time Social media previews See what your page looks like when shared on Facebook, Slack, Twitter and LinkedIn. Meta info Get a full overview of all your meta tags Handoff / browse Use Avocode, Zeplin and more directly in Polypane Workspaces UI Quickly switch between your favorite pane sets Beyond that, we also added network throttling, new and improved overlays, better indicators, ways to detect when your site is shown in Polypane, speed improvements, and many more smaller features.
You can read all the changes here:
Polypane 2.1: Edit all your panes at the same time | Polypane browser for dev & design
POLYPANE.APP With Polypane, we want to give you better insights into your site and make the entire developer/designer workflow faster… ---
If you do not know what Polypane is, then maybe this short video can help explain it.

By 💫 Jimi Wikman in Ways of working · January 17, 20205 yr

0 comments
901 views

The react framwork Next.js is releasing a new update with some nice new features like built-In CSS Imports and CSS Modules, Catch-All Dynamic Routes, Up to 70% Reduced Largest JavaScript Bundle, and Up to 87% Less JavaScript Loaded after Multiple Navigations. All of these benefits are non-breaking and fully backwards compatible.
The new features are:
Built-In CSS Support for Global Stylesheets: Applications can now directly import .css files as global stylesheets. Built-In CSS Module Support for Component-Level Styles: Leveraging the .module.css convention, locally scoped CSS can be imported and used anywhere in your application. Improved Code-Splitting Strategy: The Google Chrome team heavily optimized Next.js' code-splitting strategy, resulting in significantly smaller client-side bundles. Furthermore, they've maximized HTTP/2 utilization to improve page load speed without hurting HTTP/1.1 performance. Catch-All Dynamic Routes: Next.js' Dynamic Routes now support catch-all routes, supporting a variety of new use-cases, e.g. CMS-powered websites.
Read the full blog post on all of these new changes here:
Next.js 9.2
NEXTJS.ORG Next.js 9.2 introduces native support for CSS, aggressive code-splitting, catch-all dynamic routes, and more!

By 💫 Jimi Wikman in Ways of working · January 17, 20205 yr

0 comments
961 views

E-Commerce,

Today the Swedish company Teknik Magasinet filed for bankruptcy after failing their reconstruction. It is one of several Swedish companies that have failed recently and many other are struggling at the moment. With tougher competition, changes in peoples buying habits as well as more expensive rent I think we will see more brick and mortar based companies fold in 2020.
After a few rough years for Teknik Magasinet and with a reconstruction started in the summer of 2019 they finally gave up the struggle and filed for bankruptcy. The company that started in 1989 have had a tough time adjusting to the new times, just like many other older companies. They did a push for E-commerce and had some success in 2018, but lower number of customers in the physical stores and raising rents did nothing to help the difficult situation.
While Teknik Magasinet has filed for bankruptcy on January 15th they have looked into the possibility to have someone else take over the business. So far no one has stepped forward, but there is still hope that TeknikMagasinet will survive in one for or the other.
As sad as this is it does not come as a surprise. We see many companies struggle with making ends meet these days. It is easy to blame the death of old companies on the rise of E-commerce, but there is more to it than that. That is a topic for another time however and for now we say goodbye to Teknik Magasinet and thank them and all their employees for the services these last 30 years.

By 💫 Jimi Wikman in Interesting · January 16, 20205 yr

0 comments
883 views

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:
The updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States
The flaw, dubbed 'NSACrypt' and tracked as CVE-2020-0601, resides in the Crypt32.dll module that contains various 'Certificate and Cryptographic Messaging functions' used by the Windows Crypto API for handling encryption and decryption of data.
A cyber attacker could exploit CVE-2020-0601 to obtain sensitive information, such as financial information, or run malware on a targeted system; for example:
A maliciously crafted certificate could appear to be issued for a hostname that did not authorize it, preventing a browser that relies on Windows CryptoAPI from validating its authenticity and issuing warnings. If the certificate impersonates a user’s bank website, their financial information could be exposed. Signed malware can bypass protections (e.g., antivirus) that only run applications with valid signatures. Malicious files, emails, and executables can appear legitimate to unpatched users.

Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important.
It is strongly suggested that you patch this as soon as possible by heading on to your Windows Settings → Update & Security → Windows Update → clicking 'Check for updates on your PC.

By 💫 Jimi Wikman in Ways of working · January 16, 20205 yr

0 comments
845 views

Interresting,

Today on January 15 Microsoft will start pushing the new Edge browser based on Chromium to Windows 10 users. It will be released to both home and pro windows 10 users. With this we will see a more dominant position for Chromium for web browsers, but we will also get a less cluttered and frustrating browser landscape.
While reports of the new Chromium based Edge browser have been positive it remain to see what the actual response will be once it become available to the general public. I have a feeling it will be a positive response, especially with the possibility to use Chrome extensions now that the two browser share the same base.
From a developer and test perspective this should be a great thing as it is most likely one less browser to worry about. It should be easier to develop with out the curse of IE that has plagued us since early 2000. It should also lead to faster support for new development features with less code bases to wait for full support.
Since Edge now is downloadable also for macOS I will download it later and give it a go. If you want to download it and test it you can do so for Windows, macOS, iOS and Android. If you are on Windows 10 then you can just wait for the windows update to push it to your system, Just be aware that there are some key features still missing, like the browser history and extension sync between devices and the new feature Microsoft call Collections.
It seems only Business customers can block this update. Microsoft posted about this ina blog post and have released a "blocker toolkit" that is intended for organizations who would like to block the automatic delivery of the Chromium-based Microsoft Edge.
Overall I think this is a great thing and I keep getting impressed by the way Microsoft has reinvented themselves in a positive way since the "Steve Ballmer Era".
I will get back to this once I have had the chance to test the new Chromium based Edge browser from Microsoft.

By 💫 Jimi Wikman in Interesting · January 15, 20205 yr

0 comments
1,023 views

This is a repost from Atlassian's blog where the latest updates to the Atlassian cloud platform is posted. It is reposted here since the Atlassian blog does not have an RSS feed and so we can discuss the changes to the Atlassian Cloud architecture. You can follow these posts with the tag "atlassian cloud changes".
Atlassian Cloud
Your cloud-hosted products are supported by the Atlassian Cloud platform. This section usually includes changes related to multiple Atlassian Cloud products, site administration, and user management.
Email users with suggested account changes
From the Change details button, you can suggest that a user changes their account details to make their profile more consistent and easier to identify. Read more about administering Atlassian accounts.
Give your users a Trusted permission
From a user's Permission options, select Trusted to give certain users more responsibility. These users will be able to install and configure new products on your site and invite new users themselves.
Claim accounts after verifying a domain
To start managing accounts on your domain, we’ve included an additional step that requires you to claim accounts after verifying that you own the domain. From the table on the Domains page, click Claim accounts next to the verified domain. Read more about verifying a domain.
Set your language and time zone for Jira and Confluence in your Atlassian account profile
Rather than individually setting your language and time zone in Jira and Confluence, these preferences will soon come from your Atlassian account profile. Visit your account preferences to update these settings. It may take up to 10 mins before your updated preferences are reflected in Jira and Confluence.

Jira platform
Changes in this section usually apply to all Jira products. We'll tell you in the change description if something is only for a specific Jira product.
New user profile cards
When you hover over someone’s name in directories, on dashboards, and in user picker fields, you’ll now start to see rich profile cards with more information and a link to the user’s profile (if you have permission to see it).
Next-gen: Epic panel in backlog
You can now manage epics on the backlog of your next-gen project via the Epics panel, similar to how epic management works in classic Jira Software projects. Changes you make in the panel on the backlog will reflect on the Roadmap, and vice-versa.
Advanced search (JQL): Search for content updated by a specific user
Use the updatedBy() function to search for issues that were updated by a specific user, optionally within the specified time range. For example, if you want to find issues updated by John Smith between June and September 2018, enter issuekey IN updatedBy(jsmith, "2018/06/01", "2018/08/31"). Read more about the updatedBy() function.
Search for and filter projects by their type with the "projectType" JQL field
We added a new JQL field to search for and filter projects by their type. Type projectType to filter “software” (Jira Software) projects, “service_desk” (Jira Service Desk) projects, “business” (Jira Core) projects, or “ops” (Jira Ops) projects.

