Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

May 18 2011

Developer Week in Review: Buying a lawsuit with an in-app purchase

Hello, and welcome to another fun-filled week of frolic and mayhem in the software industry. We'll get right to the news, but first this short commercial message.

Do you suffer from the heartbreak of buffer overruns? Has your SQL been injected? Do you stay awake at night because of cross-site scripting attacks? If so, try new Hackitol Plus, now available in convenient 8-hour strength. Don't let poorly secured applications keep you from leading the life you want to have. Note: Side effects may include nausea, heart palpitations, and the inability to use Flash or Facebook. Consult your doctor if you are currently developing in JavaScript.

And now, back to our program.

iPhone developers ask for whom the suit trolls

The continued three-ring-circus that is software intellectual property continued to roll right along last week, with a group of iPhone app developers the latest to feel the sting. Lodsys sent legal nasty-grams to a number of developers who were taking advantage of the evidently patented idea of doing in-app purchases. This has evidently led Apple to put some new iPhone apps, which use the feature, on hold.

Interestingly, Lodsys claims that Apple, among others (including Microsoft and Google) already licenses the patent, but that it doesn't extend to developers using Apple's in-app function. That's going to be an interesting argument to watch play out. Does that mean if Apple licensed a technology to render an iOS control, and developers use that control in their applications, they'd need to get a license as well?

Apart from being a headache for both Apple and the developer community, there could be other far-reaching ramifications. For example, would Steam's in-game purchasing of weapons and clothing be subject to the same patent? Until Congress or the courts step in and stop the madness, it's anyone's guess.

OSCON 2011 — Join today's open source innovators, builders, and pioneers July 25-29 as they gather at the Oregon Convention Center in Portland, Ore.

Save 20% on registration with the code OS11RAD

Mono strikes out on its own

MonoAs previously reported, Novell's new overlords (that would be Attachmate, which still sounds like some kind of "As Seen On TV" product to me) gave the Mono developers their walking papers last week. Now Mono guru Miguel De Icaza has formed a new company to pick up the pieces. The company, called Xamarin (which sounds like a prescription sleeping aid to me), will offer commercial Mono support, as well as .NET tools for Android and iOS.

Knit One, perl 5.14

Perl 6 may be languishing out there with "Duke Nukem Forever," but there's still new perl to be had. This week, perl 5.14 hit the streets. Improved Unicode support seems to be a major thrust of the release (click here for all the gripping details.)

For those of us who grew up (professionally, at least) with perl in our toolbag, it's good to see continued active development on the language. While I may not pull that particular tool out as often as I used to, I still find myself writing the occasional script to grovel over a file and pull out the golden nuggets I need.

Got news?

Please send tips and leads here.


January 12 2011

Developer Week in Review

Now firmly seated in the New Year, your week in review returns to its normally scheduled programming.

No sale for Novell?

As reported in the Year in Review, Novell had plans to sell a chunk of Unix intellectual property to CPTN Holdings, a consortium that includes Microsoft, Apple, EMC and Oracle. This reopened the fear that Linux would come under patent attack. Last week, it was reported that the deal was evidently off, but according to Microsoft, it was just a procedural thing with German regulators, and the process is moving ahead according to plan.

Assuming this sale goes through, it will remain to be seen if the Gang of Four takes the next step and tries to prosecute any of the patents against the open source community. It's possible that they intend to use them against other companies, or as protection against IP actions. But given Microsoft's history in the SCO controversy and the company's feelings about Linux, it is also possible that pigs will fly.

The worst kept secret in the Industry

If you haven't heard that Apple finally inked a deal with Verizon this week, you should consider subletting the rock you've been hiding under. The interesting question that no one seems to be asking is if this is going to start the fractionalization of the iOS developer community. The Verizon version of the iPhone will ship with a mobile hotspot feature that the AT&T version lacks, and you can't help but wonder if other differences will creep into the iPhone over time as different carriers put different restrictions and requirements on the platform. One of the major selling points of the iPhone is that there has been little platform diversity for developers to deal with, apart from some sensors and the iPad. If too much branching of the hardware and software platform occurs, Apple could find themselves in the same boat with Android.

