Comodo will release an update Wednesday to fix a serious vulnerability in its web browser, which it markets as a way for users to enhance their security.
Google engineer Tavis Ormandy found that the company’s Chromodo browser disables the “same origin policy,” one of the most basic tenets of web security, according to a writeup.
The policy is intended to prevent one website from running code on another unless the sites are considered to have the same origin. Not implementing the policy means an attacker could steal confidential data from a website or its users.
In a statement, Comodo said the vulnerability isn’t in the browser itself, which is based on the open-source code behind Google’s Chrome browser. Rather, it said the issue is with an add-on. Chromodo has a feature that block ads and web trackers.
It suggested that such vulnerabilities are inevitable.
“As an industry, software in general is always being updated, patched, fixed, addressed, improved – it goes hand in hand with any development cycle,” Comodo’s statement said. “What is critical in software development is how companies address an issue if a certain vulnerability is found – ensuring it never puts the customer at risk.”
Those using Chromodo should receive the update, Comodo said.
On Tuesday, Ormandy wrote that a quick patch developed by Comodo to block an exploit he had created wasn’t effective.
He underscored the severity of the flaw in his advisory.
“This vulnerability is bad enough to start paging people,” he wrote.
The Apple TV is a great networked media player, but it would be greater still if it supported more file types and played from more locations. By locations, I mean over the network from something other than an iTunes server, and—oh, I don’t know—an attached USB drive?
Well, there’s no help for the latter at the moment, despite the USB-C port on the latest model, but there is a viable and completely free alternative for playing a variety of media types over the network: VLC, or the VideoLan Player.
VLC is well known throughout the computing universe. On Windows, it’s just one of several options for playing variegated file types. On the Mac and Linux, the best of very few. On Apple TV it’s a welcome addition that obviates the need to pony up cash for anything on the rather abbreviated list of flawed products (Playable, OnePlayer, 8 Player, etc.) and Plex, which requires an account.
Is VLC for Apple TV (called VLC for Mobile in the App store) perfect? No. Does it work? Yes. Quite well. At least with audio and video. In my hands-on, it didn’t want to display image files, though it did list them and create thumbnails. I’m thinking that’s a bug and expect that it will soon be fixed.
Excellent format support
Audio support was nothing short of fantastic. In addition to the usual M4A, MP3, and WAV support, VLC also played both Apple Lossless and WMA Lossless, APE, FLAC, OGG, and even Opus. It also played 5.1- and 7.1-channel surround sound. Wow.
Video support was almost as good. VLC for Apple TV understands HEVC and UHD (3840 by 2160, or 2160p), but successful playback was limited to 1080 and frames per second to 30 for reasons undetermined. When working within those limitations, VLC handled MP4, WMV, FLV, OGG, QuickTime, and just about everything else; even some old Real Media formats. That’s not surprising as all the versions of VLC use internal codecs for just about everything. The one notable fail was MKV files—one 500MB, the other 30GB. Either it took too long to cache, or there was another issue.
But even MKV played fine when I streamed it to VLC using DLNA. My NAS boxes offer DLNA, and so does Windows Media Player. Files from WMP weren’t enumerated perfectly right off the bat, but that might just as easily been WMP as VLC.
On Apple TV, VLC comes closer to acting as its name implies than on any other system. Rather than simply presenting you with a player, then forcing you through arcane menus to retrieve media from a network resource, it immediately pops up with the local network resources. Cool.
In my case, that’s several PCs and Macs, plus three NAS boxes. Yes, I have a lot of stuff. VLC understands the SMB (Server Message Block) networking protocol used by Windows, AFP (Apple File Protocol), and the aforementioned DLNA (Digital Living Network Alliance) media-streaming standard, so any device using those (in other words, just about everything in the universe) will show up. This is all done independently from Apple Home Sharing, which is limited to iTunes instances with it enabled. VLC can also play files stored locally on the Apple TV box.
Okay, the capabilities are there, and VLC works pretty darn well. It still suffers some of the same minor issues it does on other platforms. First off, I wouldn’t exactly call it ugly, but it’s certainly not the prettiest child in the Apple app family.