Jira Software
We're rolling out a new type of project known as next-gen. By default, any Jira Software licensed user can create their own next-gen project. These projects don't affect existing Jira projects, shared configurations, or your schemes. You can manage who's allowed to create next-gen projects with the new Create independent projects global permission. Read more about next-gen projects.
GitHub app on the Atlassian Marketplace
We've partnered with GitHub to build a new and improved integration, which you can install at the Atlassian Marketplace. This replaces the DVCS connector in Jira's system settings. Current GitHub integrations set up under the old method will continue to work, but new integrations must be set up using the app on the Atlassian Marketplace. We're rolling out this update gradually, so it may not be on your Jira Cloud site yet.
This won't affect GitHub Enterprise integrations, which must still be set up via the DVCS connector.
Next-gen: Roadmap issue hierarchy
You can now expand an epic on your roadmap to see its child issues and their statuses. Learn more about managing epics on the roadmap.
Next-gen: Create child issues on your roadmap
You can now add child issues directly on your roadmap. Just hover over an epic, click the + icon, and give your issue a name. Learn more about managing epics on the roadmap.
Next-gen: Environment system field in JSW
Add Jira’s built-in Environment field to your issue types in next-gen projects. In your project, go to Project settings > Issue types and drag the Environment field into the Description section of the issue layout.
Large backlogs load faster
Big backlogs can take time to load, and teams usually work with a small chunk of the issues at a time. Knowing this and striving to make backlogs render faster, we've changed the default to display only 100 issues (90 from the top and 10 from the bottom) from your backlog. The remaining issues will be displayed if you click Show all issues.
We've also introduced a number of backend changes that resulted in faster initial loading.

Jira Service Desk
Introducing multi-line fields to the issue view in next-gen projects
You can now add multi-line fields to the issue view. These fields communicate long-form information to your team members and aren’t visible to your customers.
To add multi-line fields, go to Project settings > Request types and add fields to the Description fields bucket.
New issue view for Jira Service Desk
The new issue view groups key actions and information in a logical way, making it easier for you to scan and update requests. Learn more about the new issue view.
Use keyboard shortcuts in your queues
Use keyboard shortcuts to navigate around your queues and get your work done faster. You can now move through issues, select their fields, and go to the issue view from your queues just by using your keyboard!
Customer portal request details page redesign
We have redesigned the customer portal request details page to make it easier to use. You’ll notice we have added a rich text editor, sorted the activity stream from old to new, and have moved the location of the request fields, share button, approval and comment boxes.
Maintenance complete on the customer portal user profile page
We have just completed some maintenance on the customer portal user profile page.
We also introduced a new layout that is easier to use on mobile devices. Go team!
Easier configuration for the new issue view
If you have the new issue view, you can now easily configure how your issue view looks for each request type.
From your service desk project, go to Project settings > Request types and you'll find the new layout for making changes.
Next-gen projects: Approve or decline requests
You can now add an approval stage to requests that should be approved before they’re resolved in next-gen projects. If a request has an approval stage, approvers can approve or decline the request from the issue view.
Add an approval stage to a workflow by going to Project settings > Request types and then clicking Edit workflow. Learn more
Global create can select request type and raise on behalf of
You can now create a request on behalf of your customers and set them as the reporter. Use the global create button ( + ), then select Raise this request on behalf of and add in your customer's email.

