Google

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3 485

Posted by samzenpus
from the no-patch-for-you dept.
MojoKid writes If you're running Android 4.3 or earlier, you're pretty much out of luck when it comes to a baked-in defense against a WebView vulnerability that was discovered earlier this month by security analyst Tod Beardsley. The vulnerability leaves millions of users open to attack from hackers that choose to exploit the security hole. WebView is a core component of the Android operating system that renders web pages. The good news is that the version of WebView included in Android 4.4 KitKat and Android 5.0 Lollipop is based on Chromium and is not affected by the vulnerability. The bad news is that those running Android 4.3 and earlier are wide open, which means that 60 percent of Android users (or nearly one billion customers) are affected. What's most interesting is that Google has no trouble tossing grenades at the feet of Microsoft and Apple courtesy of its Project Zero program, but doesn't seem to have the resources to fix a vulnerability that affects a substantial portion of the Android user base.
Programming

Ask Slashdot: Is Pascal Underrated? 461

Posted by timothy
from the let's-make-a-wager dept.
An anonymous reader writes In the recent Slashdot discussion on the D programming language, I was surprised to see criticisms of Pascal that were based on old information and outdated implementations. While I'm sure that, for example, Brian Kernighan's criticisms of Pascal were valid in 1981, things have moved on since then. Current Object Pascal largely addresses Kernighan's critique and also includes language features such as anonymous methods, reflection and attributes, class helpers, generics and more (see also Marco Cantu's recent Object Pascal presentation). Cross-platform development is fairly straightforward with Pascal. Delphi targets Windows, OS X, iOS and Android. Free Pascal targets many operating systems and architectures and Lazarus provides a Delphi-like IDE for Free Pascal. So what do you think? Is Pascal underrated?
Blackberry

Blackberry CEO: Net Neutrality Means Mandating Cross-Platform Apps 307

Posted by timothy
from the fantasy-world-of-atlas-shrugged dept.
DW100 writes In a bizarre public blog post the CEO of BlackBerry, John Chen, has claimed that net neutrality laws should include forcing app developers to make their services available on all operating systems. Chen even goes as far as citing Apple's iMessage tool as a service that should be made available for BlackBerry, because at present the lack of an iMessage BlackBerry app is holding the firm back. Some excerpts from Chen's plea: Netflix, which has forcefully advocated carrier neutrality, has discriminated against BlackBerry customers by refusing to make its streaming movie service available to them. Many other applications providers similarly offer service only to iPhone and Android users. ... Neutrality must be mandated at the application and content layer if we truly want a free, open and non-discriminatory internet. All wireless broadband customers must have the ability to access any lawful applications and content they choose, and applications/content providers must be prohibited from discriminating based on the customer’s mobile operating system. Since "content providers" are writing code they think makes sense for one reason or another (expected returns financial or psychic), a mandate to write more code seems like a good way to re-learn why contract law frowns on specific performance.
Operating Systems

Could Tizen Be the Next Android? 241

Posted by Soulskill
from the yes-no-maybe dept.
MollsEisley writes: Right now, Tizen is still somewhat half-baked, which is why you shouldn't expect to see a high-end Tizen smartphone hit your local carrier for a while yet, but Samsung's priorities could change rapidly. If Tizen development speeds up a bit, the OS could become a stand-in for Android on entry-level and mid-range Samsung phones and eventually take over Samsung's entire smartphone (and tablet) lineup.
Android

Ask Slashdot: Can I Trust Android Rooting Tools? 184

Posted by timothy
from the spider-sense dept.
Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.

What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
Android

The Free Educational Software GCompris Comes To Android 75

Posted by timothy
from the approved-for-all-ages dept.
New submitter xarma writes GCompris is a reference in its category on GNU/Linux but also on Windows. Its development started in 2000 in Gtk+. Last year the development team, willing to address the tablet and PC users from a single code base, took the hard decision to fully rewrite it in Qt Quick. The new version is now developed under the KDE community umbrella. After one year of work, a first release has been shipped on the Android play store. Continuing on its original funding approach, it remains free software but requires a fee on proprietary platforms.
The Internet

The 'Radio Network of Things' Can Cut Electric Bills (Video) 172

Posted by Roblimo
from the trying-to-bring-the-electric-power-grid-into-the-21st-century dept.
We all love 'The Internet of Things.' Now imagine appliances, such as your refrigerator and hot water heater, getting radio messages from the power grid telling them when they should turn on and off to get the best electricity prices. Now kick that up to the electric company level, and give them a radio network that tells them which electric provider to get electricity from at what time to get the best (wholesale) price. This is what e-Radio is doing. They make this claim: "Using pre-existing and near ubiquitous radio signals can save billions of dollars, reduce environmental impact, add remote addressability and reap additional significant societal benefits."

