Martin Holst Swende discovered a flaw in the way chunked requests are
handled in ModSecurity, an Apache module whose purpose is to tighten the
Web application security. A remote attacker could use this flaw to
bypass intended mod_security restrictions by using chunked transfer
coding with a capitalized Chunked value in the Transfer-Encoding HTTP
header, allowing to send requests containing content that should have
been removed by mod_security.
It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.
General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly-assured OS.
And here's the code.
The technology press and bloggers really seem to have no idea what to make of Tizen. First, it was a huge, credible threat to Android (*), but now that even people who really, really, really want to see Android in trouble can no longer maintain that Tizen is a serious threat, it's now apparently magically a sign of Samsung's weakness. Or, if you believe Reuters, it's a sign of... Both? Or something?
Samsung Electronics Co. suffered another blow to its efforts to cut the dependency of its smartphone business on Google Inc.'s Android operating system, postponing the launch of a new model that runs on its own Tizen software.
The news is the latest disappointment for the Korean giant which is trying to defend its position as the world's largest maker of smartphones from the twin challenges of Apple Inc. AAPL and, at the other end of the market range, Chinese companies such as Huawei, ZTE and Xiaomi.
Of course, those of us who have even a minute understanding of what it takes to create a successful and viable operating system and platform know full well just how unrealistic it is to see Tizen as anything but a fringe experiment that will, in all likelihood, never bear any fruit. You can ask BlackBerry and Microsoft just how hard it is to create, introduce, maintain, and grow a mobile platform in the current Android-iOS duopoly.
I would love for Tizen to be a success, but the cold and harsh truth of this world is that all evidence - both historical and current - points towards it not making any headway whatsoever in smartphones and tablets. Tizen may very well play a role in Samsung's more embedded efforts - like TVs - but don't expect it on any serious phone any time soon, let alone it being a threat to iOS, Android, Windows Phone or even BB10.
However, I want Tizen to be a success not because of some hand-wringing desire to see iOS or Android or Google or Samsung stumble and fall. No, I want it to be a success because the market - and thus consumers - always benefit from choice. The more platforms compete for that precious space in your pockets, the better all of them will become. Without Android, iOS would still be stuck at the level of version 2. Without Windows Phone, Android would still look like a cartoon. Potential other platforms would push the big three to even greater heights.
I've made my desire to buy a Tizen device very clear. Not because I believe it will change the world or because I consider it an "Android killer", but because I believe diversity in the marketplace benefits us all - whether we're an iOS, Android, or BeOS user.
Nokia has released the first major software update for the Nokia X series of devices.
Key features of the update include:
Enjoy improved ease of use with the new app switcher - switch easily between open apps, or close apps with a single tap.
Instant access to your mail, calendar, and notes with Outlook.com and OneNote.
Updated Nokia Store - new design to help you find content more easily, and better integration with third-party stores.
New scrollable widgets, call reject with a message, contact search in the dialler, automatic uploading to OneDrive, and local calendar support.
General performance and usability improvements.
Could very well be the last.
Microsoft has accidentally spilled the beans on Windows Phone 8.1 Update 1, and it's going to be a relatively small update for users, but a big one for OEMs and thus the platform. The number of user-facing features is small (Windows Phone is finally getting folder support!), but it increases support for different resolutions and screen sizes - up to 7".
More features might be coming that aren't yet leaked, but the focus of the update is clear: hardware support.
Antivirus peddler Trend Micro recently issued a "report", in which it states that "Google Play [is] populated with fake apps, with more than half carrying malware". Sounds scary, right?
Well, reality is a little different, as TechRepulic and Android Police found out.
It turns out that Trend Micro is guilty of a little over-eager language that obfuscated the nature of some of these threats. While there are indeed fake versions of many popular Android apps available for download, Trend failed to mention in their initial promotion for the report that the apps in question were posted outside the Play Store, and had to be installed manually in what's commonly known as a side-load. This requires users to download the app in a browser, ignore a standard security warning about APK files, and disable a security option in Android's main settings menu.
As I've been saying for years and years now, antivirus peddlers are the scum of the technology industry. These people actively lie and spread FUD about popular platforms just to scare people into buying their crappy, bloated, unnecessary software. They tried these scummy scare tactics for OS X, iOS, and recently it's been Android's turn. Of course, it doesn't help that people like Tim Cook actively join in on the lying and FUD.
