Tech News

How Google’s I/O Announcements Will Impact Future Product Development

bw-hero

Google’s message is clear: Android isn’t just for phones and tablets anymore

We learned a lot about what will excite developers and product managers at our Google IO Extended event – and what it all means for your app development plans. We had a room full of developers, product managers, and user experience designers in the audience. Their collective claps, murmurs of delight, and excited chatter helped to highlight some of the most exciting announcements.

“Let’s look at all of the places we are putting the Android brand and where you can work with it… On your walk, in your work, in your car, and on your TV, or in your living room. It’s a push for Android to become the focus of what Google is talking about.” – Ben Dolmar

Read more

Filed under Events, Tech News

Chrome Cube Lab marks Rubik’s@40 – and today’s Google doodle

RubiksIn an awesome act of creative collaboration (and a lot of sweat), The Nerdery helped Google this morning to launch Chrome Cube Lab to honor the 40th anniversary of the Rubik’s Cube (see today’s timely Google doodle). Originally created by Ernő Rubik, the Rubik’s Cube is a logic puzzle that has been a favorite of engineers and mathematical types since its debut.

Written in Google Go, Chrome Cube Lab provides a showcase for a fantastic rebuild of this puzzle inside of the web browser.  It leverages JavaScript, CSS3 and a whole host of awesome technologies to provide a real-time interactive spinning cube. Even cooler? It’s open to spin-offs and new interpretations of the cube. Read more

For security’s sake update WordPress to version 3.8.2

On April 8, 2014 WordPress released a security update to version 3.8.2. The announcement that accompanied the release states “this is an important security release for all previous versions and we strongly encourage you to update your sites immediately.”

WP 3.8.2 addresses two potentially serious security vulnerabilities, includes three security hardening changes, and addresses nine “other bugs.” Most notably the following security issues are addressed:

  • Potential authentication cookie forgery. CVE-2014-0166. (Very serious vulnerability!)
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.

  • Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.

  • Fix a low-impact SQL injection by trusted users.

  • Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Additionally: JetPack – the wordpress.com feature-rich plugin suite – was updated to version 2.9.3 to address similar issues.

If your site is currently operating a WordPress version below 3.8.2 or Jetpack version below 2.9.3, you may be at risk and should consider upgrading as soon as possible. 

Filed under Tech News, Technology

Heartbleed bug security alert: Your web server/data may be vulnerable – test your domains

On Monday evening, a security firm announced a new vulnerability in a key internet technology that can result in the disclosure of user passwords. This vulnerability is widespread and affects more than two-thirds of the web servers on the planet including top-tier sites like Yahoo and Amazon. If you have a secure (https) website hosted on a Linux/Unix servers using Apache or Nginx or any other service using OpenSSL, you are likely vulnerable.

For a detailed breakdown of this vulnerability, please see this site. This security vulnerability may affect up to two-thirds of all web servers. We urge you to assess your vulnerability immediately, and reach out for help.

How can I get help to fix this problem?

How can I see if my servers are vulnerable?

You can use this site to test your domains for the vulnerability. Enter the domain of your HTTPS web site. If you get a red positive result, you are vulnerable.

In addition, you can execute the following command on your servers to see if they are running a vulnerable version of OpenSSL: openssl version -a

If the version returned is 1.0.1, and its build date is before April 7th, 2014, you are vulnerable.

How can I fix it if I am vulnerable?

You will need to obtain a patched version of OpenSSL and install it on all vulnerable servers. Updated packages should be available for Debian, RedHat, Ubuntu, and CentOS via their package managers. If a package is not available for your platform, you can recompile the OpenSSL package (version 1.0.1g) with the NO_HEARTBEAT flag, which will disable this vulnerability. After updating, restart any services that are using SSL and re-test your domain using the link above (http://filippo.io/Heartbleed/).

For information on your specific Linux distribution see:

Additionally, you should strongly consider changing passwords and/or resetting SSL certificates, but only after OpenSSL has been updated.

What is the vulnerability?

With the vulnerability, called Heartbleed, attackers can obtain sensitive information from servers running certain versions of OpenSSL. Examples of sensitive information include private encryption keys for SSL certificates, usernames/passwords, SSH private keys on those servers and more. Attackers which obtain the keys to your SSL certificates can then set up a man-in-the-middle attack between you and your customers and obtain secure information, such as credit card numbers and authentication credentials. The vulnerability was publicly disclosed Monday, 4/7/2014.