We also know that certain apps were banned from the App Store because AT&T objected to them. Will apps now have to pass muster for two different carriers, or will we start to see AT&T and Verizon-only applications?

Tablets, tablets, tablets!

That yearly pilgrimage of tech-heads, CES, has ended, and the big news for software developers is that tablets appear to be the new black. Multiple vendors showed off iPad wannabes at CES, many based on Android, a few on Linux, and a few running Windows.

Smartphones have already changed how software is developed, as applications have moved away from the keyboard-and-mouse input model. But until now, desktop-level applications have still clung to the old way. As tablets start to replace notebooks and netbooks, we're likely to see development shifts in productivity and enterprise applications that traditionally were tethered to a keyboard.

What does the future hold for those who code? My crystal ball is currently installing update 2 of 543, so I guess you'll have to check back here next week to find out. Suggestions are always welcome, so please send tips or news here.


November 24 2010

Developer Week in Review

If you live in the U.S., this is the week to gorge on turkey. I wondered out loud last night to my wife if Thanksgiving is the day of the year when the most people eat the same meal. Can any of our overseas readers add to the conversation? Is there a holiday in your country where everyone eats pretty much the same thing? Anyway, before American brains shut down from an overdose of stuffing, here's some developer news you can use.

Oracle announces Plan B for Java

The Java language has continued to evolve over the years, adding features such as Generics. There's an ambitious wishlist of things that developers would like to see in Java 7, but apparently not enough time to do it all and still get a timely release out. As a result, the JCP has decided to forego some of the goodies until Java 8, which is not expected to grace the world until late 2012.

As a recovering LISP-head, the item on the deferred list that catches my eye the most is Lambda expressions/closures. With even relatively "primitive: languages such as Objective-C starting to adopt these structures in the form of Blocks, Java is already behind the curve in this regard. It's a shame it will have to wait another year.

No word if Java Plan B will require a doctor's prescription, or be available to developers under 18 without a note from their parent.

Did we win the SCO battle, but lose the Unix War?

As someone who has 10 framed shares of SCO hanging over his toilet, I was definitely among the many who rejoiced in the sound thrashing SCO received at the hands of Novell, in regards to who owned Unix. The conventional wisdom was that Novell would be a reasonable caretaker for the Unix IP, and would be unlikely to use it against Linux or those who used it.

Life is definitely less clear now that Novell is being consumed by Attachmate. For one thing, part of the deal involves transferring a big chunk of Novell IP to a company fronting for Microsoft. Hopefully, it's just the normal collection of garbage software patents every big company seems to end up with, and not anything that would provide an avenue of attack against Linux.

Rant of the Week: Injection Protection

I'm not sure what they're teaching up at those new-fangled universities these days, but it sure ain't software security. At least that's the assumption I have to make, given the number of SQL and Shell injection attacks I hear about every month.

My whine last week was about null pointer exceptions. They're sloppy, but usually harmless. Injection attacks can take down your entire system or reveal sensitive data to bad guys. In my misspent youth, I ran a chat system and added email support so people could send mail from inside the program. I made the mistake of appending the email address to the end of a string that got run as a shell command. It wasn't long before some "clever" vandal used the email address ";rm -fr ." There went my entire (non-backed-up) source tree.

Open source software is particularly vulnerable to SQL injection attacks, because the SQL schema is generally known. If you're lazy, and build queries using string concats with user-supplied data, it's trivial to enter data that succeeds, but also inserts or deletes data, in entirely different tables. You should always use the parameterized tools to place data into queries or inserts, and probably self-sanitize the data as well.

You should also run queries with the minimum credentials required, e.g., have a database user that can only do selects and use it for any parts of the system that don't require database updates. And have a privileged user be the only one that can update or access sensitive parts of the database.

That's it for this week. Suggestions are always welcome, so please send tips or news here.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!