Timothy noticed these people at CES. They were one of the least flashy and least "consumer-y" exhibitors. But saving electricity by using it efficiently, while not glamorous, is at least as important as a $6000 Android phone. Note that the guy e-Radio had at CES speaking to Timothy was Scott Cuthbertson, their Chief Financial Officer. It's a technology-driven company, from Founder and CEO Jackson Wang on down, but in the end, saving money is what they sell. (Alternate Video Link)
Google

Google Releases More Windows Bugs 262

Posted by Soulskill
from the speak-softly-and-carry-a-big-bugtracker dept.
An anonymous reader writes: Just days after Google angered Microsoft by releasing information about a Windows security flaw, they've now released two more. "The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched." Microsoft says there's no evidence these flaws have been successfully exploited.
Communications

Your High School Wants You To Install Snapchat 156

Posted by timothy
from the just-ask-ram-sweeney dept.
Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.
Google

Google Aims To Be Your Universal Translator 122

Posted by samzenpus
from the what-did-you-say? dept.
mpicpp sends word about Google's latest translate technology. "Google is beaming a bit closer to Star Trek's universal translator with the newest edition of its Translate app. Rolling out over the next few days for iOS and Android users, the latest version of Google Translate offers two key features — the ability to instantly converse with someone speaking in a different language and the capability to translate street signs and other images into your native language. Both features have been available in the Android app to some extent. For example, Google Translate for Android has long offered real-time translation of conversations. But Google's goal behind the latest version of the app is to enhance and simplify the features so they work more quickly and fluidly without any lag time. The latest version of Google Translate aims to change that. To converse with someone speaking in a different language, a user chooses his language and that of the other speaker. He then taps the microphone icon in the app, starts speaking in his native or selected language, and then taps the mic icon again. The app will recognize which of the two languages is being spoken, and then the two speakers can carry on their conversation without having to keep tapping the mic. In a test of the app's instant translation, The New York Times said it did prove to be a step forward; though, it's not science fiction just yet. The app fared best with short sentences that didn't include jargon, and it worked better when the users paused between each translation. Google also has beefed up the app's ability to translate street signs. Previously, you'd have to take a photo of the foreign text to get a translation of it. Now, you simply point your camera at the sign and the translated text appears overlaid on your screen — even if you're not connected to the Internet. This feature is made possible courtesy of Quest Visual's Word Lens app for iOS and Android, which Google acquired when it purchased the company last May. This feature supports English translated to and from French, German, Italian, Portuguese, Russian and Spanish. Google says it's working to add more languages."
Firefox

Firefox 35 Arrives With MP4 Playback On Mac, Android Download Manager Support 177

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today launched Firefox 35 for Windows, Mac, Linux, and Android. Major additions to the browser include room-based Firefox Hello conversations, H.264 (MP4 files) playback on OS X, and integration with the Android download manager. Mozilla has opened up the Firefox Marketplace for the desktop, currently in beta. While Firefox Marketplace is already available on Firefox OS and Firefox for Android, the company is now asking users to help test apps on Windows, Mac, and Linux. Full changelogs: desktop and Android.
Technology

Talk to the World Through Ubi -- and Use Gestures, Too (Video) 38

Posted by Roblimo
from the not-quite-star-trek-but-getting-there dept.
'The Ubi is an always-on voice-activated computer ready to help. Just plug it in, talk to it and it'll help you connect with your world.' That Kickstarter project description back in 2012 helped UBI raise $229,594 even though they only hoped for $36,000. So now they sell Ubis for $299, as you can see for yourself by clicking the "BUY NOW" button in the upper right corner of www.TheUbi.com, their site's main page. A cynic might say that a decent Android phone can perform most Ubi functions, including a growing number of home automation control tasks, and that Android voice recognition gets better with each new release. But Ubi is cute, and round, and "you can talk through it to the ones you love."

That's great, but Android phones can do that, too. What a smartphone can't do is compete with Ubi Interactive, which may finally give us gesture-based computer input that is not only exciting in a Star Trek way, but is also practical for home and business use. This, along with Kinect, looks like a product that has a solid future ahead of it. (Alternate Video Link)
Security

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw 629

Posted by timothy
from the well-that's-one-way-to-view-it dept.
An anonymous reader writes Last month, Google took the bold steps to release the details of a security vulnerability ahead of Microsoft. Microsoft responded and said that there was a patch in works which was set to be released two days after Google went live with the details. Microsoft accuses Google for refusing to wait an extra 48 hours so that the patch would have been released along with the details of the exploit. Now, let's see what is happening on the Google side of software development. Recently, an exploit has been uncovered in the WebView component of Android 4.3 — estimated to cover roughly 60% of Android install base — and Google is saying that they will not patch the flaw. Google's only reasoning seems to be that they are not fixing vulnerabilities in 4.3 (introduced in June 2012) anymore, as they have moved focus to newer releases. It would appear that over 930 million Android phones in use are out of official Google security patch support.
Android

Is Kitkat Killing Lollipop Uptake? 437

Posted by samzenpus
from the if-it-aint-broke dept.
BarbaraHudson writes Remember how Windows XP was "good enough" that people took forever to upgrade? The same might be happening with Kitkat vs Lollipop. "According to Google's latest Google Play Store results for early January 2015, less than 0.1 percent of all Android devices were using Lollipop. By comparison, the last major Android release 4.4, KitKat, reached 1.1 percent of its audience in its first month out. In January 2015, almost two months in for Lollipop, KitKat is still number one with 39.1 percent of the market. It's followed by the various Jelly Bean versions, 4.1.x with 19.2 percent; 4.2.x with 20.3 percent, and 4.3 with 6.5 percent. Trailing them is Ice Cream Sandwich, 4.03-04 with 7.8 percent, followed by antique Froyo, 2.2, with 0.4 percent."
Sony

