We’re in the countdown days to the two big annual developer conferences (not counting OSCON, of course …). Google I/O will open registration on March 27th, and if past history is any guide, WWDC should also start (and end) signups around the same week. So, get your credit cards warmed up and ready. Last year, both conferences sold out in less than a day (Google I/O in under an hour!).
And speaking of Google I/O
Just what is the purpose of the Rube Goldberg-esque physical puzzle that has gone up on the Google I/O website. Does it have something to do with a puzzle that potential attendees will need to solve to register? Will attendees be flung around from session to session by giant pendulums? Is it all just a cool demo of Chrome? And does it have anything to do with ancient Mayan prophecies?
In any event, it’s a fun (if simple) game, worth a few moments of your time, but unlikely to absorb more than 15 minutes of your attention. Now, if they added achievements and a Zombie mode, that might be something.
So much for sandboxing
Reports of a successful exploitation against the Chrome sandbox appeared recently, and now word has broken that a new Java exploit not only breaks out of the sandbox, but manages to install itself into system memory, where it can mess around with privileged processes. Worse, unlike the Chrome exploit, which was reported to Google and not in the wild, this new Java hack is being actively distributed on popular Russian news sites.
Since the entire point of a sandbox is to keep malicious code from getting access to system resources, it is truly disheartening to see how frequently sandboxes are being penetrated these days. If there’s one piece of code that needs to be rock-solid, it’s the bit that keeps the bad guys from doing bad things. That it fails so often in reality either indicates that developers aren’t doing a good job, or that it’s a really hard problem and it may be time to rethink sandboxing as a valid security approach.
Go is almost a Go
For those who have been eagerly awaiting Google’s
attempt to reinvent the wheel new programing language, Go, the wait is almost over, as RC1 has just hit the street. According to the developers, this is very close to what the final 1.0 release will look like. If you’ve been waiting for a stable version of Go to kick the tires, now is probably the time.
As with most new programming languages, I am maintaining a healthy degree of skepticism as to the long-term viability of Go. This is not because of any inherent faults of the language, but because of the institutional inertia that new languages have to fight to gain acceptance. Whether Google’s influence will be enough to get Go ensconced in the pantheon of mainstream languages is yet to be seen.
Please send tips and leads here.