Chicken Little says you can't rely on open sores.
OpenSSL's TLS and DTLS implementations are badly broken -- testing our faith in open source. Last month it was GnuTLS that fell victim to an old crypto flaw, now it's OpenSSL's turn to give the lie to the "all bugs are shallow in the bazar" bizarre mantra.
The snappily-named CVE-2014-0160 bug, aka Heartbleed, is a truly epic vulnerability, which has been silently widespread on the net for two years. Naturally, there's much speculation that the NSA and GCHQ have been exploiting the bug for some time.
In IT Blogwatch, bloggers duck and cover from falling skies (and small poultry).
But WWWBCD? [Updated with more commentary]
Brendan Eich, beleaguered Firefox luminary, has stepped down from his position as CEO of Mozilla. The heat over his 2008 contribution to an anti-gay-marriage fund got too much (or so it seems).
But now, some gay-marriage supporters are coming out of the woodwork to decry the 'hounding' and 'firing' of the poor innocent chap for claiming his 'free-speech rights.' (Wow, not everyone holds the same opinion -- who knew?)
In IT Blogwatch, bloggers are careful what they wish for.
BillG blurs the lines.
Microsoft (NASDAQ:MSFT) releases old source code. MS-DOS and Word For Windows are downloadable (but don't call them 'open').
The Computer History Museum (CHM) hosts the files for us, calling them "historic" and "primitive."
In IT Blogwatch, bloggers go searching for clues.
CVE-2014-0092: "Sky falling. Film at 11."
GnuTLS, the widely-used open-source encryption library, has a simply horrible bug. And it's had that bug since 2003. It has a similar effect to the recently-discovered one in Apple OS code: It fails to correctly validate certificates.
The conspiracy theorists are beginning to have a field day, with fingers pointing in the NSA's direction.
In IT Blogwatch, bloggers don their tinfoil hats.
Samsung's getting back into the Chromebook game with its new Chromebook 2 laptops. Here's a detailed look at the devices and what they have to offer.
Google I/O is popular. But stop hitting F5.
Google (NASDAQ:GOOG) says registration for its 2014 I/O conflab will be different. The sign-up process will be an "Austrian auction." [Did you invent that, just so you can make stupid Falco puns? -Ed.]
Attendees will be randomly selected, as if in some sort of high-tech Wonka factory.
In IT Blogwatch, bloggers make it common knowledge.
[Why are we channeling dumb ads in the headline today? You're fired -Ed.]
In IT Blogwatch, bloggers explain the inexplicable.
If there's one Android manufacturer that's been getting things right lately, it's Motorola -- and other Android device-makers could stand to learn a thing or two from its revelations.
Free codec to allow more detailed cat videos.
Google (NASDAQ:GOOG) is gushing over all the hardware vendors who've pledged support for its new VP9 video codec. It's royalty-free and claimed to be just as good as the new, encumbered H.265 "high efficiency video codec" standard -- i.e., they're both about twice as efficient as today's widely-used H.264 codecs. And Google will add VP9 to YouTube, Real Soon Now, along with some 4K videos.
Stop! Pay Larry.
Oracle (NYSE:ORCL) is ruffling penguin feathers with its latest salvo against open source. Without a hint of irony, the company known for open-source projects such as Java and MySQL is telling military customers to ditch free software -- in preference to its own, proprietary code, natch. In IT Blogwatch, bloggers feed the trolls...