You can spot the FUD from miles away. It usually contains something like "99% of all mobile malware targets Android", which may technically be true, but is actually entirely meaningless without the figure that actually matters: infection rates to determine just how successful this malware actually is. The actual infection rate figures make it very clear that they are, in fact, not successful at all. Another dead giveaway that you're dealing with antivirus FUD is "[platform] is insecure. Buy our software to make it secure".
Android is just as secure as iOS. The figures are out there for all to see. Any time you see articles about reports regarding Android's security, you can be 100% sure it's coming from antivirus peddlers, meaning the figures will be contorted, false, manipulated, or just downright made up. These people are not to be trusted. If you still haven't learned that lesson, you are either stupid, or you have an agenda to push.
From an article I stumbled upon today, detailing the file manager that shipped on virtually every Symbian device in history.
The Files UI should be familiar to anyone that has used a file manager or folder system/explorer on a computer and it behaves the same as well. Pictured to the left is the standard view when you open Files. It shows several "drives", C:, E: and F: with F: being your memory card if your Symbian device has a memory card (SD, Mini/Micro SD) slot. Pictured to the right, you can see additional drives that are shown when you connect external devices via USB On-The-Go (if your device has USB-OTG) such as flash drives, hard drives or other phones. G: and H: represent the Mass Memory and Memory card on my Nokia N8 that is connected to my 808 PureView via USB OTG... that's a LOT of GBs to manage!
Back when I used Symbian as my main smartphone operating system (I had an E72), I always found it funny that Symbian used drive letters, while the mobile operating system I used for years and years (Windows Mobile/PocketPC) did not - or at least, not in a user-visible manner. At the time, I assumed that Symbian used drive letters in a virtual way to placate Windows users who were used to them.
In recent years, however, I've found out that Symbian's use of drive letters actually goes back much farther than that. Psion's EPOC (Symbian's 16bit predecessor; Symbian was created by Psion) also used drive letters - open up a Series 3 (I have a 3a) and you'll see that the two disk slots are designated A and B. Going even further back in time, even my Psion Organiser II (1986) used A: and B: for its two disk slots. I don't have a device to check, but I would assume that the Organiser I also used drive letters.
Interesting how a concept dating back to CP/CMS made it all the way to the most modern Symbian phones.
survey from market research firm VisionMobile, there are 2.9 million app developers in the world who have built about two million apps. Most of those app developers are making next to nothing in revenue while the very top of the market make nearly all the profits. Essentially, the app economy has become a mirror of Wall Street.
The application store model was a good thing for a while, especially early on. Now, though, it's becoming an impediment. Supply has increased so much that it's impossible to stand out, especially now that a relatively small number of big players are utterly dominating the listings, drowning out everyone else.
If nobody does anything, this will only get worse.
I'm lucky. My financial situation allows me to buy several phones and tablets every year to keep up with the goings-on of all the major - and some of the minor - platforms currently competing for prime real estate in your precious pockets. It also means that I am lucky from a psychological point of view - by being able to buy several devices every year, I never fall into the all-too-common trap of choice-supportive bias. I don't have to rationalise my device purchases after the fact, so I won't have to employ all sorts of mental gymnastics to solve any states of cognitive dissonance caused by hardware and software flaws - the number one cause of irrational fanboyism.
And so, I try to rotate my phone of choice around as much as possible. I enjoy jumping from Android to my N9, then onwards to Sailfish, back to Android, and then have some fun with Symbian on my E7 - and beyond. I've got a long list of platforms I want to add to the collection - one white BlackBerry Passport please - but in general, I'm pretty well-rounded.
Read more on this exclusive OSNews article...
A while ago, we've announced our plans to add Linux support as one of the features of our digital platform, with 100 games on the launch day sometime this fall. We've put much time and effort into this project and now we've found ourselves with over 50 titles, classic and new, prepared for distribution, site infrastructure ready, support team trained and standing by, and absolutely no reason to wait until October or November. We're still aiming to have at least 100 Linux games in the coming months, but we've decided not to delay the launch just for the sake of having a nice-looking number to show off to the press. It's not about them, after all, it's about you. So, one of the most popular site feature requests on our community wishlist is granted today: Linux support has officially arrived on GOG.com!
Good on 'm.