If you have any questions, please contact us, or ping your own go-to Nerdery contact right away. We’ll help analyze your risk and protect your data. If The Nerdery can be a resource to you in any way, we will.

Filed under Tech News, Technology

What is Android Wear, and Why Should You Care?

google-android-wearGoogle rocked boats recently by announcing Android Wear. “What is Android Wear?” you ask? It’s a specialized version of Android designed to run on wearable computers. Right now, we’ve already seen two Android Wear devices slated for release in Q2 of 2014 – the square LG G Watch and the round Moto 360.  These watches will pair with any Android handset running Android 4.3 or greater. This is a refreshing change from smart watches such as the Galaxy Gear which restrict the owners to pairing with the few compatible Galaxy devices. Right now, both of the Android Wear devices publicly announced are currently considered “smart watches.” However, the name “Wear” means more product form factors will be explored in the near future according to the lead designer of Moto 360.

So, what is to know about these devices? Read more

Filed under Tech News, Technology

A Developers Perspective on The Whirlwind of Announcements From GDC 2014

Growing up with the game industry has truly been a great pleasure. One of the coolest things about my time with the industry has been the recent years of incredible growth and the industry’s emergence as a leader in the entertainment industry. In that growth, conferences like E3, PAX, and GDC have only gotten bigger and crazier. GDC (Game Developer Conference) has a couple of different iterations (such as GDC Europe, GDC Asia, and GDC Next), but GDC ‘Prime’ (Simply known as ‘GDC’) is where all stops are pulled and vendors show off their latest and greatest.

This year’s GDC just wrapped and it has been a whirlwind week. There is so much to talk about in the way of technology and game announcements, but the focus of this article is going to be around core game engines and virtual reality technology. So what all happened at this conference people should care about? Read more

Filed under Tech News, Technology

NerdCast #85: Targeted Cyber Crime – Discussing BlackPOS

NerdCast Album ArtOn this episode of the NerdCast we interview security experts Chris Wade and Jason Herbst from the Nerdery QA team. We look at the malware that was used to target high profile retail companies in a massive case of stolen data. The software called BlackPOS is a brilliant piece of software and in another context is genius in its design. Hear more about how the malware works, what it can reportedly do based on security research firms, and what Jason and Chris think of our current state of security.

Host: Ryan Carlson (Tech Evangelist)

Guests: Chris Wade and Jason Herbst (QA Department)

Listen Now: Running Time: 0:23:13 / Subscribe on iTunes

Play

Bitcoin Wallet Development Using Javascript and HTLM5 with Kyle Drake

Kyle Drake came to The Nerdery to share with our developers (and former co-workers) his next big venture into the world of Bitcoin development. Kyle tells the story about how the idea came about for Coin Punk (coinpunk.com), a new way of managing a Bitcoin wallet with browser-based Javascript and HTLM5 for handling crypto. He proposes this as a safer and more secure way of managing public and private Bitcoin keys after centralized Bitcoin wallet services suffered from millions of dollars in theft due to security breaches on the centralized servers.

So, who is ready to invest in Bitcoin?

Filed under Tech News, Tech Talk

iOS App Submissions After February 1st Will Require iOS 7 Compatibility

Building a new App for iOS or planning on submitting an update to your existing iOS App? The clock is ticking if you are not already fully iOS 7 compatible. According to Apple, starting February 1, new apps and app updates submitted to the App Store must be built with the latest version of Xcode 5 and must be optimized for iOS 7.

This could cause some waves for organizations with an App that requires included support legacy iOS devices. Rebuilding everything in Xcode 5 has it’s advantages with access to new APIs and code libraries. This shift in development environments may not be an option right now if your App has a substantial number of legacy iPhone 3 and iPhone 3S devices in circulation.

How do I know what version of the SDK was used to build my App?

ProTip: If your App has the option to enter text with the onscreen keyboard you can identify whether or not it is using the latest SDK based on the keyboard user interface.

Below is an image of the new keyboard-style:

image of the new keyboard compiled with the new SDK

Below is the keyboard compiled under the older versions of the iOS SDK:

image of the old iOS keyboard style

Why is upgrading to the latest SDK so important?

After February 1st Apps using the older versions of the iOS SDK will be unable to:

  • Make fixes to typos
  • Make bug fixes
  • React to 3rd party platforms like Facebook that makes a change to their API
  • Update an App that falls out of compliance for payment acceptance, accessibility, and other legal issues
Filed under Tech News, Tech Tips

Why Developers and Consumers Should Care About The Android 4.4 (KitKat) Announcement

android-kitkat-google-surprise-chocolate-key-lime-pie-370x229Google quietly revealed the latest version of Android (4.4) today almost two months after announcing that this version would be nicknamed KitKat. Unlike the latest version of Jelly Bean (4.3), which didn’t introduce many new features features for consumers and developers, KitKat brings along a huge variety of improvements to the operating system.

