Viaweb was a web-based application that allowed users to build and host their own online stores with little technical expertise using a web browser. The company was started in July 1995 by Paul Graham, Robert Morris (using the pseudonym "John McArtyem"), and Trevor Blackwell. Graham claims Viaweb was the first application service provider. Viaweb was also unusual for being partially written in the Lisp programming language. The software was originally called Webgen, but another company was using the same name, so the company renamed it to Viaweb, "because it worked via the Web". In 1998, Yahoo! Inc. bought Viaweb for 455,000 shares of Yahoo! capital stock, valued at about $49 million, and renamed it Yahoo! Store. Viaweb's example has been influential in Silicon Valley's entrepreneurial culture, largely due to Graham's widely read essays and his subsequent career as a successful venture capitalist.
Security.txt
security.txt is an accepted standard for website security information that allows security researchers to report security vulnerabilities easily. The standard prescribes a text file named security.txt in the well known location, similar in syntax to robots.txt but intended to be machine and human readable, for those wishing to contact a website's owner about security issues. security.txt files have been adopted by Google, GitHub, LinkedIn, and Facebook. == History == The Internet Draft was first submitted by Edwin Foudil in September 2017. At that time it covered four directives, "Contact", "Encryption", "Disclosure" and "Acknowledgement". Foudil expected to add further directives based on feedback. In addition, web security expert Scott Helme said he had seen positive feedback from the security community while use among the top 1 million websites was "as low as expected right now". In 2019, the Cybersecurity and Infrastructure Security Agency (CISA) published a draft binding operational directive that requires all US federal agencies to publish a security.txt file within 180 days. The Internet Engineering Steering Group (IESG) issued a Last Call for security.txt in December 2019 which ended on January 6, 2020. A study in 2021 found that over ten percent of top-100 websites published a security.txt file, with the percentage of sites publishing the file decreasing as more websites were considered. The study also noted a number of discrepancies between the standard and the content of the file. In April 2022 the security.txt file has been accepted by Internet Engineering Task Force (IETF) as RFC 9116. == File format == security.txt files can be served under the /.well-known/ directory (i.e. /.well-known/security.txt) or the top-level directory (i.e. /security.txt) of a website. The file must be served over HTTPS and in plaintext format.
Shell Control Box
Shell Control Box (SCB) is a network security appliance that controls privileged access to remote IT systems, records activities in replayable audit trails, and prevents malicious actions. For example, it records as a system administrator updates a file server or a third-party network operator configures a router. The recorded audit trails can be replayed like a movie to review the events as they occurred. The content of the audit trails is indexed to make searching for events and automatic reporting possible. SCB is a Linux-based device developed by Balabit. It is an application level proxy gateway. In 2017, Balabit changed the name of the product to Privileged Session Management (PSM) and repositioned it as the core module of its Privileged Access Management solution. == Main Features == Balabit’s Privileged Session Management (PSM), Shell Control Box (SCB) is a device that controls, monitors, and audits remote administrative access to servers and network devices. It is a tool to oversee system administrators by controlling the encrypted connections used for administration. PSM (SCB) has full control over the SSH, RDP, Telnet, TN3270, TN5250, Citrix ICA, and VNC connections, providing a framework (with solid boundaries) for the work of the administrators. === Gateway Authentication === PSM (SCB) acts as an authentication gateway, enforcing strong authentication before users access IT assets. PSM can also integrate to user directories (for example, a Microsoft Active Directory) to resolve the group memberships of the users who access the protected servers. Credentials for accessing the server are retrieved transparently from PSM’s credential store or a third-party password management system by PSM impersonating the authenticated user. This automatic password retrieval protects the confidentiality of passwords as users can never access them. === Access Control === PSM controls and audits privileged access over the most wide-spread protocols such as SSH, RDP, or HTTP(s). The detailed access management helps to control who can access what and when on servers. It is also possible to control advanced features of the protocols, like the type of channels permitted. For example, unneeded channels like file transfer or file sharing can be disabled, reducing the security risk on the server. With PSM policies for privileged access can be enforced in one single system. === 4-eyes Authorization === To avoid accidental misconfiguration and other human errors, PSM supports the 4-eyes authorization principle. This is achieved by requiring an authorizer to allow administrators to access the server. The authorizer also has the possibility to monitor – and terminate - the session of the administrator in real-time, as if they were watching the same screen. === Real-time Monitoring and Session Termination === PSM can monitor the network traffic in real time, and execute various actions if a certain pattern (for example, a suspicious command, window title or text) appears on the screen. PSM can also detect specific patterns such as credit card numbers. In case of detecting a suspicious user action, PSM can send an e-mail alert or immediately terminate the connection. For example, PSM can block the connection before a destructive administrator command, such as the „rm” comes into effect. === Session Recording === PSM makes user activities traceable by recording them in tamper-proof and confidential audit trails. It records the selected sessions into encrypted, timestamped, and digitally signed audit trails. Audit trails can be browsed online, or followed real-time to monitor the activities of the users. PSM replays the recorded sessions just like a movie – actions of the users can be seen exactly as they appeared on their monitor. The Balabit Desktop Player enables fast forwarding during replays, searching for events (for example, typed commands or pressing Enter) and texts seen by the user. In the case of any problems (database manipulation, unexpected shutdown, etc.) the circumstances of the event are readily available in the trails, thus the cause of the incident can be identified. In addition to recording audit trails, transferred files can be also recorded and extracted for further analysis.
