Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was
possible to reuse cached SSL sessions in unrelated contexts, allowing
virtual host confusion attacks in some configurations by an attacker in
a privileged network position.
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and use-after-frees may lead to the execution of arbitrary code
or denial of service.
Oh, right, there's an entirely new version of Android right around the corner. It could be days away, it could be weeks away. We're not totally sure what Google has planned for what is easily the most ambitious and promising update to the platform since Android 2.1. It's easy to forget that there's a whole new world right around the corner, because Android is in this seemingly constant state of change now. We have core apps updating on a regular and consistent bases, manufacturers pushing their apps to the Play Store in order to update them in a timely manner, and the beating heart of the platform is on a six week release cycle. Of all the incredible things that we saw and heard about at Google I/O this year, Sundar Pichai's announcement that Google Play Services would be updating and improving every six weeks is one of those things that didn't get nearly as much attention as it probably should have.
It really is quite remarkable. In some ways, Android is starting to faintly look like a rolling release, with more and more core smartphone applications, as well as several core smartphone APIs, updated continuously through Google Play. The pace is quick, and I like it.
Still, the Android update situation has not been resolved. There's a lot more work to do.
With all the hype and interest in wearables these past few months, you'd think more companies would be looking to compete with Google's Glass headset, but up until now that hasn't really been the case. Sony teased an alternative to Google's gear in the form of a SmartEyeglass prototype first shown off at CES 2014, which aims to be as versatile as Glass while bettering it in some respects as well. The rather awkward-looking SmartEyeglass is peppered with sensors - there's an accelerometer, gyroscope, electronic compass, ambient light sensor, and a 3-megapixel camera - and comes with a wire connecting it to an external battery pack equipped with an extra touch sensor and microphone.
If Apple's iPhone Mini won't make you look enough like a dork, there's always this thing.
Two good pieces of news today. Both Apple and Google have announced that the most recent versions of their mobile operating systems will encrypt user data by default. Google:
The next generation of Google's Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.
Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones.
Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company - or anyone but the device's owner - from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.
The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings.
Larry Ellison has agreed to step down as the chief executive officer at Oracle, ending one of the most entertaining and profitable runs for a leader in business history.
Oracle announced Ellison's departure via a press release delivered on Thursday afternoon after the close of U.S. financial markets. The company said that Ellison will remain chairman of Oracle's board and take on the role of chief technology officer. Mark Hurd and Safra Catz, both presidents at Oracle, will each inherit the CEO title. Catz will remain as chief financial officer as well.
The "master"mind behind the onerous and despicable Java/Android/API patent troll lawsuit versus Google, in which Oracle is trying to actively, willingly, and knowingly cause great harm to developers all over the world. Coincidentally, he is a close, personal friend of Steve Jobs.
Google is set to institute a new policy in the Play Store, and it has some developers up in arms. A message in the developer console (seen below) has appeared asking developers to add a physical address to their account profile. For those offering paid apps and in-app purchases, this is mandatory as of September 30th. Failing to do so could result in Mountain View pulling the apps.
The notice points out that this address will be visible on the app details page for all users of the Play Store.
Publishing the addresses of every Android developer with paid applications or in-application purchases, online, for all to see? Is there anyone who thinks this is anything other than a terrible, terrible idea?
In-depth iOS 8 review at Ars.
With this release, Apple is trying to make additions that developers and power users want without upsetting people who come to iOS specifically because of its consistency and simplicity. It's telling that just about every major iOS 8 feature can be disabled or ignored, and that big transformative features like third-party extensions are hidden from view by default. A surface-level glance at iOS 8 suggests an operating system that isn't all that different from iOS 7. Look just a little deeper, though, and you'll see just how different it is.
As someone who finds Android the least crappy mobile operating system (by a very, very narrow margin), I see little in iOS 8 (or the new iPhones, for that matter) to convince me otherwise. The additions are very welcome for iOS users, but it's nothing we haven't seen before; nothing that makes me go - yes, this gives iOS the edge it needs (for me). Not that it matters - iOS, the iPhone, and Apple are doing just fine without massive hordes of Android users making the jump.
If feels like to me the new iPhones and iOS 8 are here to consolidate their existing market - not to expand it at the cost of the competition.
