UK-based security consultant Thomas Cannon has identified a serious security flaw in Google's Android operating system. The exploit works on all versions of the platform, and could allow an attacker to view, and copy files from a device's SD card. Some of the important details are being held back by Cannon so Google has a chance to fix the exploit, but we do have an idea how it works.
This is not, as far as anyone knows, being actively exploited anywhere. There are some apps that always store important files in identical directories when installed, so it is possible an attacker could know where some files are kept. It is unclear what Google will do about this. All Android phones are affected. Will manufacturers and carriers be willing to push out updates even for older phones?
An upcoming Linux kernel patch has Linux patriarch Linus Torvalds very excited about the huge performance boost it promises. His enthusiasm is not unfounded either. The 233 line patch by Linux kernel developer Mike Galbraith punches way above its weight by reducing maximum desktop latency by over ten times and average latency by a factor of 60, paving the way for a faster, more responsive desktop experience.
“Yeah. And I have to say that I'm (very happily) surprised by just how small that patch really ends up being, and how it's not intrusive or ugly either. It's an improvement for things like smooth scrolling around, but what I found more interesting was how it seems to really make web pages load a lot faster,” Torvalds said in an email.
“So I think this is firmly one of those "real improvement" patches. Good job. Group scheduling goes from "useful for some specific server loads" to "that's a killer feature".
According to Linux-centric site Phoronix, the wonder patch has been designed to “automatically create task groups per TTY in an effort to improve the desktop interactivity under system strain.” As the Linux 2.6.37 nearing a second release candidate milestone, users will have to wait until 2.6.38 to tap into the huge speed boost.
Meanwhile, you can watch the two demo videos Phoronix posted to elucidate the tremendous performance boost this scheduler patch provides.
Talk about knee-jerk reactions. Samsung's Galaxy Tab is really the only viable Android tablet on the market, and though plenty more will follow, some are already calling the platform a failure. Really?
After spending some hands-on time with the Galaxy Tab and the Maylong M-150, ZDNet's Larry Dignan proclaimed that "Android tablets are a big FAIL" in all caps, a sentiment echoed by Dana Blankenhorn, also with ZDNet.
"I agree with Larry Dignan. Android tablets are a failure," Blankenhorn blogged. "This follows the growing awareness on the part of cognoscenti that Android phones are not open source at all, but carrier crapware. Android as a whole is being seen as a failure."
We don't agree, and neither do the numbers. And if we're discussing smartphones, let's not forget that Android jumped ahead of Apple's iOS in third quarter market share, partially the result of having so many different devices to choose from, whereas Apple offers variations on only one -- the iPhone.
In the tablet space, it's far too early to declare Android a failure. The Galaxy Tab has received mixed reviews so far and doesn't look like it's going to take down the iPad, but did anyone really expect as much from an Android 2.2 device? Despite all the hype surrounding tablets and the holiday shopping season now under way, many companies aren't even bothering releasing an Android 2.2 slate, instead choosing to wait for version 3.0, which is supposed to be much more tablet-y.
What's your take on all this? Do you agree that Android tablets are a failure, or is that just crazy talk at this early stage? Hit the jump and sound off!
Red Hat Enterprise Linux 6 is now available, the open source software developer announced on Wednesday. The much anticipated latest release of Red Hat's flagship operating system introduces hundreds of technical feature enhancements and additions including:
A highly optimized application platform for large-scale, centrally managed enterprise deployments
Enhanced efficiency with the latest generation of highly scalable hardware systems
Industry-leading virtualization performance, flexibility, and security for both host and guest environments
Extensive support for features designed to minimize ecological impact and carbon footprint of IT systems
A platform suitable for long-term, stable deployment while able to incorporate new technologies for physical, virtual, and cloud deployments
More information and pricing info can be found here.
The free, multi-platform 4.4BSD-based Unix-like operating system known as OpenBSD has been updated to version 4.8 and is now available.