Confluence
Your editing experience just got an upgrade
The new Confluence editor allows anyone to create beautiful, powerful pages effortlessly. Check out the editor roadmap to learn more.
We're extending editing improvements to all pages on Android
The editing improvements we made to blogs a few months ago are coming to the rest of your Android mobile pages, too. In addition to being faster and more reliable, your new pages are also responsive, optimized for readability, and have advanced tables. Some macros are still missing as we rebuild them, but you can check the list of changes and track updates to macros on our docs site.
Annotate images in the new editor
Annotate images by adding text, inserting shapes and lines, using brushes, or adding a blur to a certain area.
Confluence Cloud recent pages drawer
We’ve made it easier to get to the pages you visited or worked with most recently. A new action has been added to the global sidebar that presents you with a list of your recent pages; interaction-specific tabs help you narrow the list based on your actions, like visited, edited, or saved as draft.
Share pages directly with your team
It’s now easier to share pages with everyone on your team, all in one go. When you click Share on any page or blog post, Confluence now lets you add a team – no need to enter each person individually. Learn more
Jira issue URLs are converted to smart links
When you paste a Jira issue link into a Confluence page, the URL is converted to a smart link that displays the page icon and the page title. This works if the Jira and Confluence sites are linked or if they are both cloud versions.
Convert pages to use the new editor
You can now convert your existing pages that were created using the legacy editor to use the new editing experience! Learn more
Confluence navigation just got better
Get to information faster with improved navigation – making what you need visible from anywhere in Confluence. Learn more
Align and resize images in tables in the new editor
When images are inserted in table cells, you now have the ability to align and resize them.
Portfolio for Jira plan macro
The Portfolio for Jira plan Confluence macro lets you embed a Portfolio for Jira Server and Data Center plan in a Confluence page. Join key stakeholders in the spaces where business goals are built and tracked, and share how work is progressing across multiple projects and teams.
Improved expand element replaces the macro
Content creators just got a better way to control the way information is presented. The existing expand macro has been replaced with a quicker, easier way to include the expand functionality. Insert the improved expand element using /expand or by inserting the element from the editor's Insert toolbar.

Bitbucket
New Code Review - Limit the amount of rendered diff content
Limits the amount of pull request content rendered in the diff and file tree to improve browser performance. Limits include the overall # of files and # of lines for the entire diff. Learn more

By 💫 Jimi Wikman in Atlassian · January 13, 20205 yr

0 comments
902 views

Yesterday youtuber MxR posted a video about them being extorted by a company called Jukin Media. As a result this has sparked quite a stir in the community and several prominent youtubers and influencers have sided with MxR against Jukin Media and it's despicable methods. YouTube is also getting it's fair share of critique for becoming a breeding ground for extortion of this type.
Henry Liang and Jeannie Lee who run the YouTube channel MxR Plays where they do reaction videos have received some questionable charges from a company called Jukin Media. This company seem to be one of the morally questionable copyright extortion companies that use threats and scare tactics to bully people to give them money for dubious claims of copyright infringements.
According to Henry and Jeannie they have tried to work with Jukin Media in the past by paying $2000 and working hard to try to avoid stepping on Jukin Media's toes. Considering that Jukin Media deal with small viral videos that are near impossible to find in their library as they are poorly tagged that seem almost impossible to avoid.
What happened is that Henry and Jeannie got contacted by Jukin media about a few clips in their video. This is nothing strange and regardless if you want to discuss if this is a legal issue or if it falls under fair use that is not what the Internet have reacted to. What people react to is the way Jukin Media acted when making this claim.
Many users online have reacted to the crude and threatening communication by Jukin Media that is in many way presented the same way criminal organizations ask for protection money or your store will be burned down. Like most other companies that "ambulance chase" targets for their extortion Jukin Media ask for compensation that is 30 times higher than the license fee of $49. For 4 clips that means that Henry and Jeannie got slapped with a bill of $6000 and a threat that Jukin Media will strike their channel.
Jukin Media really stepped into a hornets nest with their poor communication and tactics to protect their copyrighted material. Not only did they fail in working with MxR to find a mutually beneficial collaboration, they open themselves up for a counter lawsuit for extortion. On top of that they also have a PR nightmare on their hand, even if they do not seem to care about that based on their previous track record.
When dealing with these claims you should really need to look at what the law say before deciding what to do next. While Henry and Jeannie can take this to court it is a bit of a gamble due to the erosion of the law when it comes to copyright and fair use. The cost would also be far higher for them as this would play out in a country where the legal and financial protection for individuals are weak. Jukin Media know this of course and that is why they abuse the fear of being taken to court to extort people like Henry and Jeannie.
There are many examples of companies that use this tactic for abusing the way copyright is handled legally and it really stain the good about copyright protection. Weak and uneducated governments get bullied into making legal compromises by powerful media organizations to the point where this behavior is no longer the trademark of criminal organizations, but ethically compromised corporations.
I think Henry and Jeannie will land on their feet and find a solution together with Junkin Media. Henry and Jeannie have the support of so many influencers online so I think Jukin Media see that benefit of playing nice in this situation. Unfortunately Henry and Jeannie are not the only ones hit by this kind of behavior and with the degradation of YouTube towards it's content creators in the last years this will only be more common.
It's sad and I do not see any changes to the copyright situation anytime soon...

