Codepope's Development Hell

Feedly API opens: Feedly, one of the web-based RSS aggregator replacements that stepped in when Google dropped the Reader ball, has announced its opening up its feedly Cloud API to all. And its quite an extensive API with realtime hubs, read-tracking, personalisation graphs and more. An existing app ecosystem may be about to get a lot bigger and diverse. RenderScript for all: Google has been adding feature to Android’s RenderScript computation framework over the recent releases and says it has been being asked for those features to be evenly available in older versions of Android.

Mozilla updates: Firefox 24 and Thunderbird 24 landed yesterday. The release of Thunderbird sees the ESR version merged back into the main release tree and a couple of new tricks with zooming in compose windows, email supporting IDN based email addresses and ignoring message threads. There’s also six critical fixes in the update too. Firefox gets new Max scrollbars, right-closing tabs and tear off chat windows, SVG improvements, a better browser console and 7 critical fixes.

Expect the Exceptional: A system admin is faced with a regular pattern of emails arriving that confirm things have either worked or occasionally failed. The admin scans them for the “is on fire” part and acts accordingly. But there’s also the other case where no mail was generated, but how would you know that email hadn’t arrived. With that in mind, Alan Bell has just rolled out ExecptionalEmails.com. This is a system designed to detect that exceptional moment when the mails don’t appear or do appear and have trigger words in them and then make sure you realise that this exceptional thing has happened.

Urgent Django Update: There’s a security update for Django released on Sunday which has been rushed out as the issue was reported on the Django developers list and thus was already public. It’s a DoS problem wherein an attacker can use very large passwords to tie up the system as it hashes the password using PBKDF2. The fixes make passwords greater than 4K automatically fail authentication. Lua 5.1 exploitation: A detailed post on GitHub’s Gists looks at the process of escaping the Lua 5.

It most likely won’t be first but the first rippling schedule slip has arrived for Fedora 20 with its alpha release put back by a week to 24 September. Fedora acts as a trailblazer for many of Linux developments and is known for being able to slip past its original schedule with ease thanks to that trailblazing. Right now, two blocker bugs in particular are needing to be fixed to move forward to alpha and the delay means that all the subsequent milestones have moved a week too.

Qt goes with Chromium: The Qt toolkit has used a Qt port of WebKit for some time now to provide web content rendering. With Google forking WebKit to create Blink, Digia has been looking at what fork to follow and has now decided to go with Chromium and Blink. This means the QtWebKit development will be frozen after Qt 5.2 and the new QtWebEngine which will replace it is short some APIs (QWebElement and QObject embedding).

Google’s Creative Lab has released Coder, an operating system image for the Raspberry Pi which can be booted from an SD card and offers an easy to use environment for learning about coding in JavaScript, HTML5, CSS and working with Node.js. It is in fact a relatively portable Node.js application which could be hosted on the desktop, in the cloud or wherever it is needed. Google have crafted the image for the Pi so that its an easy to deliver, and dare we say attention grabbing, way of putting the technology in educators hands.

WordPress 3.6 vulnerability explored: The serialisation vulnerability which was fixed in WordPress 3.6.1 is looked at in detail by its discoverer in a blog posting which explores the issue of passing user content through unserialize() and why it can blow up so badly. Container power: Containers revolutionised the shipping industry… could they do the same for the cloud? There’s a lot of activity around container based clouds which we’re looking into.

Linus vs SSDs: It appears that Linus Torvalds is now working off his laptop to finish the Linux 3.12 merge after his desktop’s SSD drive died on him. Linus doesn’t have backups though as he’s moved to using “replaceable machines” instead. Oh, and apparently he’d upgraded the rest of the machine ten days ago. FirefoxOS Security: Trend Micro took a look at FirefoxOS’s security model and have some examples of how it could be exploited, via direct attacks on the B2G process in the Gecko layer and what mitigates against that.

Although Java 8’s Developer Preview was just released, Oracle has been busy making sure that Java 7 is still well maintained with the release of JDK 7 Update 40, the first update release under the new update versioning scheme. The new update is more about bug fixes and features and although there are security changes, there’s no security fixes in it. JavaFX has now become part of the JDK with this release, though it remains to be seen if JavaFX will gain traction as a GUI platform before Oracle engineer Swing to depend on it.