Bitbucket Deprecating TLSv1 and TLSv1.1 on 1 December 2018

As part to secure repositories, Bitbucket Cloud will be disabling support for TLSv1 and TLSv1.1 effective 1 December 2018.

This will affect all HTTPS traffic to Bitbucket, including:

• Git or Mercurial traffic to bitbucket.org
• The bitbucket.org Web interface
• API calls to api.bitbucket.org
• Hosted sites on bitbucket.io
• Any other HTTPS traffic not listed here

About 85% of HTTPS requests to Bitbucket use the newest version of TLS (v1.2). This includes all recent versions of bitbucket supported browsers, and most recent versions of Git and Mercurial clients. However, that other 15% includes a number of remote CI/CD systems (such as Bamboo or Jenkins), issue trackers (such as Jira Server instances), wikis (such as Confluence Server instances), and older versions of Git/Hg clients; all of those use older versions of Java, OpenSSL, or Python’s ssl module when negotiating the secured connection to Bitbucket, and all of those will be unable to connect to Bitbucket at all once old versions of TLS disable.

Payment processing pages have already moved from TLSv1, to comply with PCI requirements.

How can we know  if we will be affected by this change?

Bitbucket team will be contacting some teams and users directly, based on what they find in their logs. If you’d like to be proactive, though, then be sure to check all of the things that you use to connect to Bitbucket, including (but not limited to) your browser, your Git or Mercurial client, your CI/CD system, any API clients, and anything else you may have linked to Bitbucket.

• SSH connections to Bitbucket are unaffected.

• Browser connections to Bitbucket are probably unaffected, unless you use a very old browser. Wikipedia has a chart detailing TLS support in Web browsers; you should be able to check your browser’s version there. Some browsers also make connection details visible in the developer tools, or by clicking the padlock icon in the address bar.

• Bamboo, Jenkins, Jira Server, Confluence Server, or any other Java-based systems that connect to Bitbucket may be affected; you will need to check the underlying version of Java. JDK 8 is unaffected; JDK 7 versions 1.7.0_131-b31 and later are unaffected; JDK 7 versions earlier than 1.7.0_131-b31 are affected; and JDK 6 and older are all affected. (Jira Cloud and Confluence Cloud are unaffected.)

• Graphical Git or Mercurial clients, such as Sourcetree, may be affected; please check with vendor. (If you use Sourcetree for Windows 2.5.5 or later, or Sourcetree for Mac 2.7.2 or later, then the embedded Git and Mercurial clients are unaffected. If you use a system Git or Mercurial client with Sourcetree, then you might be affected; please make sure you’re on the latest client version available for platform.)

• The Git command line on UNIX-based systems (including macOS, Linux, and all BSDs) may be affected. You should be able to test your connection from the command line: GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/ This will connect to Bitbucket using the Git client and list the connection parameters. If you see a line like “SSL connection using TLSv1.2” in the output, then you are unaffected; if that line mentions a different version of TLS, then you are affected.

• The Mercurial command line on UNIX-based systems may be affected; please check  version of Python (with “python -V”). Versions 2.7.9 and later are unaffected, and most versions earlier than 2.7.9 are affected. Affected systems may also see some text in the command-line output – “warning: connecting to bitbucket.org using legacy security technology (TLS 1.0)” – though this will only show for newer versions of Mercurial. 

• Finally, if you have an API client that queries Bitbucket, then please check the libraries your client uses to connect to api.bitbucket.org.

FlexPai:The world's first foldable phone is finally launch

A small company in California has beaten Samsung and Lenovo to launch the world’s first foldable smartphone, FlexPai. Here’s what the world’s foldable phone has to offer.

The world’s first flexible phone is here. Called FlexPai, the new smartphone has been launched by a small California-based company Royole Corporation. FlexPai foldable phone will be available in China at a starting price of 8,999 Yuan (Rs 95,000 approximately).

FlexPai, when opened up, has a large 7.8-inch display, making it bigger than the likes of Samsung Galaxy Note 9 and Apple iPhone XS Max. After folding it from the centre, the device offers three small screens. The hinge also doubles up as a screen.

“FlexPai’s screen is virtually unbreakable and extremely durable passing tests where the screen has been bent over 200,000 times. Its screen provides fantastic color range, high contrast, wide angle, and high-resolution for outstanding picture quality,” claims the company on its website.

FlexPai has a 7.8-inch AMOLED display with 1920 x 1440 (expanded mode) resolution and 308ppi pixel density. The display supports 4:3, 16:9 and 18:9 aspect ratios. The edge screen shows you alerts and notifications. In terms of dimensions, FlexPai measures 134x 190.35 x 7.6mm and weighs around 326 grams.

The smartphone is powered by “Qualcomm next-gen Snapdragon 8 series SoC” with 8GB of RAM and Adreno 630.It comes with 256GB of built-in storage and supports expandable storage up to 256GB via microSD card.

The smartphone sports 16-megapixel and 20-megapixel cameras with f/1.8 aperture, optical image stablisation and flash. Other key features of the phone include USB Type-C, Bluetooth 5.1 and 3,800mAh battery (with fast charge support). On the software front, it runs on a customised WaterOS 1.0 which is based on Google’s Android 9.0 Pie OS.

Royole Corporation has beaten the likes of Samsung and Lenovo in launching the world’s first commercial flexible smartphone. Samsung has been rumoured for years to be working on a foldable Galaxy X aka Galaxy F smartphone. According to a recent report, Samsung will launch its flexible phone, codenamed “Winner”, as early as next year. The company is said to be contemplating between two variants – one opens horizontally and the other one vertically.

Lenovo is also said to be in race for launching a commercial flexible phone. Last month, a prototype of Lenovo’s flexible phone surfaced online. The company has though already demonstrated flexible displays at several tech shows.

LG hasn’t shown intentions to launch a flexible phone but at this year’s Consumer Electronics Show in Las Vegas the company showcased 65-inch display that could be rolled like a paper.