By 💫 Jimi Wikman in Interesting · January 11, 20205 yr

0 comments
1,267 views

Every week there are a lot of interesting news that I pick up and in this post you will find my best finds of the week divided into the main categories of this site: Management, Design, Requirement / QA, Development, Test and special interests such as Atlassian. Let us get into it.
Development
The Ultimate Guide to Dark Mode for Email Marketers - Alice Li over at Litmus take us through Dark Mode for Emails. ESLint v6.7.0 released - The javascript linting tool got a new update with some new features. Top New Features of Angular 9 - This Angular 9 preview post takes you through all the features coming in the latest version of Angular Release Notes for Safari Technology Preview 98 - Safari Technology Preview Release 98 is now available for download for macOS Catalina and macOS Mojave How to make your first JavaScript chart with JSCharting - A nice guide for how to get started with JSCharting that is easy to follow. Chrome 79 released with tab freezing, back-forward caching, and loads of security features - Pretty extensive article on what is new in Chrome 79. Firefox 71: A year-end arrival - Firefox also got a new release and this is what is in it. Pixels vs. Relative Units in CSS: why it’s still a big deal - Kathleen McMahon walk us through the importance of pixels vs relative units.
Security
Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules - India is proposing a new law that could have serious impact on security as well as technical impact. Exploit Fully Breaks SHA-1, Lowers the Attack Bar - A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption This password-stealing malware just got updated with new tactics to help it hide - Predator the Thief updated again with new tricks to make people's lives miserable. Accenture to Acquire Symantec's Security Services Unit from Broadcom - My old employer Accenture expands it's managed security services offerings and capabilities. TikTok Riddled With Security Flaws - Not really a surprise, but it is a bit troubling considering it's popularity among our younger generations. Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! - Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Chinese Malware Found Preinstalled on US Government-Funded Phones - Who would have guessed?
This is the first post of this type and I would like to know if you want more like this?
Also please add a comment if I missed anything important this week.

By 💫 Jimi Wikman in Interesting · January 10, 20205 yr

0 comments
1,200 views

During KotlinConf in December 2019 Jetbrains made a special announcement where they presented SPACE. This is Jetbrain's new collaborative tool that they refer to as a integrated team environment. In short this is a developer focused collaboration space that combines the power of tools such as GitHub, Slack, Azure DevOps, Confluence, Trello, and Outlook Calendar.
On paper this looks very impressive with a massive tool set. Once you start playing around with it it is even more impressive, even if there are some things that in the current release are a bit annoying. The perhaps most annoying part is that SPACE do not yet have a distraction free mode for the chat. Despite that it has pretty much everything you as a developer can need.
You have your documentation spaces, your issue tracker, chat, Git manager, code reviews and deployment tools. You even have integrations to the IDE if you are using IntelliJ and a ton of other stuff that really make this an amazing package for developers. SPACE is still very new and there are a lot of things being developed that will make this package even more impressive soon.
If we look at the areas where SPACE seem to be lacking at the moment I have seen some negative comments regarding it's UI and UX. Personally I do not think it's to bad and having worked with developers for a long time I know that they are usually not that concerned about esthetics as long as it make their life easier. It can use some love for sure, but that is not my main concern to be honest.
This is very much a developers setup and as such it lack the business side of things. While documents is planned and while there is a checklist feature that will not take care of business planning or requirement management. SPACE would either need to have integrations for these kind of tools, or Jetbrains need to build them. I also would like to see some form of design system tied into this so they can have this as a complete tool set.
I love the first iteration of SPACE and I think a lot of developers will want to use it. The lack of support for business processes however probably will limit the number of companies that will embrace SPACE at the moment. It will probably be a year or two before we will see it in the bigger organizations and until then I think it will put some pressure on other tools to step up their game.

