It was discovered that NSPR, Netscape Portable Runtime library, could
crash an application using the library when parsing a certificate that
causes an integer overflow. This flaw only affects 64-bit systems.
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream
version, 5.5.33, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes for further details:
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following issues:
A denial of service vulnerability was reported in varnish, a state of
the art, high-performance web accelerator. With some configurations of
varnish a remote attacker could mount a denial of service (child-process
crash and temporary caching outage) via a GET request with trailing
whitespace characters and no URI.
Charlie Somerville discovered that Ruby incorrectly handled floating
point number conversion. If an application using Ruby accepted untrusted
input strings and converted them to floating point numbers, an attacker
able to provide such input could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the application.
Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000
image library, that may lead to denial of service (CVE-2013-1447) via
application crash or high memory consumption, possible code execution
through heap buffer overflows (CVE-2013-6045), information disclosure
(CVE-2013-6052), or yet another heap buffer overflow that only appears
to affect OpenJPEG 1.3 (CVE-2013-6054).
It was discovered that nbd-server, the server for the Network Block
Device protocol, did incorrect parsing of the access control lists,
allowing access to any hosts with an IP address sharing a prefix with
an allowed address.
Multiple vulnerabilities have been discovered in Drupal, a fully-featured
content management framework: Cross-site request forgery, insecure
pseudo random number generation, code execution, incorrect security token
validation and cross-site scripting.
Andrew Tinits reported a potentially exploitable buffer overflow in the
Mozilla Network Security Service library (nss). With a specially crafted
request a remote attacker could cause a denial of service or possibly
execute arbitrary code.
Jonathan Dolle reported a design error in HTTP::Body, a Perl module for
processing data from HTTP POST requests. The HTTP body multipart parser
creates temporary files which preserve the suffix of the uploaded file.
An attacker able to upload files to a service that uses
HTTP::Body::Multipart could potentially execute commands on the server
if these temporary filenames are used in subsequent commands without
In light of the recent The Atlantic article, Arnoud Wokke, editor at the popular Dutch technology site Tweakers.net, pointed me to an interesting OSNews comment by Dianne Hackborn, former Be engineer (that's still major street cred right here), former Palm engineer, and Android engineer at Google since early 2006. Her recollection of the story regarding the cancellation of the BlackBerry-esque 'Sooner' prototype and the touchscreen 'Dream' prototype is entirely different from what Vogelstein states in his article.
From a software perspective, Sooner and Dream were basically the same -- different form-factors, one without a touch screen -- but they were not so different as this article indicates and the switch between them was not such a huge upheaval.
The main reason for the differences in schedule was hardware: Sooner was a variation of an existing device that HTC was shipping, while Dream was a completely new device with a lot of things that had never been shipped before, at least by HTC (new Qualcomm chipset, sensors, touch screen, the hinge design, etc). So Sooner was the safe/fast device, and Dream was the risky/long-term device.
However the other factor in this was the software. Work on the Android we know today (which is what is running in that Sooner) basically started around late 2005 / early 2006. I got to Google at the beginning of 2006, and it was around that time we started work on everything from the resource system through the view hierarchy, to the window manager and activity manager that you know today. Some work on stuff we have today (like SurfaceFlinger) was started a bit earlier, but also after Google acquired Android.
Even if there was no iPhone, there is a good chance that Sooner would have been dropped, since while it was a good idea to get Android out quickly from a hardware perspective, the software schedule was much longer. I don't recall the exact dates, but I believe the decision to drop Sooner was well before the iPhone announcement... though we continued to use it for quite a while internally for development, since it was the only semi-stable hardware platform we had. If nothing else, it helped remove significant risk from the schedule since software development could be done on a relatively stable device while the systems team brought up the new hardware in parallel.
This is very different from the somewhat internally inconsistent story Vogelstein tells. I'm very curious to find out where, exactly, the truth lies.
That's because Google right now is building Dart technology directly into Chrome.
Does anyone here use Dart?
Fred Vogelstein, writing for The Atlantic, on what happened with the Android team after the iPhone was unveiled:
Within weeks the Android team had completely reconfigured its objectives. A phone with a touchscreen, code-named Dream, that had been in the early stages of development, became the focus. Its launch was pushed out a year until fall 2008. Engineers started drilling into it all the things the iPhone didn't do to differentiate their phone when launch day did occur.
Me, a few years ago:
Now, does this mean that the iPhone had zero influence on Android's early development? Of course not. Like the iPhone itself was standing on the shoulders of giants (iPhone to PalmOS: hi daddy!), Android stood on the shoulders of giants as well. However, unlike what has already become an accepted truth for some, the infamous photograph of a prototype Android device was not the prototype Android device. In fact, Google was working on touch screen devices alongside that infamous BlackBerry-like device, and the evidence for that is out there, for everyone to see.
Vogelstein's entire article - which is actually adapted from a chapter of a book - is a bit contradictory in nature. It claims, several times, that the Android team had to start over after the release of the iPhone, but at the same time, it states that a full touch phone was already in development.
So, just to reiterate: touchscreen devices had always been part of Android, even during its initial stages at Google. Several different form factors were in development, but after the release of the iPhone, it made little sense to continue to focus on the BlackBerry-like device. Some make it seem as if Vogelstein's article is some sort of massive eye-opener completely rebutting this point, but it seems they may have missed its second-to-last paragraph.
Yann Le Doaré has announced the release of LinuxConsole 2.0, a major new version of the project's Linux distribution designed primarily for game consoles: "LinuxConsole 2.0 is ready. Features: fast boot; should run on old and new video cards (Intel, NVIDIA, ATI); live CD and live USB; can....
Peter Baldwin has announced the release of ClearOS 6.5.0 "Community" edition, a CentOS-based distribution for cloud-connected servers and gateways designed for homes, hobbyists and small organisations: "ClearOS Community 6.5.0 is now available. Along with the usual round of bug fixes and enhancements, the 6.5.0 release introduces QoS, marketplace....
Fabio Erculiani has announced the release of Sabayon Linux 14.01, a Gentoo-based distribution with a choice several popular desktop environments: "Sabayon 14.01 is a modern and easy-to-use Linux distribution based on Gentoo, following an extreme, yet reliable, rolling-release model. This is a monthly release generated, tested and published....