Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast
and reliable load balancing reverse proxy, when HTTP pipelining is used.
A client can take advantage of this flaw to cause data corruption and
retrieve uninitialized memory contents that exhibit data from a past
request or session.
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code or denial of service. This update also
addresses a vulnerability in DHE key processing commonly known as
the LogJam vulnerability.
Johan Olofsson discovered an authentication bypass vulnerability in
Stunnel, a program designed to work as an universal SSL tunnel for
network daemons. When Stunnel in server mode is used with the redirect
option and certificate-based authentication is enabled with verify = 2
or higher, then only the initial connection is redirected to the hosts
specified with redirect. This allows a remote attacker to bypass
Update: there's a denial, which in turn is also being questioned. Conclusion: nope, not happening.
Russian manufacturer Yota, well known for its Yotaphone dual screen phones, has announced that its next devices will no longer operate using Android but Sailfish, an alternative developed by former Nokia engineers at Jolla.
Interesting, if not a bit of an odd decision. One has to wonder what prompted this decision, because even though I like Sailfish for what it represents, it's far from a true alternative to Android or iOS. Maybe Yota knows something about Sailfish 2.0 we don't?
At the 1989 Consumer Electronics Show in Las Vegas, Nintendo of America's then-chairman Howard Lincoln took the stage to reveal some unexpected news: the company was partnering with European electronics firm Philips to make a CD-ROM-based games console. While the announcement took everyone in the audience by surprise, Sony engineer Ken Kutaragi was the most shocked of all. Just the night before, he and several Sony executives had been demonstrating a product developed in partnership with Nintendo. It was to be the world's first hybrid console, featuring an SNES cartridge slot and a CD drive, with both formats available to game developers. That product, called "Play Station" (with a space), would never see the light of day.
Industry lore suggests that only 200 of the Play Station consoles were ever produced, and hardly anyone has actually seen one of the fabled consoles in the flesh. However, pictures of the legendary original Play Station surfaced on reddit yesterday, showing the hybrid console in all its grey and yellowed-plastic glory.
Absolutely glorious. I could look at the pictures for hours.
Recently there has a been a lot of debate wether Safari is the new IE, or Apple simply is building a user-centric web, but I think that removes focus from the real problem.
The problem isn't Safari. It's a somewhat modern browser that in the eyes of some might lack some important features, but overall is still pretty good and modern.
The real problem is Apple's lack of browser-choice in iOS, and that's a problem for several reasons.
When Apple allows other browsers (not just wrappers!), email clients, mapping services, etc. to be set as default by iOS users, we're going to see a whole bunch of Google iPhones. I'm pretty sure Apple is not looking forward to that as of yet.
Maybe later, when Apple Maps stops being a joke, Mail.app doesn't choke when it's displaying more than 3 emails, and Safari stops sucking.
From The Verge:
We've expected for a month or so that BlackBerry is working on an Android phone with a "dual curved display" that slides up to reveal a physical keyboard underneath. It is supposedly based on a device that was originally announced at Mobile World Congress back in March, and back then the best image we had to go off of was a low-resolution snapshot of the device being held up on stage. Now, Evan Blass (aka @evleaks) has posted a high-resolution render of the device, codenamed Venice, to Twitter.
If this is for real, and BlackBerry doesn't mess it up by tying it to carriers and making it very hard for normal people to buy it, this is my next phone. Finally a modern phone with a keyboard.
Buying a phone in combination with a contract - the mislabeled "free phone" - just became a whole lot more complicated in my home country of The Netherlands. Today, our minister of finance, Jeroen Dijsselbloem (if you follow international news - yes, that one) today announced that he is not going to create an exemption in Dutch finance laws specifically for mobile carriers offering "free" phones on contract.
Last year, The Hoge Raad der Nederlanden (our supreme court) ruled that if carriers offer a loan of â¬250 or higher, they need to abide by the same rules as any other company, institution, or entity providing such loans - meaning, they will have to perform an income check, check if people have prior debts, and in general, if their financial situation is sound enough for them to be able to take on a loan for a smartphone. They will also need to be a lot more transparent and upfront about the fact they are offering a loan, including warnings, the terms, and so on.
This, of course, affects carriers a great deal; a lot of expensive, high-end phones, like iPhones or the latest Galaxy phones, are sold in combination with contracts, their true price hidden in monthly payments. Making it harder for consumers to take on these loans hurts their business model. As such, carriers had asked our minister of finance to create an exemption specifically for them - but he refused.
Carriers are, of course, not happy. T-Mobile, Vodafone, and KPN - our three major carriers - have already voiced their displeasure. They're complaining they will have to do considerable investments to change their sales model, and that it will become a lot harder for customers to buy high-end phones. To be fair to the carriers, all this does mean consumers will have to reveal a considerable amount of private information to carriers if they want to take out a loan to buy a phone.
That being said, there are alternatives: carriers could simply charge the price of the phone upfront. This, of course, is not something they want - they'd much rather be a little bit shady and fuzzy about the true price of smartphones. Samsung, Apple, and other smartphone makers surely won't be happy with this either, as they rely on these somewhat shady deals to peddle their wares. Half of Dutch consumers are already on SIM-only contracts, and this will only push more consumers to cheaper phones.
As a Dutchman, I find this great news. My financial means are such that I don't have to worry about this sort of thing, but there are enough people out there for whom this is not the case, and there are certainly quite a few people lured into these seemingly "cheap" phones, only to suffer for it down the line. While I'm sure people living in Libertarian la-la-land will scream bloody murder, the fact of the matter is that if left to their own devices, these companies will abuse people left and right.
