Matthew Daley discovered that squid, a web proxy cache, does not
properly perform input validation when parsing requests. A remote
attacker could use this flaw to mount a denial of service attack, by
sending specially crafted Range requests.
An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
James Clawson discovered that websvn, a web viewer for Subversion
repositories, would follow symlinks in a repository when presenting a
file for download. An attacker with repository write access could
thereby access any file on disk readable by the user the webserver
CyanogenMod CEO McMaster said some interesting things recently.
To remove all doubts right from the get go, here's how McMaster introduced himself: "I'm the CEO of Cyanogen. We're attempting to take Android away from Google." Asked to detail his vision, McMaster explained that Cyanogen wants to provide a version of Android that is open down to its core, that partners can use to build highly integrated services, in a way that is not possible right now with Googleâs Android.
Well, either McMaster has no idea what he's talking about, or he's purposefully being disingenuous. It's most likely the latter, since he's got something to sell.
Of course, all the things McMaster claims his company will make possible with Android are already possible today, have been possible for years, and are actually actively being done all over the world. There are dozens of millions - possibly hundreds of millions - of users using Google-less Android all over the world; in China, Russia, the US, and beyond. Android's openness makes it possible to replace all of Google's applications and services with those from another company, vendor, or provider. Even you can do it! Just download Yandex.Kit, for instance.
The confusion seems to stem from people conflating Google Apps/Play Services with Android. This is an easy mistake to make for those not familiar with Android. Android itself (AOSP) is completely open source, and freely available to everyone to use as a base for a competing platform. Countless of Chinese companies, Russia's Yandex, Nokia, Amazon, and others have attracted millions and millions of users this way.
In contrast, Google has a lot of control over Google Apps/Play Services and keeps them (mostly) proprietary. However, despite a lot of rattling of chains from Apple bloggers and Ars Technica, Google Apps and Play Services are by no means a crucial, unmissable part of Android, and they, by no means, make Android "unforkable". In fact, if you look at the APIs currently part os Play Services, they are all strictly related to Google Services (as the name implies), and not Android itself (e.g. they don't deal with things like hardware access).
On top of that, despite Google Apps/Play Services being proprietary, they are "freely" available; Google basically employs a gedoogbeleid concerning their availability, and allows users of custom ROMs and non-Google Android to download them. My Jolla phone, which doesn't even run Android in the first place, has Google Apps/Play Services installed.
I am not happy with the fact that the Google Apps are proprietary, mostly because I see no need for them to be as such. Google could win a lot of goodwill by opening them up again, but Google being a company, it's unlikely they will ever do so. Play Services are a bit of a different story; while I would certainly love for them to be open as well, I understand (though not necessarily agree) Google wants to maintain control over the access to their very servers.
The article makes another common mistake: it claims that Android manufacturers are not allowed to release Android forks. This is based on leaked 2011 licensing terms covering the Google Apps/Play Services. However, despite these leaked terms, there are several manufacturers who release Android devices both with and without Google services; Huawei and Explay are good examples of that (they both sell regular Android phones with Google services, but also devices in Russia that use Yandex.Kit). This means that either the licensing terms from 2011 are outdated, or (more likely) they are custom, and do not apply to every manufacturer. In any case, the blanket statement that all manufacturers must choose between nothing but Android with Google services, or no Android services at all is clearly not true.
In any case, I'm sure McMaster knows all this just fine - you can't be the CEO of CyanogenMod without said understanding - which makes these comments all the more paper-thin. Then again, after the scummy way CyanogenMod treated OnePlus, I'm not exactly surprised.
Consider the humble video game cartridge. It's a small, durable plastic box that imparts the most immediate, user-friendly software experience ever created. Just plug it in, and you're playing a game in seconds.
If youâve ever used one, you have two men to thank: Wallace Kirschner and Lawrence Haskel, who invented the game cartridge 40 years ago while working at an obscure company and rebounding from a business failure. Once the pair's programmable system had been streamlined and turned into a commercial product - the Channel F console - by a team at pioneering electronics company Fairchild, it changed the fundamental business model of home video games forever. By injecting flexibility into a new technology, it paved the way for massive industry growth and the birth of a new creative medium.
Ah, gaming with effectively no loading times. Those were the days.
Just to provide an example for this post, I put together a trivial drawing app called BitPaint. It isn't very interesting, but it should illustrate a few things:
What's involved in bringing a trivial classic Mac app to Carbon
How the Classic Mac OS build process works
How much source compatibility exists between 1984's Toolbox and Carbon today
The answer to the third question is surprising: a lot. In fact, Steven managed to build an application that runs on every version of Mac OS/OS X, all the way from System 1.0 to today's OS X 10.10 Yosemite. I've been following Steven's progress (and by following I mean 'looked at pretty screenshots' because I don't understand the developer stuff), and it's quite incredible to see a single codebase run on such a long string of Mac OS/OS X releases.
A crucial aspect in this whole endeavour has been mpw, "an m68k binary translator/emulator whose sole purpose is to try and emulate enough of Classic Mac OS to run MPW's [note the caps!] own tools directly on OS X".
I am incredibly psyched about mpw. Its developer, ksherlock, has been very responsive to everything I've come up against as I stress test it against various tools and projects.
Right now it's a fully usable tool that makes Classic Mac OS compilation possible and easy to do on modern versions of OS X, without requiring emulators or ancient IDEs or the like. To my knowledge, this is the first time this has been possible (excluding legacy versions of CodeWarrior).
This entire post is a must-read.
Ikey Doherty has announced the availability of the first beta release of Evolve OS, a desktop Linux distribution built from scratch, with a home-made desktop called "Budgie" and a custom package manager forked from Pardus Linux: "The Evolve OS team is proud to announce the release of Evolve....
This week in DistroWatch Weekly: Reviews: First thoughts on KaOS 2014.12 News: Getting involved with Ubuntu, Snappy Ubuntu Core for embedded devices, Debian releases new installer for "Jessie", using DragonFly BSD's Slider, Fedora fixes PackageKit, features coming to Fedora 22, and FreeBSD's quarterly status report Questions and....
Zbigniew Konojacki has announced the release of 4MLinux 11.0, an updated version of the project's lightweight desktop Linux distribution built from scratch and featuring a customised JWM window manager: "The status of the 4MLinux 11.0 series has been changed to stable. Major changes in the core of the....