By 💫 Jimi Wikman in Interesting · January 9, 20205 yr

0 comments
1,129 views

Pulse Secure, a provider of secure VPN, urged customers today to immediately apply a security patch if they have not yet done so. The advice comes from reports over the last few days of attackers exploiting a flaw to deliver ransomware on enterprise systems. It can even be used to delete data backups and disable endpoint security tools.
This flaw has been present for some time and Kevin Beaumont who first reported the attacks this weekend have outlined its backstory since it was discovered in April 2019. It is believed that it was this flaw that was used to attack travel insurance and currency exchange provider Travelex, which experienced a massive service disruption this week following a reported ransomware attack on its systems on New Year's Eve.
This flaw, that exists in multiple versions of Pulse Connect Secure and Pulse Policy Secure, gives remote attackers a way to connect via HTTPS to an enterprise network without needing any valid username or password. Attackers can use the flaw to view logs and files, turn-off multifactor authentication, download arbitrary files, and execute malicious code on enterprise networks.The attacker can also see cached passwords in plain text, including Active Directory account passwords.
According to threat intelligence firm Bad Packets, at least 3,825 Pulse Secure VPN servers remain unpatched and vulnerable to attack as of January 3, 2020. More than 1,300 of the vulnerable systems are located in the United States. According to Kevin Beaumont, Travelex had seven unpatched Pulse Secure servers when it was attacked on New Year's Eve.
It is strongly suggested that if you use Pulse Connect Secure or Pulse Policy Secure that you take this seriously and ensure that you have applied all the latest patches. Ransomeware like Sodinokibi, also known as REvil, is no joke and it can cripple or even destroy companies it affects.

By 💫 Jimi Wikman in Ways of working · January 7, 20205 yr

0 comments
923 views

How to manage projects the right way based on contract types
How to manage projects the right way based on contract types

💫 Jimi Wikman · September 27Sep 27

If you work in the IT industry, or similar industries, you probably have struggled with project management. Not only to execute them, but also how to define them to the customers when drafting contracts and work breakdown structures (wbs). I see this all the time, and the core reason is a misunderstanding on what a project is and when something is NOT a project. The second problem I see is that people treat everything the same in terms of responsibilities and execution, which causes a lot of pro
- project management
- Ways of Working,
💫 Jimi Wikman

September 27Sep 27

💫 Jimi Wikman

September 27Sep 27
- 0 comments
- 240 views
Atlassian Data Center is officially ending on March 28, 2029
Atlassian Data Center is officially ending on March 28, 2029

💫 Jimi Wikman · September 10Sep 10

And so it came, the official announcement that Atlassian is putting Jira Data Center, Confluence Data Center and Jira Service Management Data Center to rest permanently on March 28, 2029. It is not a surprise as we have suspected that this would happen for a few years now, but the announcement still hit like a virtual truck in the Atlassian community. This is especially true for Marketplace app companies that are now seeing their hard work turn to ash. What do we know about Atlassian Data Cente
- Atlassian,
💫 Jimi Wikman

September 10Sep 10

💫 Jimi Wikman

September 10Sep 10
- 0 comments
- 542 views
Atlassian renames Jira Project to Jira Spaces
Atlassian renames Jira Project to Jira Spaces

💫 Jimi Wikman · June 23Jun 23

After almost a decade of complaining about the misaligned term "Jira Project" that does not fit what it actually represents, Atlassian FINALLY announced that the term will change to Jira Spaces. I have known about this for a while, but now that it is finally revealed publicly, I can rejoice and celebrate this change fully. For those of you that don't know what the fuss is about, the term Project has never really fit the work we do in Jira, as the majority of work for most organizations are conti
- Atlassian, Jira, Jira Service Management, Jira Product Discovery,
💫 Jimi Wikman

June 23Jun 23

💫 Jimi Wikman

June 23Jun 23
- 0 comments
- 1,220 views
Communication has never been the solution, understanding is what we need.
Communication has never been the solution, understanding is what we need.

