Voten.co a Real-Time Reddit Alternative Launches Public Beta

Voten, founded by two former Redditors Sully Fischer and Moein Nahri, a new self-funded social bookmarking platform just launched its first public beta release.

“Voten is the first real-time social bookmarking platform on the internet, ” the former Redditor Sully Fischer said in the release, “Notifications, messaging system and nested commenting system they all work in real-time. The number of online users can be seen on each conversation”.

After Victoria Taylor’s Dismissal by Reddit and the follow-ups, Voat.co’s disability in handling traffic, the founders decided to provide users a community that they deserve, a place where their vote actually matters, someplace that is safe, stable, modern and easy to use.

You can submit text, links, photos, photo albums, GIF’s, and in the future video support will be added. Plus you can bookmark within Voten, everything from submissions, comments, channels and users.

The app itself is powered by Laravel, Vue.js, Socket.io, and Node. It’s super fast and has a clean and minimal feel that you make your own by customing the colors, fonts, filters for content, and more. After the final release, Voten will also go open-source.

Voten has been in development and testing for two years, and it’s now ready for those who’ve been looking for a perfect alternative platform to Reddit that is real-time, well-designed, highly customizable yet simple to use.

Registration is now open and using an email address is optional, signup and give it a try.

Opera Improves it’s Browser with Sidebar Chat

Opera released a new update to the browser adding an embedded sidebar for some of the popular chat services including Facebook Messenger, WhatsApp, and Telegram. It also received an update with its user interface for a fresh look and feel.

The biggest feature though is the side messenger:

Social messengers completely changed our lives, by allowing us to work, discover new things and communicate at the same time. This shift has come with smartphones, but desktops and laptops, while theoretically more powerful multitasking tools, have been left behind.

Browsing and chatting simultaneously is cumbersome and inefficient now, as you need to switch between tabs when responding to a message. We believe this needs to change. That’s why we bring you Opera Reborn, the first browser to allow messengers to reside within your browser, without the need to install any extensions or apps.

I do agree with them that have all the chat apps sitting around is cumbersome and annoying. On an average day, I have Slack, Telegram, and iMessage always open and always sitting right in front of me. I’d much rather have all those integrated into one, and a browser sidebar is a logical place since so many use the browser all day long.

I downloaded this new Safari today and I’m enjoying it. It still supports some of my most needed tools like 1Password, but it’s missing other stuff like Grammarly that I really want.

Also interesting is some of the features they’ve added recently, an included VPN and native ad-blocking. Plus it runs on Chromium, so you get dev tools you will be comfortable with. Opera seems like it could be a solid choice for a new default browser.

Ponzu – A CMS and Server Framework Written in Go

Ponzu is a new CMS and server framework written in Go that allows you to use the built-in CLI to generate most of the project code, and then use your language of choice to get data out from the JSON HTTP API. It provides automatic, free, and secure HTTP/2 over TLS (certificates obtained via Let’s Encrypt), a useful CMS and scaffolding to generate content editors, and a fast HTTP API on which to build modern applications.

“Ponzu is a project born out of frustration with tools like WordPress, even though the CMS is great, the developer experience is poor,” Steve Manuel one of the developers said, “I wanted a developer experience like Rails, but with real performance and a CMS like WordPress – thus, Ponzu.”

Here is an example of how it works. First, use the CLI tool to generate your fields:

ponzu gen content song title:"string" artist:"string" rating:"int" opinion:"string":richtext spotify_url:"string"

Then it magically turns that into a CMS:

It also includes:

  • Free & Automatic HTTPS through Let’s Encrypt
  • Automatic HTTP/2 integration (Server Push & more)
  • Content type code generator
  • Flexible CMS and JSON APIs for content, files, search
  • Full-text search

They also have a twenty-eight-minute tutorial video available giving an overview of how it all works:

You can find out more on their Github repo, the documentation, and stay up with the project through Twitter.

The Insomnia Rest Client Goes Open Source

Insomnia is a REST client, built on top of Electron that is available on Mac, Windows, and Linux announced it’s open sourcing the codebase under the GPLv3 license.

In the announcement, Gregory Schier the project had this to say on why it wasn’t open sourced sooner:

So why not open-source sooner? Fear. Fear of public judgment, fear of being told my code sucks, fear of showing how much time I spent on it. Being independent leaves you wide open with nothing to hide behind. You are the product, and the product embodies your personality. If the product is a failure, so are you. Exposing the code that powers the product just adds another dimension to criticize. That’s what the voices in my head keep repeating, anyway.

Also, on their blog, they are documenting their path to taking Insomnia from a hobby project into a full-time job and also including monthly recurring revenue:

As a part time bootstrapper myself I love seeing the paths other people are taking to take their dream from just something fun to do, to something more.

For more information on the Insomnia Rest Client, check out their offical site and the Github repo.

Visual Studio for the Mac

Today Microsoft released Visual Studio 2017 for the Mac.

Use Visual Studio 2017 for Mac to develop apps for Android, macOS, iOS, tvOS, watchOS, web, and cloud. Code fast, debug, and diagnose with ease, test often, and release with confidence. Use version control, be agile, and collaborate efficiently with this new release!

With this initial release, it includes a full-featured source editor, code search and navigation, a powerful debugger, a customizable workspace, Git integration, and a rich extension system. However, it is missing support for some common languages like Go, Ruby, and PHP and Miguel (migueldeicaza) said the following on Hacker News:

We will be adding support for more languages. We will be doing that with the Language Server Protocol effort that was started at Microsoft and is currently in use by VSCode and other languages.

