Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:
CESG discovered a root escalation flaw in the acpi-support package. An
unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment
variable to run arbitrary commands as root user via the policy-funcs
Multiple security issues have been discovered in the Drupal content
management system, ranging from denial of service to cross-site
scripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003.
Microsoft CEO Satya Nadella has confirmed that his company will amalgamate all major versions of Windows into one operating system. Speaking on the company's quarterly earnings call today, Nadella told analysts Microsoft will "streamline the next version of Windows from three operating systems into one single converged operating system." Describing the implications of the change, Nadella said "this means one operating system that covers all screen sizes."
Not exactly news, but it's good to have it explicitly out in the open like this. And if they're going to want to keep focusing on consumers, they're going to need some pretty big changes. They sold fewer than half a million Surface devices in the last quarter, and only 5.8 million Lumia devices. That last figure is misleading, though, as it only covers two months due to the Nokia deal. Even adding another month, it's safe to say it's well below 10 million.
This actually raises an interesting question: has Microsoft actually ever made any profit off Windows Phone? Especially taking into account the huge amount of money they had to pour into Nokia's devices division every quarter just to keep it alive? And now they also need to earn the costs of the acquisition back.
At some point, someone is going to have to make the tough calls here. What is the future of Windows Phone - and how long will that future be? How long will Microsoft be able to pour resources into the bottomless money pit that is Windows Phone?
Yesterday, former Google-executive Hugo Barra, now Xiaomi's global vice president, had a talk with The Verge.
Barra is only a year into his job as leader of Mi's internationalization efforts, but he's already "sick and tired" of hearing his company derided as an Apple copycat. He sees Mi as "an incredibly innovative company" that never stops trying to improve and refine its designs, and the allegations of it copying Apple are "sweeping sensationalist statements because they have nothing better to talk about."
This morning, John Gruber:
Scroll down on the Mi 3 "features" page and you'll see this image, named "detail-camera.jpg". Take a good look at the camera in that image, then look at the app icon for the current version of Aperture. It's a simple copy-paste-skew job of the lens, and not a very good one. Two panels down on the page, they use it again, horizontally flipped. (Shockingly, they cropped out the "Designed by Apple in California".)
Update: Zdziarski put up a more detailed response.
Apple responded to the backdoor story.
Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.
Zdziarski, the author of the article that started this all, is not impressed.
I donât buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it?
Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.
Oracle has announced the release of Oracle Linux 7.0, a distribution rebuilt from source code of Red Hat Enterprise Linux 7, but featuring a custom "unbreakable" kernel: "Oracle is pleased to announce the general availability of Oracle Linux 7. Oracle Linux 7 offers the latest innovations and improvements....
An updated version of Tails, a Debian-based distribution known for its strong privacy features and pre-configured for anonymous web browsing, has been released: "Tails, The Amnesic Incognito Live System, version 1.1, is out. All users must upgrade as soon as possible - this release fixes numerous security issues.....
Mati Aharoni has announced the release of Kali Linux 1.0.8, a minor update of the project's Debian-based distribution with specialist tools for penetration testing and forensic analysis: "The long awaited Kali Linux USB EFI boot support feature has been added to our binary ISO builds, which has prompted....
This week in DistroWatch Weekly: Reviews: Revisiting Antergos News: Mint considers "Debian Stable" edition, Fedora to provide bleeding-edge kernel, OpenBSD patches LibreSSL vulnerability, Debian releases final "Squeeze" update, articles on upgrading CentOS and installing Arch Tips and tricks: System monitoring and storage information Released last week: Zorin OS....
Stephen Ewen has announced the release of UberStudent 4.0, an Ubuntu-based Linux distribution that includes specialist software for learning and teaching: "I'm pleased to announce the release of UberStudent 4.0 (LTS) 'Socrates' Xfce edition. UberStudent is a Linux distribution for learning, doing and teaching academic success at the....
Curtis Gedak has announced the release of GParted Live 0.19.1-1, the latest stable release of the Debian-based live CD with specialist utilities designed for disk management and data rescue tasks: "The GParted team is proud to announce a new stable release of GParted Live. This live image contains....
John Martinson has announced the release of Robolinux 7.5.5, the latest update of the Debian-based distribution that comes with a pre-configured VirtualBox for running Windows as a "guest" operating system: "Robolinux version 7.5.5 adds more privacy and safety for its users on the web. A large number of....
UHU-Linux 3, an independently developed Hungarian Linux distribution designed for the domestic market and featuring the GNOME 3.12 desktop with GNOME Shell, has been released. It comes nearly four years after the project's last stable release, version 2.2. The distribution's home page (in Hungarian) announced the new release....
Fredrik Rinnestam has announced the release of CRUX 3.1, a lightweight, x86-64 optimised Linux distribution designed for experienced Linux users: "The CRUX team is happy to announce the release of CRUX 3.1 for the x86_64 architecture. CRUX 3.1 comes with a multilib toolchain which includes glibc 2.19.0, GCC....
Eric Turgeon has announced the availability of the third beta build of GhostBSD 4.0, a desktop-oriented operating system (with MATE), based on FreeBSD: "The GhostBSD team is pleased to announce the availability the third beta build of the 4.0-RELEASE release cycle is available on SourceForge for the amd64....