A New Open Video Alliance, XSS Security Tool, and Font in This Week’s Wrap Up

Open Source Wrap Up: August 29 – September 4, 2015

Sleepy Puppy: A New Open Source XSS Flaw Detection Tool

Netflix has released Sleepy Puppy: a tool for detecting flaws in XSS. The tool has been created in an effort to fight malicious cross-site scripting, which is a type of vulnerability that allows attackers to execute arbitrary scripts in a victim’s browser. XSS vulnerabilities have been one of the leading security vulnerabilities for more than 10 years, with an estimated 47% of all websites containing a vulnerability of this type. Sleepy Puppy helps prevent these attacks by providing an XSS payload management framework that makes it simpler for engineers to capture, manage, and track XSS propagation. Netflix seeks outside involvement in the development of this software, and the code is hosted on their GitHub account.

For more information, read the official blog post from Netflix.

New Version of Hack: Open Source Font for Source Code

Hack is an open source font that is optimized for use in source code and version 2.0 of this font has officially been released. It is designed to appear best in the 8px-12px range and displays extremely well on high definition devices. It improves legibility by using minimal stroke contrast, large x-height, and wide apertures. It helps functionality by using fills in zero counters, curved tails on select glyphs, rounded square alphabetic points, and semi-bold punctuation weight. Finally it’s free to modify, print, distribute, and use commercially. Hack can be downloaded from Source Foundry.

New Alliance to Promote Open Video Codecs

Netflix, Intel, Google, Cisco, Mozilla, Amazon, and Microsoft have joined forces to launch the Alliance for Open Media. This alliance will develop a next-generation video format that is interoperable, optimized for the web, scalable to any modern device, designed with a low computational footprint, and provided royalty-free. The alliance will operate under W3C patent rules and the code will be released under an Apache 2.0 license. The alliance will also share legal resources in order to protect all companies and individuals who use the codecs.

For more information, read the official announcement.

Linux 4.2 is Released

With limited fanfare, Linux 4.2 has been released by Linus Torvalds. As usual, it features a large number of new features and fixes, most notably, it includes security module stacking patches, the delay-gradient confestion-control algorithm, improvements to writeback management in control groups, and more. It also includes the addition of he AMDGPU kernel DRM driver to the mainline. Finally, there have been improvements made to processors including support for more ARM devices, cleaned up x86 assembly code, and schedule tweaks and improvements.

For more information, read the LKML thread from Torvalds.