Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution of
arbitrary code, breakouts of the Java sandbox, information disclosure or
denial of service.
From an article I stumbled upon today, detailing the file manager that shipped on virtually every Symbian device in history.
The Files UI should be familiar to anyone that has used a file manager or folder system/explorer on a computer and it behaves the same as well. Pictured to the left is the standard view when you open Files. It shows several "drives", C:, E: and F: with F: being your memory card if your Symbian device has a memory card (SD, Mini/Micro SD) slot. Pictured to the right, you can see additional drives that are shown when you connect external devices via USB On-The-Go (if your device has USB-OTG) such as flash drives, hard drives or other phones. G: and H: represent the Mass Memory and Memory card on my Nokia N8 that is connected to my 808 PureView via USB OTG... that's a LOT of GBs to manage!
Back when I used Symbian as my main smartphone operating system (I had an E72), I always found it funny that Symbian used drive letters, while the mobile operating system I used for years and years (Windows Mobile/PocketPC) did not - or at least, not in a user-visible manner. At the time, I assumed that Symbian used drive letters in a virtual way to placate Windows users who were used to them.
In recent years, however, I've found out that Symbian's use of drive letters actually goes back much farther than that. Psion's EPOC (Symbian's 16bit predecessor; Symbian was created by Psion) also used drive letters - open up a Series 3 (I have a 3a) and you'll see that the two disk slots are designated A and B. Going even further back in time, even my Psion Organiser II (1986) used A: and B: for its two disk slots. I don't have a device to check, but I would assume that the Organiser I also used drive letters.
Interesting how a concept dating back to CP/CMS made it all the way to the most modern Symbian phones.
survey from market research firm VisionMobile, there are 2.9 million app developers in the world who have built about two million apps. Most of those app developers are making next to nothing in revenue while the very top of the market make nearly all the profits. Essentially, the app economy has become a mirror of Wall Street.
The application store model was a good thing for a while, especially early on. Now, though, it's becoming an impediment. Supply has increased so much that it's impossible to stand out, especially now that a relatively small number of big players are utterly dominating the listings, drowning out everyone else.
If nobody does anything, this will only get worse.
I'm lucky. My financial situation allows me to buy several phones and tablets every year to keep up with the goings-on of all the major - and some of the minor - platforms currently competing for prime real estate in your precious pockets. It also means that I am lucky from a psychological point of view - by being able to buy several devices every year, I never fall into the all-too-common trap of choice-supportive bias. I don't have to rationalise my device purchases after the fact, so I won't have to employ all sorts of mental gymnastics to solve any states of cognitive dissonance caused by hardware and software flaws - the number one cause of irrational fanboyism.
And so, I try to rotate my phone of choice around as much as possible. I enjoy jumping from Android to my N9, then onwards to Sailfish, back to Android, and then have some fun with Symbian on my E7 - and beyond. I've got a long list of platforms I want to add to the collection - one white BlackBerry Passport please - but in general, I'm pretty well-rounded.
Read more on this exclusive OSNews article...
A while ago, we've announced our plans to add Linux support as one of the features of our digital platform, with 100 games on the launch day sometime this fall. We've put much time and effort into this project and now we've found ourselves with over 50 titles, classic and new, prepared for distribution, site infrastructure ready, support team trained and standing by, and absolutely no reason to wait until October or November. We're still aiming to have at least 100 Linux games in the coming months, but we've decided not to delay the launch just for the sake of having a nice-looking number to show off to the press. It's not about them, after all, it's about you. So, one of the most popular site feature requests on our community wishlist is granted today: Linux support has officially arrived on GOG.com!
Good on 'm.
Microsoft CEO Satya Nadella has confirmed that his company will amalgamate all major versions of Windows into one operating system. Speaking on the company's quarterly earnings call today, Nadella told analysts Microsoft will "streamline the next version of Windows from three operating systems into one single converged operating system." Describing the implications of the change, Nadella said "this means one operating system that covers all screen sizes."
Not exactly news, but it's good to have it explicitly out in the open like this. And if they're going to want to keep focusing on consumers, they're going to need some pretty big changes. They sold fewer than half a million Surface devices in the last quarter, and only 5.8 million Lumia devices. That last figure is misleading, though, as it only covers two months due to the Nokia deal. Even adding another month, it's safe to say it's well below 10 million.
This actually raises an interesting question: has Microsoft actually ever made any profit off Windows Phone? Especially taking into account the huge amount of money they had to pour into Nokia's devices division every quarter just to keep it alive? And now they also need to earn the costs of the acquisition back.
At some point, someone is going to have to make the tough calls here. What is the future of Windows Phone - and how long will that future be? How long will Microsoft be able to pour resources into the bottomless money pit that is Windows Phone?
Yesterday, former Google-executive Hugo Barra, now Xiaomi's global vice president, had a talk with The Verge.
Barra is only a year into his job as leader of Mi's internationalization efforts, but he's already "sick and tired" of hearing his company derided as an Apple copycat. He sees Mi as "an incredibly innovative company" that never stops trying to improve and refine its designs, and the allegations of it copying Apple are "sweeping sensationalist statements because they have nothing better to talk about."
This morning, John Gruber:
Scroll down on the Mi 3 "features" page and you'll see this image, named "detail-camera.jpg". Take a good look at the camera in that image, then look at the app icon for the current version of Aperture. It's a simple copy-paste-skew job of the lens, and not a very good one. Two panels down on the page, they use it again, horizontally flipped. (Shockingly, they cropped out the "Designed by Apple in California".)
Update: Zdziarski put up a more detailed response.
Apple responded to the backdoor story.
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
Zdziarski, the author of the article that started this all, is not impressed.
I donât buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?
Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.