Apple has released iOS 8, the latest version of its mobile operating system, for iPhone, iPad, and iPod touch. Users can download the new software by navigating to the "general" tab in their device's settings menu and selecting "software update." If you don't want to download the update wirelessly - perhaps you're on a restrictive data plan and have limited Wi-Fi access - you can also connect your phone to the latest version of iTunes to download the update. The iOS 8 update pack weighs in at 1.4GB and requires a staggering 5.7GB of free space to install on an iPhone (6.9GB on an iPad), so you may need to delete something like half a dozen games to free up some room before you get started.
Lots of improvements over iOS 7, so definitely worth it. Do pay mind to the hefty space requirements, though.
MINIX is a modern, microkernel-based UNIX implementation. The code size of the microkernel is just 129 kB. Servers implement UNIX on top of it. The userland, toolchain, packages etc. are from NetBSD. Release 3.3.0 was just announced:
The first release with ARM support, three Beagle targets are supported
Experimental USB support for the Beaglebones (hubs & mass storage)
Cross-compiling for both ARM and x86 - the buildsystem is very portable
Big source code cleanup - cleaner C types in messages, improved NetBSD compatibility, all minix-specific code moved to a top-level minix/ folder
Updated packages overall - a big set is built now; and they are dynamically linked now
Improved driver modularity
Apple has released a tool to remove U2's new album from its customers' iTunes accounts six days after giving away the music for free.
Some users had complained about the fact that Songs of Innocence had automatically been downloaded to their devices without their permission.
It had not been immediately obvious to many of the account holders how to delete the tracks.
The US tech firm now offers a one-click removal button.
Great headline. Great story. Great everything. This is just great.
Update: In Notch' own words (Pastebin version because his site is being hammered):
I'm aware this goes against a lot of what I've said in public. I have no good response to that. I'm also aware a lot of you were using me as a symbol of some perceived struggle. Iâm not. Iâm a person, and I'm right there struggling with you.
I love you. All of you. Thank you for turning Minecraft into what it has become, but there are too many of you, and I can't be responsible for something this big. In one sense, it belongs to Microsoft now. In a much bigger sense, it's belonged to all of you for a long time, and that will never change.
Itâs not about the money. It's about my sanity.
His honesty and openness is very welcome.
I bought Minecraft way back in the alpha days (September 29, 2010, to be exact), and I haven't ever regretted it one bit. Thank you for Minecraft, Markus.
It's official. Microsoft has acquired Mojang, and thus, Minecraft.
From Mojang's announcement:
Minecraft has grown from a simple game to a project of monumental significance. Though we're massively proud of what Minecraft has become, it was never Notchâs intention for it to get this big.
As you might already know, Notch is the creator of Minecraft and the majority shareholder at Mojang. He's decided that he doesn't want the responsibility of owning a company of such global significance. Over the past few years he's made attempts to work on smaller projects, but the pressure of owning Minecraft became too much for him to handle. The only option was to sell Mojang. He'll continue to do cool stuff though. Don't worry about that.
While I'm not particularly happy about Minecraft going to Microsoft - of all places - I fully understand Notch' reasoning. Even my own little one-man translation company is a huge amount of effort to run, both in actual working hours (translating) and all the stuff that comes with owning a company (the administrative and office crap nobody likes to do). I can only imagine that is must be a thousand times more difficult to run a company as successful as Mojang, and I can understand him wanting to get rid of it, get a huge pile of money, and use it do new stuff, free from pressure.
So, thank you for Minecraft, Notch, and you and your colleagues deserve this massive break. Congratulations!
So, what about Minecraft's future? From Microsoft's announcement:
Minecraft fans are loyal, with nearly 90 percent of paid customers on the PC having signed in within the past 12 months.
That sentence, Microsoft.
That sentence tells me all I need to know. If you've paid any attention to the negative developments in gaming over the recent years, that sentence should send chills down your spine.
Microsoft may have demonstrated its new Start menu earlier this year, but thanks to a recent "Windows 9" leak we're now seeing every single part of the companyâs plans for bringing back this popular feature. German site WinFuture has posted a two-minute video that demonstrates how the Start menu works in the next major release of Windows. As you'd expect, it's very similar to what Microsoft demonstrated with traditional apps mixing with modern apps (and their Live Tiles) into a familiar Start menu.