Multi-model database
In the field of database design, a multi-model database is a database management system designed to support multiple data models against a single, integrated backend. In contrast, most database management systems are organized around a single data model that determines how data can be organized, stored, and manipulated. Document, graph, relational, and key–value models are examples of data models that may be supported by a multi-model database. == Background == The relational data model became popular after its publication by Edgar F. Codd in 1970. Due to increasing requirements for horizontal scalability and fault tolerance, NoSQL databases became prominent after 2009. NoSQL databases use a variety of data models, with document, graph, and key–value models being popular. A multi-model database is a database that can store, index and query data in more than one model. For some time, databases have primarily supported only one model, such as: relational database, document-oriented database, graph database or triplestore. A database that combines many of these is multi-model. This should not be confused with multimodal database systems such as Pixeltable or ApertureDB, which focus on unified management of different media types (images, video, audio, text) rather than different data models. For some time, it was all but forgotten (or considered irrelevant) that there were any other database models besides relational. The relational model and notion of third normal form were the default standard for all data storage. However, prior to the dominance of relational data modeling, from about 1980 to 2005, the hierarchical database model was commonly used. Since 2000 or 2010, many NoSQL models that are non-relational, including documents, triples, key–value stores and graphs are popular. Arguably, geospatial data, temporal data, and text data are also separate models, though indexed, queryable text data is generally termed a "search engine" rather than a database. The first time the word "multi-model" has been associated to the databases was on May 30, 2012 in Cologne, Germany, during the Luca Garulli's key note "NoSQL Adoption – What’s the Next Step?". Luca Garulli envisioned the evolution of the 1st generation NoSQL products into new products with more features able to be used by multiple use cases. The idea of multi-model databases can be traced back to Object–Relational Data Management Systems (ORDBMS) in the early 1990s and in a more broader scope even to federated and integrated DBMSs in the early 1980s. An ORDBMS system manages different types of data such as relational, object, text and spatial by plugging domain specific data types, functions and index implementations into the DBMS kernels. A multi-model database is most directly a response to the "polyglot persistence" approach of knitting together multiple database products, each handing a different model, to achieve a multi-model capability as described by Martin Fowler. This strategy has two major disadvantages: it leads to a significant increase in operational complexity, and there is no support for maintaining data consistency across the separate data stores, so multi-model databases have begun to fill in this gap. Multi-model databases are intended to offer the data modeling advantages of polyglot persistence, without its disadvantages. Operational complexity, in particular, is reduced through the use of a single data store. == Benchmarking multi-model databases == As more and more platforms are proposed to deal with multi-model data, there are a few works on benchmarking multi-model databases. For instance, Pluciennik, Oliveira, and UniBench reviewed existing multi-model databases and made an evaluation effort towards comparing multi-model databases and other SQL and NoSQL databases respectively. They pointed out that the advantages of multi-model databases over single-model databases are as follows : == Architecture == The main difference between the available multi-model databases is related to their architectures. Multi-model databases can support different models either within the engine or via different layers on top of the engine. Some products may provide an engine which supports documents and graphs while others provide layers on top of a key-key store. With a layered architecture, each data model is provided via its own component. == User-defined data models == In addition to offering multiple data models in a single data store, some databases allow developers to easily define custom data models. This capability is enabled by ACID transactions with high performance and scalability. In order for a custom data model to support concurrent updates, the database must be able to synchronize updates across multiple keys. ACID transactions, if they are sufficiently performant, allow such synchronization. JSON documents, graphs, and relational tables can all be implemented in a manner that inherits the horizontal scalability and fault-tolerance of the underlying data store. == Theoretical Foundation for Multi-Model Databases == The traditional theory of relations is not enough to accurately describe multi-model database systems. Recent research is focused on developing a new theoretical foundation for these systems. Category theory can provide a unified, rigorous language for modeling, integrating, and transforming different data models. By representing multi-model data as sets and their relationships as functions or relations within the Set category, we can create a formal framework to describe, manipulate, and understand various data models and how they interact.