It also had the image display bug I mentioned earlier, and didn’t always fail politely on a bad or unknown file. It never hung the unit, as some other players I’ve tested have, but it would be nice to receive notification that it didn’t understand a file rather than the impolitic skip to the next file you do get. I also had some issues with it not re-selecting the proper folder in the list; i.e., the one I just exited from.
None of those annoyances matter much when all of a sudden your Apple TV box can play virtually any file from any of your devices without any cash outlay on your part. That’s a nice upgrade right there. In fact, Apple ought to thank the VLC folks for so drastically expanding the capabilities of its box. Since it probably won’t: Thanks VLC folks!
Linux creates a friendly environment for choices and options. For example, there are many Linux-based distributions out there that use different desktop environments for you to choose from. I have picked some of the best desktop environments that you will see in the Linux world.
I consider KDE’s Plasma desktop to be the most advanced desktop environment (DE). It’s the most feature-rich and customizable desktop environment that I have ever seen; even Mac OS X and Windows don’t come near Plasma when it comes to complete control by the user.
I also love Plasma because of its awesome file manager, Dolphin. One reason I prefer Plasma over Gnome-based systems is the file manager. One of my biggest gripes with Gnome is that its file manager, Files, can’t handle basic tasks, such as batch-files renaming. That’s important for me because I take a lot of pictures, and Gnome makes it impossible for me to rename image files. On Dolphin, it’s a walk in the park.
Then, you can add more functionality to Plasma with plugins. Plasma comes with some incredible software including Krita, Kdenlive, Calligra Office Suite, digiKam, Kwrite, and many other applications being developed by the KDE community.
The only weakness of the Plasma desktop is its default email client, Kmail. It’s way too complicated to set up, and I also wish that setting up Kmail also configured the Address Book and Calendar.
Plasma is the default desktop environment of many major distributions including openSUSE.
GNOME (GNU Network Object Model Environment) was founded by Miguel de Icaza and Federico Mena in 1997 because KDE used Qt toolkit, which was released under a proprietary license. Unlike KDE, where there were numerous customizations, GNOME focused on keeping things simple. GNOME became extremely popular due to its simplicity and ease of use. A factor that I think contributed heavily to Gnome’s popularity was the fact that Ubuntu, one of the most popular Linux distributions, picked it as their default desktop environment.
With changing times, GNOME needed a change. Therefore, with GNOME 3 the developers introduced the GNOME 3 Shell, which brought with it an entirely new design paradigm. That in turn led to some conflict with Canonical’s plans with Ubuntu, and they created their own shell for GNOME called Unity. Initially, GNOME 3 Shell was plagued by many issues — most notably, the fact that extensions would stop working after updates. This major shift in design and the various problems then led to many forks of GNOME, such as the Cinnamon and Mate desktops.
That said, what makes GNOME desktop interesting is that they are targeting touch-based devices, so if you have new laptops that come with a touchscreen, Gnome is the best suited DE for them.
With version 3.18, GNOME has made some impressive improvements. The most interesting thing that they have done is Google Drive integration where users can mount their Google Drive as a remote file storage and work with files without having to use a web browser. I also love GNOME’s awesome integration of email client with calendar and address book. Despite all this awesomeness, however, the one thing that keeps me from using GNOME is its file manager, which can’t handle batch file renames. I will stick to Plasma until GNOME developers fix this problem.
Unity is technically not a desktop environment, it’s a graphical shell developed by Canonical for Ubuntu. Unity runs on top of GNOME desktop environment and uses most stock GNOME apps and tools. The Ubuntu team has forked a few GNOME components to better suit the needs of Unity users.
Unity plays a very important role in Ubuntu’s convergence story and with Unity 8, the company is bringing the desktop and mobile world together. Canonical has developed many intriguing technologies for Unity including HUD (Head-up Display). They also took a unique approach with lenses and scopes making it easy for users to find appropriate content.
The upcoming release of Ubuntu, 16.04, is expected to ship with Unity 8 so users will get to experience all the work that developers have put into this open source software. One of the biggest criticisms with Unity was opt-out integration of Amazon ads and other services. With the upcoming release, though, Canonical is removing Amazon ads from Dash, making it a privacy-respecting OS by default.
Cinnamon was initially developed by Linux Mint — the most popular distro on DistroWatch. Cinnamon is a fork of GNOME Shell, just like Unity. Later, however, it evolved into a desktop environment as Linux Mint developers forked many components of the GNOME desktop, including Files, to address the needs of their users.