It boggles my mind why Microsoft doesn't just remove Metro from the desktop altogether. Is there anyone who wants to run those comically large touch-optimised applications in windows on their desktop? Why not restrict Metro to where it belongs, i.e., mobile? Why all this extra work?
It just doesn't seem to make any sense.
The Supreme Court's June ruling on the patentability of software - its first in 33 years - raised as many questions at it answered. One specific software patent went down in flames in the case of Alice v. CLS Bank, but the abstract reasoning of the decision didn't provide much clarity on which other patents might be in danger.
Now a series of decisions from lower courts is starting to bring the ruling's practical practical consequences into focus. And the results have been ugly for fans of software patents. By my count there have been 10 court rulings on the patentability of software since the Supreme Court's decision - including six that were decided this month. Every single one of them has led to the patent being invalidated.
This doesn't necessarily mean that all software patents are in danger - these are mostly patents that are particularly vulnerable to challenge under the new Alice precedent. But it does mean that the pendulum of patent law is now clearly swinging in an anti-patent direction. Every time a patent gets invalidated, it strengthens the bargaining position of every defendant facing a lawsuit from a patent troll.
Chromebooks were designed to keep up with you on the go - they're thin and light, have long battery lives, resume instantly, and are easy to use. Today, we're making Chromebooks even more mobile by bringing the first set of Android apps to Chrome OS.
These first apps are the result of a project called the App Runtime for Chrome (Beta), which we announced earlier this summer at Google I/O. Over the coming months, we'll be working with a select group of Android developers to add more of your favorite apps so youâll have a more seamless experience across your Android phone and Chromebook.
I was under the impression all applications would work when they announced this at I/O. I had no idea only select applications would work. That's a bit of a bummer.
Nokia and Windows Phone are history.
Now we can confirm that Microsoft will be completely dropping the "Nokia" branding from their devices, leaving "Lumia" as the hero brand for upcoming devices. In fact we understand that the Lumia 830 and Lumia 730 will be the final two devices to launch with "Nokia" branded on the phone. Future devices will most likely carry the "Microsoft" name along with "Lumia".
Furthermore the document also reveals that Microsoft is shying away from placing the Windows Phone logo next to their devices in promotions and advertisements, and will instead place the standard Windows logo alongside them (sans the "Phone"). In fact we understand, from a source with knowledge of the plans, that this is part of the preparation to leave the "Windows Phone" logo behind, as part of a gradual phase out of the Windows Phone name (and OS) which will merge with the desktop version of Windows in the upcoming updates (i.e. no Windows Phone 9).
This is verified by The Verge's sources inside Microsoft.
So, we now not only live in the crazy world where a version 1 Google product looks (and seems to work) way better than the comparable version 1 Apple product, but also in a world where Microsoft has a very simple naming scheme, and Apple just unveiled the Apple Watch, Apple Watch Sport, and Apple Watch Edition.
I will miss my worn-out Windows Mobile PocketPC Embedded 2003 Compact Standard Edition CE Service Pack 2 Pro jokes, though.
Well, file this under 'holy crap'.
Microsoft is nearing a deal to buy Mojang AB, makers of the Minecraft video game franchise, according to a new report. According to the Wall Street Journal, the deal would value Mojang at more than $2 billion and could be signed as soon as this week.
No. Just no.
Paul Seelig has announced the release of Window Maker Live 0.95.6-1, a Debian-based Linux distribution featuring the latest version of the Window Maker window manager: "ISO images of Window Maker Live 0.95.6-1 for both amd64 and i386 are now available from for immediate download. What is new since....
Kai Hendry has announced the release of Webconverger 26.0, a new update of the specialist distribution designed for web-only computers - now with Firefox 32.0: "Webconverger 26 release. Highlights of this 26.0 signed and tagged snapshot: revised boot menu, helping you get started with Neon, our web signage....
Klaus Knopper has released KNOPPIX 7.4.1, a bug-fix update of the project's Debian-based live CD/DVD that provides the LXDE (default), GNOME 3.12 and KDE 4.13.3 desktops, as well as a separate "ADRIANE" edition designed for visually impaired users: "Version 7.4.1 of KNOPPIX is based on the usual picks....