Telebirr
Telebirr (Amharic: ቴሌብር) is a mobile payment service developed and was launched by Ethio telecom, the state owned telecommunication and Internet service provider in Ethiopia. It took five months to develop the end-to-end service. It facilitates the delivery of cashless transactions. The platform deployed currently has the capacity of processing up to 100 transactions per second (TPS) and can be scaled up to 1000 TPS. The service is accessible via SMS, USSD, and smartphone applications. Telebirr works in five languages. == Services == Though the service is fully accessible for any customer of Ethio telecom, the users need to register through the mobile application called Telebirr or using an authorized agent or Ethio telecom shop or Unstructured Supplementary Service Data (USSD), 127# nationally. However, Telebirr also provides a “quick registration” by using any information that already exists in Ethio telecom's system.
Facebook Messenger
Messenger (formerly known as Facebook Messenger) is an American proprietary instant messaging service developed by Meta Platforms, the company that operates Facebook. Originally developed as Facebook Chat in 2008, the client application of Messenger is currently available on iOS and Android mobile platforms, Windows and macOS desktop platforms, through the Messenger.com web application, and on the standalone Meta Portal hardware. Messenger is used to send messages and exchange photos, videos, stickers, audio, and files, and also react to other users' messages and interact with bots. The service also supports voice and video calling. The standalone apps support using multiple accounts, conversations with end-to-end encryption, and playing games. There are also group chats where you can connect with multiple people at once in a private space such as Panama Chat. With a monthly userbase of over 1 billion people, it is among the largest social media platforms. == History == Following tests of a new instant messaging platform on Facebook in March 2008, the feature, then-titled "Facebook Chat", was gradually released to users in April 2008. Facebook revamped its messaging platform in November 2010, and subsequently acquired group messaging service Beluga in March 2011, which the company used to launch its standalone iOS and Android mobile apps on August 9, 2011. Facebook later launched a BlackBerry version in October 2011. An app for Windows Phone, though lacking features including voice messaging and chat heads, was released in March 2014. In April 2014, Facebook announced that the messaging feature would be removed from the main Facebook app and users will be required to download the separate Messenger app. An iPad-optimized version of the iOS app was released in July 2014. On April 8, 2015, Facebook launched a website interface for Messenger. A Tizen app was released on July 13, 2015. Facebook launched Messenger for Windows 10 in April 2016. In October 2016, Facebook released Messenger Lite, a stripped-down version of Messenger with a reduced feature set. The app is aimed primarily at old Android phones and regions where high-speed Internet is not widely available. In April 2017, Messenger Lite was expanded to 132 more countries. In May 2017, Facebook revamped the design for Messenger on Android and iOS, bringing a new home screen with tabs and categorization of content and interactive media, red dots indicating new activity, and relocated sections. Facebook announced a Messenger program for Windows 7 in a limited beta test in November 2011. The following month, Israeli blog TechIT leaked a download link for the program, with Facebook subsequently confirming and officially releasing the program. The program was eventually discontinued in March 2014. A Firefox web browser add-on was released in December 2012, but was also discontinued in March 2014. In December 2017, Facebook announced Messenger Kids, a new app aimed for persons under 13 years of age. The app comes with some differences compared to the standard version. In 2019, Messenger announced to be the 2nd most downloaded mobile app of the decade, from 2011 to 2019. In December 2019, Messenger dropped support for users to sign in using only a mobile number, meaning that users must sign in to a Facebook account in order to use the service. In March 2020, Facebook started to ship its dedicated Messenger for macOS app through the Mac App Store. The app is currently live in regions including France, Australia, Mexico, Poland, and many others. In April 2020, Facebook began rolling out a new feature called Messenger Rooms, a video chat feature that allows users to chat with up to 50 people at a time. The feature rivals Zoom, an application that gained a lot of popularity during the COVID-19 pandemic. Privacy concerns arose since the feature uses the same data collection policies as mainstream Facebook. In July 2020, Facebook added a new feature in Messenger that lets iOS users to use Apple's Face ID or Touch ID to lock their chats. The feature is called App Lock and is a part of several changes in Messenger regarding privacy and security. The option to view only "Unread Threads" was removed from the inbox, requiring the account holder to scroll through the entire inbox to be certain every unread message has been seen. On October 13, 2020, the Messenger application introduced cross-app messaging with Instagram, which was launched in September 2021. In addition to the integrated messaging, the application announced the introduction of a new logo, which should be an amalgamation of the Messenger and Instagram logo. The desktop app of Messenger was shut down on December 15, 2025. Messaging services were moved to the Facebook website or