Later this year, Ultima Online will turn 18 years old. In the genre of MMOs, that makes the game positively ancient - and it's even more remarkable when you consider that it's still funded via a subscription model.
I've never played an Ultima game, much less one that's nearly my age. I wanted to find out what the game is like to play today as a newcomer, and to ask people why theyâve continued visiting Britannia for nearly two decades.
I have little to no interest in MMOs, but seeing one of them run for this long is fascinating.
A recent draft of the Trans-Pacific Partnership free-trade deal would give U.S. pharmaceutical firms unprecedented protections against competition from cheaper generic drugs, possibly transcending the patent protections in U.S. law.
This article focuses on pharmaceuticals, but just imagine what similar restrictions would mean for technology. This is disastrous.
Set backstage at three iconic product launches and ending in 1998 with the unveiling of the iMac, Steve Jobs takes us behind the scenes of the digital revolution to paint an intimate portrait of the brilliant man at its epicenter.
Judging by this trailer, Apple and its bloggers are not going to like this film. It doesn't exactly paint Jobs in a pretty light.
You the indie developer could become the next Flexibits. Could. But almost certainly not. Okay - not.
Whatâs more likely is that you'll find yourself working on a Mobile Experience for a Big National Brand(tm) and doing the apps you want to write in your spare time.
If there's a way out of despair, it's in changing our expectations.
John Gruber, referencing Simmons' article:
There is so much that could and should and will be said about this. But the bottom line is that indie development for iOS and the App Store just hasn't worked out the way we thought it would. We thought - and hoped - it would be like the indie Mac app market, only bigger. But it's not like that at all.
I've been saying this for years. I'm glad the rest of the world is catching up.
Speaking of Apple:
Apple today released OS X Yosemite 10.10.4, an under-the-hood update that introduces several bug fixes and performance improvements. Most notably, 10.10.4 includes the removal of the problematic Discoveryd process, which has caused multiple networking issues for some users in OS X Yosemite.
I'm curious to see if this will solve the reconnect-on-wake issues my retina MacBook Pro has. In addition, Apple also released iOS 8.4, which includes a radio station, in case you're sick of listening to the music you want without some random dude blabbering through your songs.
In late March a handful of the western world's best-known iPhone hackers were flown business class to Beijing. They were put up in the five-star Park Hyatt and given a tour of the sites; the Great Wall, the Forbidden City. "They kept referring to us as 'great gods'. I'm guessing it just translates to 'famous person', but we couldnât contain our giggles every time the translators said it," says Joshua Hill, a 30-year-old from Atlanta who was one of the chosen few.
It was a bizarre trip hosted by an equally bizarre and secretive entity called TaiG (pronounced "tie-gee"), which flew the hackers to China to share techniques and tricks to slice through the defences of Apple's mobile operating system in front of an eager conference-hall crowd. Why such interest and why such aggrandisement of iOS researchers? In the last two years, jailbreaking an iPhone - the act of removing iOS' restrictions against installing unauthorized apps, app stores and other features by exploiting Apple security - has become serious business in China. From Alibaba to Baidu, China's biggest companies are supporting and even funding the practice, unfazed at the prospect of peeving Apple, which has sought to stamp out jailbreaking ever since it became a craze in the late 2000s.
I had no idea jailbreaking iOS was this popular in China.
At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings. Apple is the most valuable company in the world; they can afford to take a few punches.
The Apple Watch has been out for over two months now, and other modern smartwatches well before that. Itâs no longer the stuff of sci-fi to consider using your watch to play music, control your TV, or track your fitness. But these are all things that youâve been able to do for a surprisingly long time - well, if you maybe lived in Japan in the â90s and didnât mind carrying around a bunch of Casio watches, that is.
I already highlighted several of these Casio classics in my Moto 360 review, but The Verge does a nice job of listing them with beautiful photos.
On Monday, the Supreme Court opted not to review a 2014 ruling on copyright law that held Google's Android operating system infringed copyrights relating to Oracle's Java platform. This is a disaster for the software industry.
Here's the problem: the digital economy depends on gadgets and software being able to communicate seamlessly. Last year's decision by the Federal Circuit Court of Appeals opened the possibility that efforts to make software work together better could trigger copyright liability. The result could be more compatibility problems and less innovation.
The most disgusting and most despicable lawsuit in technology. Oracle is a horrible, horrible company.
Researchers have shown that machines are inching closer to self-learning, and perhaps even copping a little attitude.
Over at Google, a computer program using a database of movie scripts was asked again and again by researchers to define morality. It struggles to do so, and in a conversation recorded by its human engineers, becomes exasperated and ends the conversation by lashing out at its human inquisitor.
Eerie. The full paper is more interesting.
This week in DistroWatch Weekly: Review: Exploring Alpine Linux 3.2.0News: Fedora running on MIPS processors, FreeBSD 8.4's life extended, the OctoPkg package manager and Solus unveils daily buildsQuestions and answers: The source of Ubuntu's packagesTorrent corner: antiX, DragonFly BSD, Linux Mint, OpenMediaVault, VectorLinuxReleased last week: Linux Mint 17.2,....
The developers of Parsix GNU/Linux, a desktop oriented Debian-based distribution, have announced the availability of a new development release. The new release offers users an updated kernel, experimental UEFI support and the GNOME 3.16 desktop. "Parsix GNU/Linux 8.0 (code name Mumble) brings stable GNOME 3.16 desktop environment, a....
The 4MLinux project has announced a new release of the independent Linux distribution. The latest release, 4MLinux 13.0, ships with the GNU Compiler Collection 5 and offers miscellaneous desktop improvements. "The status of the 4MLinux 13.0 series has been changed to S. Major changes in the core of....