💫 Jimi Wikman · May 29May 29

Every organization have communication plans. Every team communicate all the time, both internally and externally with those they collaborate. We talk, email, chat and have video calls all day in an endless stream of communication. Yet we continuously fail in our work. Even though we praise Agile as the savior to fix the problems, or put project management tools to align and manage things... we still fail. Projects never get done on time or budget. People still sit frustrated and confused, tryin
- communication
- reqirements
- Requirements, Ways of Working,
💫 Jimi Wikman

May 29May 29

💫 Jimi Wikman

May 29May 29
- 0 comments
- 787 views
The balance between Chaos and Red tape - the cost of failure is very high
The balance between Chaos and Red tape - the cost of failure is very high

💫 Jimi Wikman · March 24Mar 24

If you spend any time in the ecosystem of work processes, methodologies and frameworks you have undoubtedly encountered people that claim that one way or another is the only way to do things and if you disagree, then you are stupid, uneducated or even evil. These are the fanatics bordering on cultists clinging to one way to rule all ways and there is little point arguing with such people, unless you like me enjoy a bit of an argument just to see what their point of view actually is. There is of
- Psychology, Ways of Working,
💫 Jimi Wikman

March 24Mar 24

💫 Jimi Wikman

March 24Mar 24
- 0 comments
- 1,310 views

Benefits of Using ReactJS for Your Web Development Project
Benefits of Using ReactJS for Your Web Development Project

°selena emani · February 3, 20232 yr

Introduction ReactJS Development Company is a software development firm specializing in the development of web applications using the ReactJS library. ReactJS is a popular JavaScript library for building user interfaces, and it is known for its improved performance, reusable components, ease of use, and strong community support. At ReactJS Development Company, our team of skilled developers has extensive experience in building complex and scalable web applications using ReactJS. Our developers h
- frontend
- reactjs
- Development,
°selena emani

February 3, 20232 yr

💫 Jimi Wikman

October 27Oct 27
- 1 comment
- 1,034 views
Kotlin Vs. Java: Which is Best for Developing Android Apps?
Kotlin Vs. Java: Which is Best for Developing Android Apps?

+ Erma Winter · January 20, 20223 yr

For more than two decades, Java was one of the more sought-after programming languages used on a variety of devices. Since the beginning, mobile apps developers have relied on Java to create hundreds of applications. In May 2019, Google announced that Kotlin was the preferred programming language for the Google Play Store for Android applications. To develop a successful mobile app, it is crucial to choose the best among Kotlin vs Java languages. Let’s learn what these languages are, their pros
- java
- kotlin
- Development,
+ Erma Winter

January 20, 20223 yr

+ Erma Winter

January 20, 20223 yr
- 0 comments
- 50 views

Sign In

My Articles

Adult site leaks sensitive data - Severe threat to thousands of people

critical wordpress plugin bug exposes 320.000 sites to attack

Polypane 2.1 released - Edit all your panes at the same time

javascript Next.js 9.2 released

Teknik Magasinet file for bankrupcy - Another swedish company goes down

Windows 10 critical vulnerabilities - NSA warn and urge to install security patch

New Edge browser from Microsoft is rolling out today to windows 10 users

Atlassian Cloud changes Jan 6 to Jan 13, 2020

YouTuber MxR extorted by Jukin Media

Happenings of the week - Week 2, 2020

SPACE from JetBrains - The integrated team environment

pulse secure Pulse Secure VPN Security issue used in Ransomeware attacks

Categories

My Latest Articles

How to manage projects the right way based on contract types

Atlassian Data Center is officially ending on March 28, 2029

Atlassian renames Jira Project to Jira Spaces

Communication has never been the solution, understanding is what we need.

The balance between Chaos and Red tape - the cost of failure is very high

Latest Community articles

Benefits of Using ReactJS for Your Web Development Project

Kotlin Vs. Java: Which is Best for Developing Android Apps?

Who's Online (See full list)

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)