This latest version introduces a boat load of new features and fixes, including improved hardware support, file system mid-layer improvements, generic network stack improvements, changes to the install/upgrade process, a ton of bug fixes, and a whole bunch more.
You can view a partial (yet extensive) list of changes here, or check out the lengthy changelog here.
If you're a user of iOS devices like the iPhone or iPad, you might want to snap up VLC for your chosen device before it's gone forever. Rémi Denis-Courmont, one of the principal developers of VLC, explained that VideoLAN (the foundation that supports VLC) is not pleased with how the app is distributed. They have filed a notice of copyright infringement with Apple that may force the removal of the app.
As it turns out, VLC for iOS is developed by a 3rd party developer called Applidium. Apple's iTunes terms allow VLC to only be installed on 5 devices. This is a form of DRM, and as you may know, VLC is open source and distributed under the GPL. That means Apple's DRM scheme is unacceptable to the VideoLAN foundation.
Apple has, in the past, simply removed apps that fall into a similar category. It's spectacularly unlikely that they'd modify their terms for this one app, even if it is so high profile. Denis-Courmont contends that open source software would not be where it is today if not for licenses like GPL, and perhaps users should be looking for apps on more open platforms.
The decision was taken following a rift between Canonical and GNOME over certain design issues. "We were part of the GNOME shell design discussion, we put forward our views and they were not embraced by designers," Shuttleworth said at the ongoing Ubuntu Developer Summit.
"We took a divergent view from the GNOME shell folks on key design issues, for example how application menus should appear on the system, how one should search to find applications, [and] how one's favorite applications should be presented."
However, users will be allowed to install GNOME through Ubuntu’s software installation program. Natty Narwhal is scheduled to be released in April, 2011.
Samsung's mobile strategy has always been multifaceted. The company has built phones running on software from Microsoft, Google, and now their own Bada OS. So it's no surprise that Sammy has finally decided to make some space and give Symbian the boot. Samsung sent out an email to all their registered Symbian developers that laid out in no uncertain terms their plans to shut down all Symbian development by year's end.
With even Nokia working on MeeGo as an alternative mobile OS, things are looking grim for Symbian. It is possible that Samsung could remain a member of the Symbian Foundation, but they would not be contributing. Do you think Symbian will continue shrinking, or is a turnaround in store?
A few months back, when the Facebook privacy meltdown was on in full force, a few plucky young college students told us they wanted to do something better. The Diaspora project was put on Kickstarter in hopes of gaining a few thousand dollars in funding. In the end, the project received over $200,000 in pledges. Now the first developer release of the code for this distributed social network is available for download.
Users will be able to run a "seed" server in the Diaspora network to aggregate all their social data. The seeds can then talk to each other to form the network. All this would be governed by a user's personal privacy settings, and all connections are encrypted. In this way, all a user's data is kept under their personal control.
Diaspora is an open source project and the developers are inviting anyone with the skills to contribute. It's good to see that the founders have made it to this important milestone. Apparently all that Kickstarter cash went to good use. The dev preview is looking a little spartan, but the UI is clean. There is already a system for adding people as friends and sharing pictures. Have you had a look at the code?
Linus Torvalds, who has been living in the United States since 1997 and has two children born in America, is now officially an American citizen himself.
"Yeah, yeah, we should probably have done the citizenship thing a long time ago, since we've been here long enough (and two of the kids are U.S. citizens by virtue of being born here), but anybody who has had dealings with the INS will likely want to avoid any more of them, and maybe things have gotten better with a new name and changes, but nothing has really made feel like I really need that paperwork and headache again," Torvalds explained in a blog post.
In addition to fathering two children, Torvalds is also recognized as the father of Linux, the open source project he presented to the world in September, 1991 when he uploaded the first version of Linux, version 0.01. The rest, as they say, is history.
The right to vote played a part in Torvald's decision to finally become a U.S. citizen. In an interview with NetworkWorld.com, Torvalds pointed out that "Being an alien means that you can't vote, and seeing all the news being about the presidential election (and all the streets here locally littered with signs about the local school bond) tends to remind you about the issue."