Microsoft CEO Satya Nadella has confirmed that his company will amalgamate all major versions of Windows into one operating system. Speaking on the company's quarterly earnings call today, Nadella told analysts Microsoft will "streamline the next version of Windows from three operating systems into one single converged operating system." Describing the implications of the change, Nadella said "this means one operating system that covers all screen sizes."
Not exactly news, but it's good to have it explicitly out in the open like this. And if they're going to want to keep focusing on consumers, they're going to need some pretty big changes. They sold fewer than half a million Surface devices in the last quarter, and only 5.8 million Lumia devices. That last figure is misleading, though, as it only covers two months due to the Nokia deal. Even adding another month, it's safe to say it's well below 10 million.
This actually raises an interesting question: has Microsoft actually ever made any profit off Windows Phone? Especially taking into account the huge amount of money they had to pour into Nokia's devices division every quarter just to keep it alive? And now they also need to earn the costs of the acquisition back.
At some point, someone is going to have to make the tough calls here. What is the future of Windows Phone - and how long will that future be? How long will Microsoft be able to pour resources into the bottomless money pit that is Windows Phone?
Yesterday, former Google-executive Hugo Barra, now Xiaomi's global vice president, had a talk with The Verge.
Barra is only a year into his job as leader of Mi's internationalization efforts, but he's already "sick and tired" of hearing his company derided as an Apple copycat. He sees Mi as "an incredibly innovative company" that never stops trying to improve and refine its designs, and the allegations of it copying Apple are "sweeping sensationalist statements because they have nothing better to talk about."
This morning, John Gruber:
Scroll down on the Mi 3 "features" page and you'll see this image, named "detail-camera.jpg". Take a good look at the camera in that image, then look at the app icon for the current version of Aperture. It's a simple copy-paste-skew job of the lens, and not a very good one. Two panels down on the page, they use it again, horizontally flipped. (Shockingly, they cropped out the "Designed by Apple in California".)
Update: Zdziarski put up a more detailed response.
Apple responded to the backdoor story.
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
Zdziarski, the author of the article that started this all, is not impressed.
I donât buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?
Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.
No Man's Sky is a video game quite unlike any other. Developed for Sony's PlayStation 4 by an improbably small team (the original four-person crew has grown only to 10 in recent months) at Hello Games, an independent studio in the south of England, it's a game that presents a traversable universe in which every rock, flower, tree, creature, and planet has been "procedurally generated" to create a vast and diverse play area.
"We are attempting to do things that haven't been done before," says Murray. "No game has made it possible to fly down to a planet, and for it to be planet-sized, and feature life, ecology, lakes, caves, waterfalls, and canyons, then seamlessly fly up through the stratosphere and take to space again. It's a tremendous challenge."
Minecraft comes to mind - obviously - but No Man's sky goes much, much further. You're looking at a procedurally generated universe with millions of individual, unique planets and individual, unique ecosystems, each evolving over time.
A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.
First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it.
Advertising companies will become increasingly... 'Creative' to find some way of tracking us that circumvents known laws and technological barriers. However, I doubt you have to worry about the small fish - worry about what the biggest internet advertising company in the world has cooking in its labs.
Modern Combat 5 has been cracked and uploaded to multiple torrenting websites over the weekend. MC5 is a first person shooter for iOS, Android and Windows 8. The developer and publisher, Gameloft, ran a contest recently and invited players into the game early. One of those winners apparently cracked the game and began distributing it online.
Modern Combat's dev team is not pleased with the situation.
Horrible. You win a contest for early access, and then you turn around and stab them in the back like this. You must be a pretty terrible human being to do something like this.
This week in DistroWatch Weekly: Reviews: First impressions of Deepin 2014 News: Fedora Magazine encourages people to join Ask Fedora, Gentoo developer weighs in on using LibreSSL, FreeBSD team issues quarterly report, Ubuntu launches 8th edition of The Official Ubuntu Book Questions and Answers: Encrypted package downloads Released....
George Vlahavas has announced the release of Salix 14.1 "Openbox" edition, a lightweight Slackware-based distribution featuring with Openbox as the default window manager: "Salix Openbox 14.1 brings the Openbox window manager, teamed with fbpanel and SpaceFM to create a fast and flexible desktop environment. This is the most....
Pat Riehecky has announced the availability of the first beta build of Scientific Linux 7.0, a distribution compiled from the source code for Red Hat Enterprise Linux 7 and enhanced with extra applications for scientific computing: "Today we are announcing a beta release of Scientific Linux 7. Changes....