60145173
story
An anonymous reader writes
"Reuters reports that Apple and Google's Motorola Mobility unit are settling all patent lawsuits over smartphone tech. The settlement 'does not include a cross license to their respective patents,' and the companies will work together for patent reform. According to Reuters, 'The two companies informed a federal appeals court in Washington that the cases should be dismissed, according to filings on Friday. However, the deal does not appear to apply to Apple's litigation against Samsung Electronics Co Ltd, as no dismissal notices were filed in those cases. The most high-profile case between Apple and Motorola began in 2010. Motorola accused Apple of infringing several patents, including one essential to how cell phones operate on a 3G network, while Apple said Motorola violated its patents to certain smartphone features.'"
60129983
story
davecb (6526) writes
"At Guido von Rossum's urging, Mike Bland has a look at detecting and fixing the "goto fail" bug at ACM Queue. He finds the same underlying problem in both in the Apple and Heartbleed bugs, and explains how to not suffer it again."
An excerpt:
"WHY DIDN'T A TEST CATCH IT?
Several articles have attempted to explain why the Apple SSL vulnerability made it past whatever tests, tools, and processes Apple may have had in place, but these explanations are not sound, especially given the above demonstration to the contrary in working code. The ultimate responsibility for the failure to detect this vulnerability prior to release lies not with any individual programmer but with the culture in which the code was produced. Let's review a sample of the most prominent explanations and specify why they fall short.
Adam Langley's oft-quoted blog post13 discusses the exact technical ramifications of the bug but pulls back on asserting that automated testing would have caught it: "A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes.""
