Codepope's Development Hell

Talend go Apache: Talend, makers of integration, ETL and other data management products, have long been proponents of the GPL license for their products. I’ve asked them about this in the past and they’ve been robust in their reasoning about why the GPL is right for them. It appears though that that era has come to an end with an announcement that the company will be stepping towards more permissive licensing.

It seems to be all going on with the developers of Rubinus, the LLVM JIT-powered Ruby implementation which recently hit version 2.0.0. First came the news that Engine Yard had ended their sponsorship for the project saying that “we no longer feel like the project needs any help from us to accelerate” - the ending of sponsorship will, they say, let them invest more in other emerging projects. With that announcement made, Rubinus lead Brian Shirai said “I have been working to simplify and focus the project”; funding changes do tend to allow projects to step back and look at their goals.

Android’s Cipher Downgrade: According to this blog posting, Android’s Cipher suite – that is the list of ciphers it uses in order when it is establishing a secure connection – changes in late 2010 and saw AES256-SHA removed and RC4-MD5 put in its place. This means Android 2.2.1 has a better default cipher than Android 2.3.4 and everything that follows. The analysis shows that Google were apparently following Java’s cipher list changes, but that in 2011, Java 7 got a better cipher list and Android, being based on Java 6, didn’t.

Debian update: Debian’s second update of Wheezy, 7.2, is now with us. As usual, if you are updating your Debian regularly, you’ll have most if not all of this, but now there are new ISOs to install from to make fresh installs faster. Further details on the update on the Debian site. Debian’s long freeze: Meanwhile, Debian 8 “Jessie” is starting on the long trajectory to release with a date set for a freeze of 5 November… next year, 2014.

This morning I was reading this blog posting about reverse engineering backdoors in routers. The punch line is a shocker though - a number of D-link routers have a backdoor which can be triggered by setting the browser’s user agent to backdoor (plus xmlset and a credit to the person who set up the backdoor). Read the posting and if you have any of the affected gear, consider your options. The D in D-Link seems to stand for Derp.

Vintage bugs: Back in 1993, a use after free bug when handling ImageText wriggled its way into the X.org server and settled into what is believed to be every X.org server release that came after. Just over 20 years later, a security advisory and patch have been published for the bug. So look out for updates to your Linux distribution’s (or other Unix’s) X.org server in the near future. To many eyes, all bugs are eventually shallow.

GNU Make 4.0: GNU Make 4.0 is the latest version of the GNU Project’s version of the Make utility. The release’s headline feature is the integration of GNU Guile, the Scheme-based extention language recommended for GNU projects, into the compilation orchestrator. Other additions include an option to sync output to avoid jumbling results from parallel makes, tracing of targets, a switch to disable all debugging settings, various enhancements to the Windows version, the implementation of “::=” for POSIX portable make files and of “!

Say you wanted to build a games machine with an Arduino at its core, you’d might be a trifle stuck with a stock Arduino. You could do a lot of the interfacing to controllers or the logic, but what about the display and sound. Well, previously you may have got a Gameduino which gave you 400x300 512 colour VGA output, hardware sprites and audio in a nifty Arduino shield. It is pure 8 bit epicness.

Microsoft’s Monthly: It’s remote code execution holes all the way down in this months Patch Tuesday. From a bundle of Internet Explorere fixes in MS13-080 to a crunchy critical remote code execution and extra ‘important’ privilege escalation holes in Windows drivers, MS13-081 going all the way back to XP SP3 and all the way up to Windows 8. But wait, there’s more according to the cumulative advisory, MS13-Oct. Critical remote code execution holes in .

PC-BSD 9.2 arrives: Like your BSD with the sharp bits filed off for ease of use? PC-BSD is a user-friendly version of FreeBSD built for the desktop, but, as the newly released PC-BSD 9.2 shows, that doesn’t mean you get to miss out on features. For example, the FreeBSD 9.2 based PC-BSD 9.2 comes with bootable ZFS environments, so you can create a boot environment and select it from GRUB2.