Messenger's site for those without an account on the former. The Messenger site was discontinued on April 16, 2026. Messaging services were moved to the Facebook website on the morning of April 17, 2026 without an Messenger account on the former to use Facebook account. == Features == The following is a table of features available in Messenger, as well as their geographical coverage and what devices they are available on. In addition there is a vanishing message feature. In addition there is an audio recording feature which allows audio recordings of up to one minute which may or may not be vanishing: === Messenger Rooms === It is a video conferencing feature of Messenger. It allows users to add up to 50 people at a time. Messenger Rooms does not require a Facebook account. Messenger Rooms competes with other services such as Zoom. Back in 2014, Facebook introduced an unrelated, stand-alone application named Rooms, letting users create places for users with similar interests, with users being anonymous to others. This was shut down in December 2015. In April 2020, during the COVID-19 pandemic, Facebook revealed video conferencing features for Messenger called Messenger Rooms. This was seen as a response to the popularity of other video conferencing platforms such as Zoom and Skype in the midst of the COVID-19 pandemic. Messenger Rooms allows users to add up to 50 people per room, without restrictions on time. It does not require a Facebook account or a separate app from Messenger. When used, it only prompts the user for basic information. Users can add 360° virtual backgrounds, mood lighting, and other AR effects as well as share screens. To prevent unwanted participants from joining, users can lock rooms and remove participants. Some have voiced concerns in regards to Messenger Room's privacy and how its parent, Facebook, handles data. Messenger Rooms, unlike some of its competitors, does not use end-to-end encryption. In addition, there have been concerns over how Messenger Rooms collects user data. == Monetization == In January 2017, Facebook announced that it was testing showing advertisements in Messenger's home feed. At the time, the testing was limited to a "small number of users in Australia and Thailand", with the ad format being swipe-based carousel ads. In July, the company announced that they were expanding the testing to a global audience. Stan Chudnovsky, head of Messenger, told VentureBeat that "We'll start slow ... When the average user can be sure to see them we truly don't know because we're just going to be very data-driven and user feedback-driven on making that decision". Facebook told TechCrunch that the advertisements' placement in the inbox depends on factors such as thread count, phone screen size, and pixel density. In a TechCrunch editorial by Devin Coldewey, he described the ads as "huge" in the space they occupy, "intolerable" in the way they appear in the user interface, and "irrelevant" due to the lack of context. Coldewey finished by writing "Advertising is how things get paid for on the internet, including TechCrunch, so I'm not an advocate of eliminating it or blocking it altogether. But bad advertising experiences can spoil a perfectly good app like (for the purposes of argument) Messenger. Messaging is a personal, purposeful use case and these ads are a bad way to monetize it." == Reception == In November 2014, the Electronic Frontier Foundation (EFF) listed Messenger (Facebook chat) on its Secure Messaging Scorecard. It received a score of 2 out of 7 points on the scorecard. It received points for having communications encrypted in transit and for having recently completed an independent security audit. It missed points because the communications were not encrypted with keys the provider didn't have access to, users could not verify contacts' identities, past messages were not secure if the encryption keys were stolen, the source code was not open to independent review, and the security design was not properly documented. As stated by Facebook in its Help Center, there is no way to log out of the Messenger application. Instead, users can choose between different availability statuses, including "Appear as inactive", "S
Thunderspy
Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid (i.e., attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that. According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes." The malicious firmware is used to clone device identities which makes classical DMA attack possible. == History == The Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of Eindhoven University of Technology in the Netherlands on 10 May 2020. Thunderspy is similar to Thunderclap, another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port. == Impact == The security vulnerability affects millions of Apple, Linux and Windows computers, as well as all computers manufactured before 2019, and some after that. However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware. Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep, or at least in some sort of powered-on state, to be effective. Machines that force power-off when the case is open may assist in resisting this attack to the extent that the feature (switch) itself resists tampering. Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment. == Mitigation == The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether. However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided by many business machines. Intel claims enabling such features would substantially restrict the effectiveness of the attack. Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker. Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.