Because Linux Mint was based on regular releases of Ubuntu, the developers continued to chase the moving target that was Ubuntu. As a result, despite great promises Cinnamon was full of bugs and problems. With the 17.x release, however, Linux Mint developers moved to LTS edition of Ubuntu that allowed them to focus on core components of Cinnamon without having to worry about the base. As a result of this move, Cinnamon has become incredibly stable and bug free. The developers have started adding more features to the desktop.
For those who prefer the good old Windows-like UI on top of the simplicity of GNOME, Cinnamon is the best desktop environment.
The MATE desktop environment is also a fork of GNOME. However, unlike Cinnamon, it’s not a fork of GNOME 3; instead it’s a fork of GNOME 2 codebase, which is not unmaintained. A few developers didn’t like Gnome 3 and wanted to “continue” GNOME 2, so they took the codebase and created MATE. The MATE project forked many components of the GNOME project and created a few from scratch. To avoid any conflict with GNOME 3, they renamed all their packages: Nautilus become Caja, Gedit became Pluma, Evince became Atril, and so on.
Although MATE is a continuation of GNOME 2, that doesn’t mean they are using old and obsolete technologies; they are using newer technologies to offer a modern GNOME 2 experience.
What makes MATE an impressive desktop environment is that it’s extremely resource efficient. You can run it on older hardware or newer less powerful hardware, such as Raspberry Pi or Chromebook Flip. What’s makes it even more interesting is that using it on powerful systems frees most system resources for applications instead of the resources being consumed by the desktop environment itself.
LXQt is the successor of LXDE, one of the most lightweight desktop environments. It’s a merger of two open source projects LXDE and Razor-Qt. The first usable version of LXQt (v 0.9) was released in 2015. Initially, the developers used Qt4 but then all compatibility with it was dropped, and they moved to Qt5 and KDE Frameworks 5 for speedy development. I have tried LXQt on my Arch systems, and its a great lightweight desktop environment, but it has a long way to go before it becomes the rightful successor of LXDE.
Xfce predates the KDE desktop environment. It is one of the oldest and lightest desktop environments around. The latest release of Xfce is 4.15, which was released in 2015 and uses modern technologies like GTK+ 3. Xfce is used by many special purpose distributions, such as Ubuntu Studio, because — much like MATE — it frees most system resources for applications. It’s also the default desktop environment of many notable Linux distributions including Manjaro Linux, PC/OS, Salix, and Mythbuntu.
Budgie is a new desktop environment being developed by the Solus Linux team. Solus is new Linux distribution that’s being developed from scratch, and Budgie is a core component of it. Budgie uses many GNOME components and offers a minimalistic UI. Because there’s not much information about the new desktop, I talked to the core developer of Solus, Ikey Doherty, and he explained, “We ship our own desktop, the Budgie Desktop. Unlike some other desktops, this is not a fork, rather it aims for full integration into the GNOME stack. It’s written from scratch, and is specifically designed to cater for the experience Solus is offering. We work with upstream GNOME here as much as we can, contributing fixes, and advocate and support their work.”
Pantheon needs no introduction, it’s the desktop environment powering the lovely Linux distribution elementary OS. Similar to Budgie, Pantheon is not a fork of GNOME as many may assume. elementary OS team comes from design background so they pay very close attention to minute details, as a result Pantheon is extremely polished desktop environment. At the moment, it may lack many feature found in DEs like Plasma, but the developers are taking their time in order to stick to the design principle.
As I went through this story, I realized the awesomeness of open source and Linux. There is something for everyone. As Jon “maddog” Hall said during the latest SCaLE 14, “Yes, there are 300 Linux distributions. I can try them and stick to the one that I like!”
So, enjoy this diversity and use the one that floats your boat!
Here’s yet another new application of machine learning: MIT has developed a system for fixing errors in bug-riddled code.
The new machine-learning system developed by researchers at MIT can fix roughly 10 times as many errors as its predecessors could, the researchers say. They presented a paper describing the new system, dubbed “Prophet,” at the Principles of Programming Languages symposium last month.