No Man's Sky is a video game quite unlike any other. Developed for Sony's PlayStation 4 by an improbably small team (the original four-person crew has grown only to 10 in recent months) at Hello Games, an independent studio in the south of England, it's a game that presents a traversable universe in which every rock, flower, tree, creature, and planet has been "procedurally generated" to create a vast and diverse play area.
"We are attempting to do things that haven't been done before," says Murray. "No game has made it possible to fly down to a planet, and for it to be planet-sized, and feature life, ecology, lakes, caves, waterfalls, and canyons, then seamlessly fly up through the stratosphere and take to space again. It's a tremendous challenge."
Minecraft comes to mind - obviously - but No Man's sky goes much, much further. You're looking at a procedurally generated universe with millions of individual, unique planets and individual, unique ecosystems, each evolving over time.
A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.
First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it.
Advertising companies will become increasingly... 'Creative' to find some way of tracking us that circumvents known laws and technological barriers. However, I doubt you have to worry about the small fish - worry about what the biggest internet advertising company in the world has cooking in its labs.
Modern Combat 5 has been cracked and uploaded to multiple torrenting websites over the weekend. MC5 is a first person shooter for iOS, Android and Windows 8. The developer and publisher, Gameloft, ran a contest recently and invited players into the game early. One of those winners apparently cracked the game and began distributing it online.
Modern Combat's dev team is not pleased with the situation.
Horrible. You win a contest for early access, and then you turn around and stab them in the back like this. You must be a pretty terrible human being to do something like this.
Continuity isn't a monolithic feature of the new operating systems so much as it is a range of features, each with its own hardware requirements and mode of operation. As we already did for iOS 8's Extensions, in this article we'll be using Apple's developer documentation, WWDC videos, and early reports from forums and rumor sites to explain the technology behind these features. We'll speak in brief about how phone integration and AirDrop work. Then, we'll examine how Handoff works and how developers can integrate Handoff support into their own iOS and OS X applications.
Ars takes a look at Apple's Continuity.
Jonathan Zdziarski's paper about backdoors, attack points and surveillance mechanisms built into iOS is quite, quite interesting.
recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the National Security Agency (NSA), of whom some subjects appear to be American citizens. This paper identifies the most probable techniques that were used, based on the descriptions provided by the media, and todayâs possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, I will identify several services and mechanisms that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may in fact be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques.
This paper is actually half a year old - give or take - but it's gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article.
For instance, despite Apple's claims of not being able to read your encrypted iMessages, there's this:
In October 2013, Quarkslab exposed design flaws in Apple's iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion.
There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they're not debugging tools or anything), and are available on every single iOS device.
One example of these services is a packet sniffer, com.apple.pcapd, which "dumps network traffic and HTTP request/response data traveling into and out of the device" and "can be targeted via WiFi for remote monitoring". It runs on every iOS device. Then there's com.apple.mobile.file_relay, which "completely bypasses Appleâs backup encryption for end-user security", "has evolved considerably, even in iOS 7, to expose much personal data", and is "very intentionally placed and intended to dump data from the device by request".
This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to "a complete metadata disk sparseimage of the iOS file system, sans actual content", meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep.
Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There's a massive contradiction between Apple's marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other - down to outright lies about Apple not being able to read your iMessages.
Those of us who aren't corporate cheerleaders are not surprised by this in the slightest - Apple, Microsoft, Google, they're all the same - but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn't get much clearer than this: Apple does not care about your privacy any more or less than its competitors.
Ars Technica reports about Project Athena:
Google-watchers may have already head about "Project Athena," a Chrome OS-related experiment of Google's that has appeared in the Chromium source code a few times in the past. Today we got our first official look at the new interface via Francois Beaufort, a Chrome enthusiast who was hired by Google last year after leaking several high-profile Chrome features.
It looks a heck of a lot like Material Design and Android L UI behaviour coming to Chrome OS. Fascinating to see where this is going, but one thing appears to be clear: in the tug of war between Chrome OS and Android, the latter has won.
Lenovo has stopped selling Windows tablets with screen sizes under 10 inches in the U.S. due to lack of interest.
Lenovo has stopped selling two small-screen Windows tablets with 8-inch screens: the ThinkPad 8, which was announced in January and a model of Miix 2, which started shipping in October last year.
This is not a quip, but an honest question: is the size qualifier here really necessary? I.e., do Windows tablets sell in any meaningful number at all, regardless of size? Windows laptops and desktops surely still sell well, but Windows tablets?
Like smartphones, I'm pretty sure this market is dominated by iOS and Android, and Lenovo throwing the towel in the ring here doesn't bode well for any possible third ecosystems - and that sucks.
This is a guide to help you understand how you can port Sailfish OS to devices running the CyanogenMod flavour of Android.
By following this guide you can set up a Mer-core based Linux system that will run on an Android
device, on top of the existing Android Hardware Adaptation kernel and drivers.
This is the official guide detailing how to port Sailfish OS to run on any Android device supported by CyanogenMod 10.x.
Alex Polvi has announced the release of CoreOS 367.1.0, the first stable release of the specialist Linux distribution for servers and clusters: "First off, happy sysadmin day. We think we have a pretty good sysadmin surprise in store for you today as we are announcing the CoreOS stable....
Adam Conrad has announced the release of Ubuntu 14.04.1, the first maintenance update of the popular distribution's current stable release: "The Ubuntu team is pleased to announce the release of Ubuntu 14.04.1 LTS (long-term support) for its Desktop, Server, Cloud, and Core products, as well as other flavours....
Samuel Baggen has announced the release of Elive 2.3.4, the latest beta release from the project that builds a Debian-based distribution with a customised Enlightenment desktop: "The Elive team is proud to announce the release of the beta version 2.3.4. This new version includes: a send-to-Dropbox option has....