Matthew Daley discovered that Squid3, a fully featured web proxy cache,
did not properly perform input validation in request parsing. A remote
attacker could use this flaw to mount a denial of service by sending
crafted Range requests.
Nikolaus Rath discovered that s3ql, a file system for online data
storage, used the pickle functionality of the Python programming
language in an unsafe way. As a result, a malicious storage backend
or man-in-the-middle attacker was able execute arbitrary code.
Tavis Ormandy discovered a heap-based buffer overflow in the
transliteration module loading code in eglibc, Debian's version of the
GNU C Library. As a result, an attacker who can supply a crafted
destination character set argument to iconv-related character
conversation functions could achieve arbitrary code execution.
Apple's public relations (PR) department is probably the best in the world - certainly more impressive at shaping and controlling the discussion of its products than any other technology company. Before customers get their first chance to see or touch a new Apple product, the company has carefully orchestrated almost every one of its public appearances: controlled leaks and advance briefings for favored writers, an invite-only media debut, and a special early review process for a group of pre-screened, known-positive writers. Nothing is left to chance, and in the rare case where Apple doesn't control the initial message, it remedies that by using proxies to deliver carefully crafted, off-the-record responses.
A well-written article by Mark Gurman, detailing Apple's PR practices. Especially the parts about how Apple carefully manipulates journalists, bloggers, and newspapers is very interesting. We all know that they do this, of course, but it's great to see it all penned down like this.
It's a long read, but definitely worth it.
Things were looking up in early 2013 for the team behind webOS, a pioneering but star-crossed mobile operating system. After surviving the implosion of Palm and a rocky acquisition by HP, LG stepped in to buy the team. The consumer electronics giant seemed like a white knight with a plan: To make webOS the core of LG's next-generation smart TV platform, and use the brains behind webOS to create a much-needed engine of innovation at LG. To create a unit that was meant to help the company to beat competitors like Samsung with Silicon Valley smarts. A disruptive force.
Eighteen months later, the acquisition looks a lot like a failure.
I wondered why it got so awfully quiet after that CES showing.
Microsoft has explained that they have removed more than 1500 apps from the store.
Every app store finds its own balance between app quality and choice, which in turn opens the door to people trying to game the system with misleading titles or descriptions. Our approach has long been to create and enforce strong but transparent policies to govern our certification and store experience. Earlier this year we heard loud and clear that people were finding it more difficult to find the apps they were searching for; often having to sort through lists of apps with confusing or misleading titles.
This process is continuing as we work to be as thorough and transparent as possible in our review. Most of the developers behind apps that are found to violate our policies have good intentions and agree to make the necessary changes when notified. Others have been less receptive, causing us to remove more than 1,500 apps as part of this review so far (as always we will gladly refund the cost of an app that is downloaded as a result of an erroneous title or description).
The upside is that the store becomes a better, less cluttered and misleading place; the downside is that the walled garden is stronger. Is a top down approach really what we want, or is there a a better, community driven, approach that could be taken?
Stéphane Graber has announced the availability of the first beta release of Ubuntu 14.10, code-named "Utopic Unicorn". Besides Kubuntu, Lubuntu, Ubuntu GNOME and Ubuntu Kylin, who all took part in alpha testing, Xubuntu has now also joined the list of sub-projects that provide official CD/DVD images for beta....
Cathy Lin has announced the release of Deepin 2014.1, a bug-fix update of the Ubuntu-based community distribution with a highly customised and intuitive desktop environment: "Deepin 2014.1 released. In this version, we focus on enhancing the system stability. Meanwhile, the system performance has been optimized thoroughly and the....
Paul Sherman has announced the release of Absolute Linux 14.10, a new version of the project's lightweight desktop distribution based on Slackware Linux 14.1 (with updates from Slackware's "Current" tree) and featuring the IceWM window manager: "Absolute 14.10 released. This is a 'first' release based upon Slackware Linux....
Mati Aharoni has announced the release of Kali Linux 1.0.9, a bug-fix update of the Debian-based distribution designed primarily for penetration testing and forensic analysis tasks: "Now that we have caught our breath after the Black Hat and DEF CON conferences, we have put aside some time to....
Zbigniew Konojacki has announced the release of 4MLinux 9.1, a minimalist and lightweight desktop Linux distribution featuring the JWM window manager: "4MLinux 9.1 'Allinone' edition final released. The status of the 4MLinux 9.1 series has been changed to stable. The final release has all the features included in....
This week in DistroWatch Weekly: Reviews: First impressions of SolydXK 201407 News: Kubuntu plans changes to infrastructure, building VPN gateway with FreeBSD, Ubuntu MATE to become official Ubuntu flavour, what is Raspbian, Debian turns 21 Questions and answers: Trusting binary packages Released last week: PCLinuxOS 2014.08, KaOS 2014.08....
Matthias Klumpp announced the availability of the first alpha build of Tanglu 2.0, a Debian-based desktop Linux distribution with a choice of GNOME 3.12 or KDE 4.13 desktops: "We are proud to announce the release of alpha 1 of Tanglu 2 today. The release mainly brings updated software....
Anke Boersma has announced the release of KaOS 2014.08, a desktop Linux distribution featuring the just-released KDE 4.14 desktop: "With KDE releasing the new major version, KDE 4.14.0, offering primarily improvements and bug fixes, KaOS is happy to be able to present you a new ISO image with....
Alan Baghumian has announced the availability of the initial test release of Parsix GNU/Linux 7.0, a Debian-based distribution featuring the GNOME 3.12 desktop: "We are happy to announce the immediate availability of the first testing release of Parsix GNU/Linux 7.0-TEST-1, code name 'Nestor'. Parsix GNU/Linux 7.0 brings the....
Bill Reynolds has announced the release of PCLinuxOS 2014.08, the latest update of the project's "KDE", "FullMonty", "MiniMe", "LXDE" and "MATE" editions. Released on 12 August, it was formally announced earlier today: "All official ISO images were updated on 2014-08-12 and are available for direct download or via....