Essentially, the system works by studying patches already made to open-source computer programs in the past in order to learn their general properties. Prophet was given 777 errors and fixes in eight common open-source applications stored in the online repository GitHub.
The system then applies that knowledge to produce new repairs for new bugs in a different set of programs.
Fan Long, a graduate student in electrical engineering and computer science who was co-author on the paper, had actually already developed an algorithm that attempts to repair program bugs by systematically modifying program code. The only problem was, it could take a prohibitively long time.
The new machine-learning system works in conjunction with that earlier algorithm but ranks possible patches according to the probability that they are correct before subjecting them to time-consuming tests.
The researchers tested the system on a set of 69 real-world errors that had cropped up in eight popular open-source programs. Where earlier bug-repair systems were able to repair one or two of the bugs, the new system repaired between 15 and 18, depending on whether it settled on the first solution it found or was allowed to run longer.
That’s certainly useful, but the implications could be even bigger, according to Martin Rinard, a professor of electrical engineering and computer science who was also co-author on the paper.
“One of the most intriguing aspects of this research is that we’ve found that there are indeed universal properties of correct code that you can learn from one set of applications and apply to another set of applications,” Rinard explained. “If you can recognize correct code, that has enormous implications across all software engineering. This is just the first application of what we hope will be a brand-new, fabulous technique.”
If there’s one piece of software that has a borderline monopoly stranglehold clutch on an industry, it’s Adobe Illustrator. The entire graphic design economy lives and breathes with this pile of code that lets artists make any vector based graphics they can imagine for their advertising clients, and it’s so damn good that it’s rarely an option which program you use in related career paths. What’s even better is that as Adobe transitions into their monthly and annual subscription based model over a one-time price tag, Adobe Creative Cloud is actually most appealing to graphic designers who need an unending flow of new art assets for each project.
Channels, an app for watching live television through the new Apple TV, has received a substantial update with timeshifting support.
The app, which first launched in December, works in conjunction with SiliconDust HDHomeRun networked TV tuners. Users plug an antenna into the tuner, then connect the tuner to a Wi-Fi router. This setup allows for streaming live channels to other devices around the house, using companion apps such as Channels for Apple TV.
Channels is the first app for HDHomeRun tuners to support timeshifting without complicated plugins. The app begins storing up video when users first tune into a channel, caching up to 30 minutes of programming. Users can also pause live video for up to 30 minutes. Although the app doesn’t offer full-blown DVR, it’s still useful for rewatching a bit of dialog that you missed, or pausing through the first 15 minutes of a show so you can skip all the commercial breaks.
The Channels app’s timeshifting features do have some limitations. Most notably, switching channels at any time will immediately wipe out all cached video. Channels also isn’t able to implement the “What did he just say?” feature of Siri, which can replay the last 15 seconds of video with closed captioning turned on. Developer Jon Maddox says this feature requires the use of Apple’s built-in video player, whereas Channels uses a custom video player to support MPEG2 playback.
To make room for the new timeshifting features, Channels has also removed the swipe-based shortcuts for cycling through channels. In its place, there’s a new drop-down menu for switching channels, accessed by swiping downward on the Apple TV touchpad. (This is arguably an improvement over the old system, since users get a better view of what’s currently on.)
It’s worth noting that Channels is not an official companion app for HDHomeRun tuners, but rather a third-party offering. Officially, HDHomeRun offers apps for Windows, Mac, Linux, Android, Android TV, and Amazon Fire TV devices, but none of those apps support timeshifting. In essence, Channels has now leapfrogged HDHomeRun’s official apps in terms of functionality.
These features don’t come cheap, however. Channels currently charges $15 for its Apple TV app, and will be raising the price to $25 after February 8. That’s atop the price of the HDHomeRun hardware, which costs $100 for the basic over-the-air model, and $150 for one that supports HD playback over wireless networks.
Down the road, Channels does intend to support the full DVR system that SiliconDust is building for its tuners. Apple TV users can get similar functionality today with a Tablo networked DVR, though the up-front hardware cost is greater compared to HDHomeRun’s system.
A few years ago, Microsoft switched from per-processor to per-core licensing in SQL Server, and it’s about to do the same with Windows Server 2016. You may not be thrilled with the results.
