Sep 24

Modularisation dropped from Java 8

Java iconThe project to modularise Java, Jigsaw, originally planned for Java 7 and deferred to Java 8, has now been pushed back to Java 9, which is due to arrive in 2015. Mark Reinhold, Chief Architect of the Java Platform Group at Oracle, says in his blog that his proposal to defer Project Jigsaw met with evenly divided feedback, but ultimately the decision rested with the Java SE 8 Expert Group (JSR337). That group showed all supporting the deferral of modularising Java’s run-time and a strong majority supporting the plan to push the entire modularisation effort to Java SE 9. A final and formal resolution is still pending but is unlikely to change course.

Despite the deferral, work on preparing the way for modularisation will still be done in Java 8, ready for Java 9. A Java Enhancement Proposal, JEP162 “Prepare for Modularisation”, sets out a plan to smooth the transition by making changes such as deprecating problematic APIs, adding command-line tools to show static dependencies and switching to ServiceLoader. These changes should make the eventual transition to modularisation easier.

The Oracle architect also believes that there is still progress to be made in the converging of Java SE and the high-end profiles of Java ME, and another proposal, JEP161 lays out a plan to define a number of subset profiles for Java SE which could allow the platform to be deployed and run on small devices. For example, an initial draft sees core libraries such as lang, io, nio and util making up a “Compact1” profile, with the addition of sql, xml, dom, sax and rmi making up “Compact2”; a “Compact3” profile would bring in many more libraries.

Reinhold closes by saying that “deferring Jigsaw to a Java 9 release in 2015 is by no means a pleasant decision,” but that it does appear to be the “best available option”.

 

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/09/modularisation-dropped-from-java-8/

Sep 23

Microsoft patches critical hole in Internet Explorer

Internet ExplorerWith an emergency update on Friday evening, Microsoft has closed the critical vulnerability in Internet Explorer that is already being actively exploited for attacks. The hole affects IE versions 6 to 9 and allows attackers to infect systems with malicious code when a specially crafted web page is visited. The vulnerability was disclosed last Monday, and a Metasploit module for it became available on Tuesday.

Microsoft also took this opportunity to close four similar holes that, the company said, were reported in confidence by security specalists and haven’t been exploited for attacks. Looking at their CVE numbers, these four vulnerabilities were reported well before the other hole was revealed on Monday. The vulnerabilities are based on “use-after-free” bugs that involve access to newly de-allocated memory areas. This causes IE to execute shell code that an attacker has injected into memory.

Microsoft says that the patch is being deployed via Windows Update; therefore, those who have the Windows Update feature enabled on their computers need to take no further action. Everyone else can manually download a suitable patch for their version of Windows.

The company has also made changes that benefit the early adopters of Windows 8 by updating the Flash Player that is integrated into IE 10 to the latest version. The update fixesa bug that enabled files to inject software via specially crafted fonts. With the new version of Internet Explorer, Microsoft has made the Flash plug-in a permanent browser component. This should, in theory, cause updates to reach users faster and more reliably because the browser will download and install them automatically.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/09/microsoft-patches-critical-hole-in-internet-explorer/

Sep 22

WordPress for Android updated with all-new stats

 

The new version of WordPress for Android adds support for featured images and all-new stats Zoom
Source: WordPress

Support for featured images and all-new stats are the most notable features in the recent 2.2 release of the WordPress for Android mobile application. This new version now lets users set Featured Images from directly within the app; previously this could only be done using the web interface. After adding an image to the post, users can enable this option by tapping on it and selecting “Use as featured image”; the developers note that this requires WordPress 3.4.1 or later. 

WordPress for Android 2.2 also introduces a new stats view that includes information on, for example, Views by Country as well as Top Posts and Pages. The stats work out of the box for blogs hosted on WordPress.com; for self-hosted blogs, users will need to install the free Jetpack plugin to enable stats within the app. Other changes include performance improvements as well as various bug fixes that improve its overall reliability.

Shortly after WordPress for Android 2.2 arrived, the developers released an update, version 2.2.2, that fixed a problem with stats, updated Swedish, Hungarian and Catalan translations, and added Korean language support. WordPress for Android 2.2.2 is available to download from the Google Play Store and requires Android 2.1 or later. The app supports WordPress.com and self-hosted WordPress.org blogs running WordPress 3.0 or higher. Like WordPress, WordPress for Android is licensed under the GPLv2.