Sony Thinks You'll Pay $1200 For a Digital Walkman 391

Posted by Soulskill
from the good-luck-with-that dept.
An anonymous reader writes: The Walkman is one of the most recognizable pieces of technology from the 1980s. Unfortunately for Sony, it didn't survive the switch to digital, and they discontinued it in 2010. Last year, they quietly reintroduced the Walkman brand as a "high-resolution audio player," supporting lossless codecs and better audio-related hardware. At $300, it seemed a bit pricey. But now, at the Consumer Electronics Show, Sony has loudly introduced its high-end digital Walkman, and somehow decided to price it at an astronomical $1,200.

What will all that money get you? 128GB of onboard storage and a microSD slot to go with it. There's a large touchscreen, and the device runs Android — but it uses version 4.2 Jelly Bean, which came out in 2012. It also supports Bluetooth and NFC. Sony claims the device has 33 hours of battery life when playing FLAC files, and 60 hours when playing MP3s. They appear to be targeting audiophiles — their press release includes phrasing about how pedestrian MP3 encoding will "compromise the purity of the original signal."
DRM

Netflix Cracks Down On VPN and Proxy "Pirates" 437

Posted by Soulskill
from the why-people-hate-the-content-industry dept.
An anonymous reader sends this unfortunate report from TorrentFreak: Due to complicated licensing agreements Netflix is only available in a few dozen countries, all of which have a different content library. Some people bypass these content and access restrictions by using VPNs or other circumvention tools that change their geographical location. This makes it easy for people all around the world to pay for access to the U.S. version of Netflix, for example. The movie studios are not happy with these deviant subscribers as it hurts their licensing agreements. ... Over the past weeks Netflix has started to take action against people who use certain circumvention tools. The Android application started to force Google DNS which now makes it harder to use DNS based location unblockers, and several VPN IP-ranges were targeted as well.
Encryption

Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients 29

Posted by timothy
from the keep-it-secret-keep-it-safe dept.
An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.
Privacy

New App Detects Government Stingray Cell Phone Trackers 71

Posted by timothy
from the ones-you-know-about-at-least dept.
HughPickens.com writes IMSI catchers, otherwise known as stingrays, are those surveillance tools that masquerade as cell towers and trick mobile phones into connecting, spewing private data in the process. Law-enforcement agencies have been using them for almost two decades, but there's never been a good way for individuals to detect them. Now Lily Hay Newman reports that SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Android. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area. "There's no one set of information, taken by itself, that allows you to detect an IMSI catcher," says Nohl. "But we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold."

Stingrays have garnered attention since a 2011 Arizona court case in which one agent admitted in an affidavit that the tool collaterally swept up data on "innocent, non-target devices" (U.S. v. Rigmaiden). The government eventually conceded in this case that the "tracking operation was a Fourth Amendment search and seizure," meaning it required a warrant. But given that the Justice Department has continued to claim that cellphone users have no reasonable expectation of privacy over their location data, it may take a Supreme Court judgement to settle the Stingray issue countrywide.
Programming

Ringing In 2015 With 40 Linux-Friendly Hacker SBCs 81

Posted by samzenpus
from the pick-your-favorite dept.
DeviceGuru writes As seen in this year-end summary of 40 hacker-friendly SBCs, 2014 brought us plenty of new Linux and Android friendly single-board computers to tinker with — ranging from $35 bargains, to octa-core powerhouses. Many of the new arrivals feature 1-2GHz multicore SoCs, 1-2GB RAM, generous built-in flash, gigabit Ethernet, WiFi, on-board FPGAs, and other extras. However, most of the growth has been in the sub-$50 segment, where the Raspberry Pi and BeagleBone reign supreme, but are now being challenged by a growing number of feature-enhanced clones, such as the Banana Pi and Orange Pi. Best of all, there's every reason to expect 2015 to accelerate these trends.
Social Networks

Twitter Bug Locks Out Many Users 69

Posted by timothy
from the confine-comments-to-140-chars-in-solidarity dept.
TechCrunch and ZDNet are among the many sources to report that many users are having trouble right now signing in to Twitter, and that the company is working right now to fix the glitch. As ZDNet describes the problem, According to Twitter's server response at the time of writing, most of 2015 has happened, and we are heading into a bright new 2016 in a couple of days time. Querying Twitter's HTTP response headers at https://twitter.com returns a time stamp dated one year into the future: "date: Mon, 29 Dec 2015 02:09:37 UTC". Consequently, users of Twitter's popular Tweetdeck application have experienced seeing every incoming tweet appear with a time stamp reporting the tweet to be from 365 days ago. At the same time that Twitter's servers began returning the incorrect date, some users of Twitter's official Android app were logged out of the service, and unable to log in again via the app. Users of some third-party Twitter applications have also reported being locked out of their apps.