So that is a positive for those that are looking to use it and are using languages that are not currently supported. I’ve heard from other developers that Visual Studio on Windows is an excellent IDE.

Another nice feature that is that it includes support for TextMate language bundles, which you can use to add:

  • Editor color themes.
  • Code snippets.
  • Grammars for new languages, enabling highlighting, and basic IntelliSense.

So although it doesn’t get full support for languages like PHP you can still get basic syntax highlighting through Textmate bundles or stick with their Visual Studio Code offering.

Grammarly raises $110 million

As reported by TechCrunch, Grammarly just raised $110 million in funding:

Grammarly has been quietly building a freemium grammar checker to help students, writers and people who want to make a good impression on social media or email. Now they’re raising $110 million from General Catalyst, IVP and Spark Capital to take their business to the next level.

This is the first venture round for the eight-year-old startup. Investors are betting big because Grammarly has already shown itself to be profitable.

It’s “growing faster than anything we normally see in San Francisco,” said Jules Maltz, general partner at IVP. “We expect this to be a meaningful company in the years to come.”

I first found Grammarly a few years ago, see Write better with Grammarly for an overview, and it’s been an insanely useful tool. Automatic checking when writing emails, new posts in WordPress, and everything in between. Anything on the web that has textarea, Grammarly will check it.

I hope this helps them grow the company and improve the underlying technology even more.

Programmable Bank Account for Software Developers

Root is a programmable bank account for software developers that is designed to allow you to write code that can interact with all parts of your account. It’s aiming to officially launch in June of this year.

You will be able to extend your bank account by writing what they call, RootCode, which is JavaScript stored on their servers. If you’ve ever created a custom Zap with Zapier it looks similar to how that is done.

Example RootCode

You may be wondering why this would be useful, and they’ve outlined a few examples of what you could do through custom code:

Custom notifications: You’re trying to cut back on how much you spend on coffee. So you write a bit of code to help you. Each time you buy a coffee you get a custom SMS notification that tells you how much money you’ve spent on coffee in the past week.

Savings card: You want to visit Thailand, but you’re struggling to save money for the trip. So you write some code that rounds up each card transaction you make to the nearest R5, and adds that to your savings account.

Budgeting: You’re trying to keep track of how much you spend week-on-week. So you write some code that sends your transaction data to Google Sheets, where you can create charts comparing your weekly spend.

Root is backed by Standard Bank South Africa and although it doesn’t specifically say, I assume you will need to from that country to use it. I love that they are making this, and I hope other banks follow their lead. For more information and to signup for the beta visit the Root website.

Refactoring is like changing a diaper

Today Chris Gmyr‏ Tweeted this out and I thought it was brilliant. So good in fact, I spent a few minutes and turned it into a little infographic:

Refactoring is like changing a diaper

Exploitbox: WordPress Unauthorized Password Reset Vulnerability

On the Exploitbox site Dawid Golunski shares a 0 day vulnerability in the WordPress core affecting all versions:

The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner’s account.

They include the following code sample from the core:

------[ wp-includes/pluggable.php ]------

...

if ( !isset( $from_email ) ) {
        // Get the site domain and get rid of www.
        $sitename = strtolower( $_SERVER['SERVER_NAME'] );
        if ( substr( $sitename, 0, 4 ) == 'www.' ) {
                $sitename = substr( $sitename, 4 );
        }

        $from_email = 'wordpress@' . $sitename;
}

Because SERVER_NAME can be modified, an attacker could set it to an arbitrary domain of his choice e.g: “attackers-mxserver.com” which would result in WordPress setting the $from_email to “wordpress@attackers-mxserver.com” and thus result in an outgoing email with From/Return-Path set to this malicious address.

If you are running Apache, you can patch this yourself by adjusting the UseCanonicalName Directive or ensuring the from_email is always set.

On the Dewhurst Security Blog they outline what it takes to be vulnerable:

From what we can see, this vulnerability can only be exploited against the default virtual host. The virtual host (domain) the web server will default to. You are vulnerable if your domain running WordPress is the only domain on the server, or, if your domain is the default one. That coupled with the exploitation requirement for the victim to somehow respond to the email, we believe it is pretty unlikely that this will be a major issue affecting WordPress users. Nevertheless, under the correct circumstances, there is a risk here.

For more information, you can read CVE-2017-8295 here and I’m sure a WordPress core update will be out soon.

Update: May 5, 2017WP Tavern has an article covering this vulnerability with a code fix that you can add to a plugin:

add_filter( 'wp_mail_from', function( $from_email ) { return 'wordpress@mysite.com'; } );

Airbnb acquired Deco and the Deco IDE will be Open Sourced

Deco is an app I first heard about a year ago and it looked great for those working with React Native. The company behind it, Deco Software, has just been acquired by Airbnb.

Today, we are excited to share that the entire Deco Software team is joining Airbnb where we will continue to advance tooling for designers and engineers. While we will no longer officially support Deco IDE as a product, it will live on as a free and open source project.

Looking at the Github repo of the IDE it appears the app hasn’t been updated in a while, I didn’t see any commits from 2017, so it appears to me that the project will be no longer under active development and will rely on the community but no specifics are added around who will be in control of handling issues, pull requests, etc. So I’m lead to believe it’ll be no longer actively developed.