A new version of the WordPress for iOS app has also been released. Version 3.1.4 of the app adds support for the latest iOS 6 release as well as Apple’s new iPhone 5 smartphone. Other changes include fixes for problems with stats and remote logins, as well as bugs that caused the app to crash. The update is available to download from the iTunes App Store and requires iOS 4.3 or later.

 

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/09/wordpress-for-android-updated-with-all-new-stats/

Sep 21

Microsoft and Xamarin collaborate on Azure Mobile Services

Azure logo

Microsoft has announced that it is open sourcing the software development kit (SDK) for its Azure Mobile Services backend for Windows Store applications. The company has also said that it will partner with Xamarin to expand the SDK to support the iOS and Android platforms.

Azure Mobile Services is a framework that provides features such as login capabilities and remote data storage for mobile applications; it runs on Microsoft’s Azure which offers a hybrid Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) environment to developers.

The code for the SDK is made available under the terms of the Apache 2.0 Licence and can be downloaded from GitHub. According to the company, it will be fully supported and the developers are actively looking for contributions to the project. Xamarin, in turn, has made a preview for its cross-platform implementation for the Mobile Services client frameworkavailable under the same licence. According to the company, “the framework, which is a port of Microsoft’s own Mobile Services client library, will make it easy for developers to use Microsoft’s hosted backend in their Xamarin-powered Android and iOS applications.”

Xamarin is maintaining the open source C# implementation Mono and is selling commercial versions for Android and iOS development which have proven popular with game developers.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/09/microsoft-and-xamarin-collaborate-on-azure-mobile-services/

Sep 21

Apple closes security holes in Mac OS X and Safari

Apple iconApple has released updates for versions 10.6 (Snow Leopard), 10.7 (Lion) and 10.8 (Mountain Lion) of its Mac OS X operating system that close a number of critical security holes. Mac OS X 10.8.2 and 10.7.5, and Security Update 2012-004 for Mac OS X 10.6.8 address a wide range of security vulnerabilities. These include information disclosure and denial-of-service (DoS) problems, bugs in the sandbox that could allow a malicious program to bypass restrictions, memory corruption bugs, and buffer and integer overflows. According to Apple, many of these could be exploited by an attacker to cause unexpected application termination or arbitrary code execution. Among the changes in the updates are new versions of Apache, the BIND DNS server, International Components for Unicode, the kernel, Mail.app, PHP, Ruby and the QuickTime media player, all of which correct security problems.

In addition to the fixes in Mac OS X 10.7.5, the update also includes Gatekeeper, a security feature from 10.8 Mountain Lion. By default, this feature automatically rejects applications that have not been signed with a valid Apple-issued Developer ID, but this setting can be changed. Gatekeeper includes three levels of security for running applications downloaded from the internet: “Mac App Store”, “Mac App Store and identified developers” and “Anywhere”. The first of these only runs applications downloaded from the Mac App Store, while the second option only allows applications from the store and from developers who have signed their program with their Developer ID. The last option allows all applications to run, regardless of whether they are signed with a Developer ID or not.

The company also released an update to its Safari web browser, version 6.0.1. This first update to Safari 6 from July addresses multiple information disclosure vulnerabilities, including one which could allow Autofill contact information to be sent to maliciously crafted web sites. As usual, the majority of the holes closed in Safari were memory corruption bugs found in its WebKit browser engine which could, for example, be exploited by an attacker to cause unexpected application termination or arbitrary code execution. For an attack to be successful, a victim must first visit a specially crafted web site.

Further details about the vulnerabilities closed, including a full list of fixes, can be found in Apple’s security advisories. Mac OS X 10.8.2 (Client Standard UpdateClient Combo Update, Mac OS X 10.7.5 (Client Standard UpdateClient Combo UpdateServer Standard UpdateServer Combo Update) and Security Update 2012-004 (ClientServer) for Mac OS X 10.6 are available from Apple’s Support Downloads page; at the time of writing, Safari 6.0.1 is not yet listed for download from the site. Alternatively, Mac OS X users can upgrade to the latest releases using the built-in Software Update function. All users are advised to upgrade as soon as possible.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/09/apple-closes-security-holes-in-mac-os-x-and-safari/

Page 20 of 53« First...10...17181920212223...304050...Last »