The good news for developers and businesses with Android apps is that the vast majority of apps on the Play Store will not break in 4.4, and there are no major design changes that will make your current applications look out of place on a device running KitKat.

Let’s dive in and examine some of the new features!

For Android Users:

Fighting Fragmentation

The biggest change that Google is touting for KitKat is its ability to run on a wide array of devices. Thanks to a focus on slimming down the operating system and introducing new memory management techniques, Android can run on devices with as little as 512MB of RAM. This means that you will start seeing Android on more devices. Manufacturers have been making a big push with smart watches lately, and Google has been working on Google Glass for a while now, so we already have an idea of what low-memory devices running Android might look like.

Updated System UI

A more obvious change that users will start seeing as KitKat begins to roll out is that the system UI is getting out of the way. The status bar at the top of every Android device is now translucent, putting a bigger focus on your content and applications. KitKat also introduces a new “Immersive mode” for application that allow application to hide both the status bar and the navigation buttons. Videos, photos, games, and books can all take up 100% of your device’s screen.

Magic-Enhanced Search

Though consumers are using their smartphones as actual phones less and less these days, Google has given the boring dialer a push into the future with some Google search magic. Contacts are now sorted in the dialer by who you talk to the most and who is nearby, and local businesses will also be included in your search. When you receive a call from an unknown number, Google will use Google Maps listings to try to pair the caller with a name.

Integrated Messaging

Finally, Google has taken a page from Apple’s popular iMessage service by integrating SMS and MMS in the hangouts application. All your chats, SMS, MMS, and hangouts will be in one place on your phone.

Check out the complete introduction Android 4.4 for consumers here.

For businesses and developers:

The first new feature that businesses can leverage is the new printing framework. The printing framework allows applications to send content to printers that users have connected to their devices via WiFi or cloud printing services. If you are taking your application to a trade show, maybe you want to set up your application to print customized brochures, name tags, or other such items. Apps that allow users to create their own content (such as painting applications or photo-editing applications) can leverage these APIs to allow their users to print their content at home.

Animation Support

One area that Android has been consistently lagging behind iOS is in supporting animations. Though the animation APIs improved a lot in Android 3.0, Android has taken another huge step forward in 4.4. Developers can now define animation “scenes” that will make grouping animations for UI changes simple. Android 4.4 also provides default animations for scene changes, so developers may not even need to worry about creating their own animations.

Cross-Platform Solutions

Cross-platform solutions for mobile applications are very popular due to their ability to lower development time in some cases by keeping a single codebase for multiple mobile platforms. These applications typically run in a WebView in Android, which is essentially a miniature web browser in your application. These can be difficult to debug, and do not always conform to the same web standards that your desktop browsers follow. This is changing in KitKat with WebViews based on Chromium. These new WebViews provide support for HTML5, CSS3, and most modern JavaScript APIs, along with an updated JavaScript engine for better performance. Even better, WebViews are now debuggable remotely with Chrome DevTools.

Debugging

Debugging all applications for businesses has become easier thanks to screen recording. You can now take a video of your screen and send it to the developer to help demonstrate how to reproduce bugs. Businesses can also leverage this tool to help create promotional videos for the Play Store, giving users valuable insight into how the app looks while running.

As a part of KitKat’s focus on support for low-memory devices, developers also now have access to powerful memory diagnostic tools to see how much memory their app is consuming over time. This should lead to better app performance and fewer crashes.

This is just the tip of the iceberg for new developer features in 4.4. You can find the complete list of new features for developers here.

Potentially breaking changes:

There are a few changes that could cause some applications to behave unexpectedly in Android 4.4.

  • If your application reads from the public external storage directories, your application will need to request a new permission from 4.4 devices.
  • Applications that use WebViews will want to ensure that everything looks and behaves as expected with the new Chromium-based WebViews.
  • AlarmManager alarms may not fire quite when you expect them to, as alarms are now batched together with all apps that have alarms set to fire within a reasonably similar time frame.
  • Similarly, ContentResolvers that sync periodically will sync within 4% of the period you specify, so you shouldn’t rely on the sync occurring at a specific time.
Filed under Tech News, Technology