A remote vulnerability in the OpenSSL library was disclosed yesterday. A missing bounds check in the Heartbeat Extension implementation can trigger a buffer over-read leading to the loss of sensitive data, including the disclosure of the private key.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
More information:
The
logo contest had 528 entries from 127 different designers. There were so many interesting submissions, that I found it hard to pick just one!
The
winning logo is now plastered at the top of this page, for all eternity. The website's design and CSS has also been tweaked a bit to reflect the new "lighter" look.
From
Phoronix :
Debian developers announced this week version 1.0 of APT, their Advanced Packaging Tool, on the day that the packaging project turned sixteen years old.
APT was conceived sixteen years ago on 1 April and on 1 April of this year they celebrated its "sweet sixteen" by releasing APT 1.0. This was no April Fool's Joke. One of the new features to APT 1.0 is a new apt binary that has most of the commonly used commands from apt-get and apt-cache.
If this were Chrome or Firefox, they would be in the hundreds by now.
[
Editor's Note: More information on Debian APT 1.0 is available in the official release announcement and on Synaptic and APT developer Michael Vogt's blog . ]
Microsoft proves its security team is still top notch. Turns out, the backdoor password was a
series of spaces. Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.
Sounds like the Windows 98 network login dialog - the one where you just press "Cancel" and it lets you log into the desktop, networking still enabled.
Manufacturers of DRAM modules reached a
$310 million settlement for working together to fix prices. If you bought DRAM between 1998 and 2002, including any electronic device or computer containing DRAM, you may be
eligible for a rebate . The minimum rebate is $10, while larger purchasers can receive up to $1000. The class action suit applies to the U.S. only, and the deadline to
submit a claim is August 1, 2014.
Last september J.K.Rowling and Warner Brothers
announced a spin off of Harry Potter based on the book "Fantastic Beasts and Where to Find Them." The book takes place 70 years prior to the Harry Potter events, is not a prequel, and contains a more lighthearted comedy than the serious overtones of the Potter books.
New information from the studio notes that three mega-movies are planned. Thus, W.B. adds to the growing trend of milking a trilogy of movies from one book.
Early last month, I tried my hand at creating a unique logo for this site. Turns out, I sucked at it. My temporary solution was to type "Pipedot" in the Koloss font at 25 point and go back to work on the more important stuff. Of course, some have pointed out the resemblance of this setup to the green site. And I'd have to agree; more differentiation is warranted.
Therefore, I've created a new
Logo Contest at designcontest.com - a site that specializes at such things. The winner not only gets their beautiful creation plastered at the top of this page, but also gets a cool $300 USD prize. The contest ends Sunday (1 week duration.)
Please feel free to browse the entries and help me pick out the good ones. The initial response is almost overwhelming, with a hundred submissions on the first day.
Other updates for this week include:
- More Icons - These are the cute little icons tacked onto the top of articles. Much effort was exerted to keep this set as free-software friendly as possible while maintaining a consistent look and feel. The count is now 145 and will continue to climb over the next few months.
- Unicode Support - Most languages and useful symbols (like math, currency, and punctuation) are now allowed. Dingbats, smiley faces, non-printing characters, right-to-left switchers, and other gibberish are still filtered. This change should resolve the issue some have experienced with fancy quotes, em dashes, resolved HTML entities, and foreign languages.
Thank you for all of your comments and constructive criticisms from
last week's poll. Input like this helps me prioritize the implementation of features that are the most important to you. Seems I underestimated some, like search, and will adjust my schedule accordingly.
Updates for this week:
- Search Page - Still a bit raw, but have to start somewhere, right?
- More Editors - We now have three volunteer editors. If you are interested in helping in this department, feel free to contact me. Or you can always submit more stories to help us out.
- Mailing List - Mainly for staff discussions, but anyone is free to participate. Click the checkbox on your settings page to subscribe to the list. A pretty HTML archive interface will be added soon.
- Titles - The HTML title on most pages should now be meaningful
- Forgot Password - You can now reset a forgotten password by answering a standard email challenge
Remember the first time you heard about Google's
Summer of Code ? Well, time flies:
Google's well-liked summer coding internship program is celebrating its 10th year. And it's got a lot to be proud of.
What is likely to remain the same this year is the overwhelming response from students from all over the world who want the chance to work on free and open source projects with mentoring organizations that Google has hand-picked. Carol Smith, Open Source Programs Manager at Google, tells us that to date GSoC students have helped generate over 50 million lines of open source code to date, from over 8,500 student developers.
Previous summers of code have helped the KDE and FreeBSD projects advance in useful and significant ways, and it's brought a huge number of young programmers into the open source ecosystem, a good thing by any measure. Here's hoping the next ten years of the Summer of Code lead us to bold and interesting places! Or at least help us build the tools that enable us to avoid the robot apocalypse. Whichever.
This week's poll is an example of the
Approval voting method. Note that the items are checkboxes instead of the traditional single choice radio button. Please check all the features that you would prefer to see on this site sooner-rather-than-later. I plan on adding all of these features (except the NSA option - that one is a joke!) over the next few weeks. This poll will give me some feedback on which features are the most popular. For example, if nobody really cares about the Achievement system, I'll know to not spend too much time on it.