“Microsoft’s auditors likely will have a field day with these new requirements for Windows Server, in the same way that they have used the ever-more-complex licensing rules for SQL Server to increase the company’s audit-based revenue in recent years,” warned Christopher Barnett, an associate attorney with Scott & Scott LLP.
Currently, each Windows Server license allows for use of the software on up to two physical processors. Beyond the first license, there’s no minimum number that must be purchased per server.
With Windows Server 2016, due later this year, customers will have to purchase licenses based on the number of activated processor cores in each server. Licenses will be sold in packs covering two cores, and customers will be required to purchase enough licenses to cover at least eight cores for each physical processor, regardless of how many cores are actually in their server, Barnett said.
Each server will have to be licensed with a minimum of two processors’ worth of core licenses, meanwhile, meaning customers will have to buy licenses for at least 16 cores, or eight two-core packs, for each physical server.
In a licensing FAQ from December, Microsoft says it’s making the changes to align licensing of private and public cloud to “a consistent currency of cores” and simplify licensing across multicloud environments.
Barnett sees three key problems. First, if you have servers with a core density above eight cores per processor — say you have a server with two 16-core processors, for example — you’ll probably have to buy more licenses than you would have previously.
That will become increasingly common as more companies switch to servers with higher core densities. “It’s probably going to be more expensive for some in the short term, and everyone in the long run,” Barnett said.
Buying licenses for Windows Server 2016 also becomes more complex, making it easier to make mistakes. That could lead to more audits.
Finally, Windows Server licensees with Microsoft Software Assurance may be at a particular disadvantage, Barnett said.
“Every time Microsoft pulls the rug out from underneath customers who have invested heavily in a suddenly abandoned license model, those customers must contend with a confusing transition period” and figure out how much “new-metric” licensing they’ll need when their Software Assurance term expires, he explained.
Bottom line? Even if nothing else changes, Windows Server will be more expensive for some users under the new license terms, Barnett said, so it’s time to start reviewing your deployments and planning ahead.
Microsoft said it is sharing details of the new license terms with customers and didn’t comment further.
It was originally focused on just 3D animation above all else, but after years of competing with Autodesk 3ds Max it changed hands a few times before getting acquired by Autodesk in 2005, and has been expanded regularly ever since. In the past decade it’s continued to advance 3D the animation industry every year and has been involved in dozens of Academy Award winning films along the way. If you want to be the best 3D animator you can be, and are willing to learn all there is to know about modeling, skinning, rigging, cloth, fur, fluids, physics, and particle effects, then there aren’t many paths through the industry that don’t lead through, or stop at, Autodesk Maya.
The best way to describe Corel’s Painter programs is to just let someone try them. It’s too easy for digital artists to get wrapped up in menus and interfaces and making it all about the pixels. With Painter the monitor melts away and it truly feels like you’re using real paint on a real canvas, and that no amount of math or computer code could ever create each and every realistic and messy brush stroke you make. And yet, this powerful software accomplishes exactly that, and the illusion of painting in Corel Painter is just as surreal as the art you can make with it. It oozes with style and wonder and all the other things that make each artist different from every other artist. With that in mind, if you choose any two painting programs from this list, make sure it’s Painter and one other piece of software.
FL Studio 11
When’s the last time you watched a TV show or a film without the audio on? Musicians are just as integral to the entertainment industries as the visual artists are, and FL Studio gives them unlimited tools. Originally known as Fruity Loops, it began in late 1997 as nothing more than a MIDI program, and slowly underwent several huge updates that gave it legs to compete with the industry’s top names. However, the community consensus was still that it was more of a beginner’s software than a fully developed professional set of tools, but that didn’t stop Fruity Loops. It changed its name to FL Studio and underwent another round of updates that, in recent years, has catapulted it to the top of the industry. The best part? While other companies on this list like Adobe have shifted towards subscription-based fees that charge you endlessly to use the programs you need to use over the span of your entire career, FL Studio instead has lifetime free updates for its programs. Yes, you read that correct, and “all FL Studio 10 customers will be able to update to a fully functioning version of FL Studio 11, 12, etc, for free.” One whole version later, and they’re still staying true to their word. This is a piece of software that’s not only worth knowing and using for years to come, but it’s also one that will be the cheapest to use over the course of your entire career!