01 Nov 08 Android phone users get update for flaw
Users of the G1 Android phone on Friday have begun receiving a software update that fixes a flaw that security researchers found earlier in the week.
The update included the fix to the browser vulnerability and a couple of other minor changes as well, said Michael Kirkland, a Google spokesman. Every user of the G1 may not have gotten the update yet but should within a short time frame, he said.
[ Special report: All about Google Android | Take a tour of the T-Mobile G1 via InfoWorld's slideshow ]
Google worked with T-Mobile USA, the only operator selling the device, to push the update out to users. The G1 went on sale last week, and T-Mobile has not disclosed how many have sold so far.
Researchers at Independent Security Evaluators revealed earlier this week that they discovered that Android, Google's open-source software that is currently only running on HTC's G1 handset, is based on outdated open-source components that do not include a fix to a previously known vulnerability.
On a Web page for ISE, Charlie Miller, Mark Daniel and Jake Honoroff wrote that they wouldn't say much about the vulnerability until Google fixes it. However, they said that Android users who visit malicious Web sites may find their sensitive information stolen. That's because an attacker could access any information the site uses, including saved passwords, information entered into a Web application form, and cookies.
The researchers also said, however, that the impact of the attack is limited because of Android's security architecture. An attacker can't, for example, control functions of the phone like the dialer.
On Friday, Miller was not available to talk about whether he had received and tested the update.
Tagi: independent security evaluators, open source software, security architecture, charlie miller, coue, security researchers, google, phe, mobile usa, g1, malicious web, phone users, minor changes, software update, t mobile, attacker, kirkland, vulnerability,
01 Nov 09 250GB PS3 spotted in Best Buy backroom, making trouble
[Thanks, anonymous ]
Filed under: Gaming
250GB PS3 spotted in Best Buy backroom, making trouble originally appeared on Engadget on Sun, 01 Nov 2009 05:55:00 EST. Please see our terms for use of feeds.
Permalink | Email this | CommentsTagi: rare move, coue, best buy, stocking, shelves, sy, instances, sun
17 Dec 09 Border security guards kill -- literally kill -- a MacBook (update: video!)
[Thanks, Itai N.]
Update - We've tracked down a video interview with Lily herself, which shows off a few more angles of the former MacBook and current article of modern art -- check it after the break.
P.S. - As always, we encourage a discussion. A sensitive, intellectual, worldly discussion. If you can't infer what it is we're asking of our dear readers tempted to intone on this matter, then please skip commenting on this thread, mkay?
Continue reading Border security guards kill -- literally kill -- a MacBook (update: video!)
Border security guards kill -- literally kill -- a MacBook (update: video!) originally appeared on Engadget on Wed, 16 Dec 2009 19:25:00 EST. Please see our terms for use of feeds.
Permalink |
Lily Sussman, Flickr | Email this | CommentsTagi: macbook, close ups, flickr, coue, border security, ups, trackpad, dear readers, video interview, security guards, security officers, american woman, sussman, young lady, work of art, policemen, modern art, dell, lily, bullets
19 Dec 09 Can You Really Rent a Coder?
I've been a fan of Dan Appleman for about as long as I've been a professional programmer. He is one of my heroes. Unfortunately, Dan only blogs rarely, so I was heartened to see a spate of recent blog updates from him. One of the entries asks a question I've often wondered myself: can you really rent a coder?
Over the past year or two I've kept an eye on the various online consulting sites - Elance, guru.com, RentACoder, oDesk. I've actually used RentACoder once (as a buyer on a very small project) and was satisfied with the results -- though I suspect I spent more time writing the spec and managing the programmers than I would if I had done the work myself.
I'm surprised Dan opens with such a sunny outlook on these services, because I've heard almost universally negative things about them. As professional programmers, I think we're all naturally inclined to see these sort of low-bid contract sites as cannibalizing and cheapening our craft. It's roughly analogous to the No-Spec movement for designers.
The odd thing is that, despite the sunny outlook, the article Dan wrote on this topic comes across as quite cautionary:
- You'll be competing with people around the world. In fact, you'll be amazed at how little people in some parts of the world will bid. Thats because a few dollars an hour can work well in a country where the average wage is a couple of hundred dollars a month.
- Many of the projects posted are unrealistic. For example, people asking for a clone of ebay for under $500. What ends up happening in these cases is that usually somebody ends up getting ripped off (either the client or the consultant who underbid or fails to deliver).
- A lot of projects go bad. They get cancelled. Or the consultant who bid on the work never delivered, or delivered poor results. Or the client has unreasonable expectations, or doesnt actually know what he wants.
Maybe it's just my natural bias talking, but these sites seem awfully impractical to me.
Simply sorting out the DailyWTF project pitches from things you could actually deliver -- at ultra-competitive offshore programming rates, no less -- would require the patience of a saint and the endurance of an olympic athlete. Specification documents are hard enough to write when everyone involved is a coworker sitting in the same room. I can't even imagine the difficulty of agreeing on what it is you're building when the participants are thousands of miles away and have never met. But then I thought Amazon's Mechanical Turk was a failure, and it seems to be enjoying a moderate level of success.
Dan has a small chart comparing the services of these online freelance/consulting sites. It's too easy to write these sites off as an affront to software engineering. I guess they're sort of like dating sites -- they might be one way to find a client relationship, but I'd be highly suspicious of any professional developer who can't find a stable, long term relationship with a client eventually.
If nothing else, we should be looking at them for research purposes, as a baseline. Surely you can demonstrate better value to your employer than the random, anonymous programmers on Elance, guru.com, RentACoder, or oDesk. And I'd certainly hope that the projects you're working on are more sensible and rewarding (in both senses of the word) than the stuff that appears on those sites.
| [advertisement] Make the switch that counts. Ditch your bloated issue tracker for Lighthouse. Start resolving bugs instead of fighting with more software that doesn’t work. Oh yeah — and save thousands of dollars doing it Learn how Lighthouse helps you complete milestones faster. |
Tagi: natural bias, apeman, sunny outlook, coue, rentacoder, ebay, average wage, low bid, spate, pitches, ly, programmers, guru, programmer, heroes, designers, peoe
27 Dec 09 Arterial tandem: coronary drill gets cleared for use, MEMS sensor distinguishes between kinds of plaque
Arterial tandem: coronary drill gets cleared for use, MEMS sensor distinguishes between kinds of plaque originally appeared on Engadget on Sat, 26 Dec 2009 15:42:00 EST. Please see our terms for use of feeds.
Permalink
MedGadget 1, 2 | USC, PR Inside | Email this | CommentsTagi: atherectomy catheter, university of southern california, aques, aque, coue, lifestyle changes, sime, jetstream, arteries, blood vessels, related news, plaque, appetite, pig, usc, nbsp, holidays
