logic involved

SELinux is coming to Android. Called SEAndroid, the project looks pretty interesting:

Some distinctive features of our SE Android reference implementation in comparison to prior efforts of which we are aware include:

• Per-file security labeling support for yaffs2,
• Filesystem images (yaffs2 and ext4) labeled at build time,
• Kernel permission checks controlling Binder IPC,
• Labeling of service sockets and socket files created by init,
• Labeling of device nodes created by ueventd,
• Flexible, configurable labeling of apps and app data directories,
• Userspace permission checks controlling use of the Zygote socket commands,
• Minimal port of SELinux userspace,
• SELinux support for the Android toolbox,
• Small TE policy written from scratch for Android,
• Confined domains for system services and apps,
• Use of MLS categories to isolate apps.

• New Java desktop UI toolkit:
  Amino brings some nice features
• Authentication != Authorization (and more):
  Diaspora has a long way to go, but there are lots of things you can learn. Things like what you should never, ever do, that is.
• Java obfuscation:
  the Android developers recommend ProGuard. It’s actually a very nice utility, but I don’t feel comfortable to apply a complicated technique to already complicated applications.
• One Time Passwords, remote logout:
  Facebook adds new security features, and some questions are crossing my mind:
  why not add add OPIE-like features, with One Time Password Lists and/or two-factor authentication (with something you know and something you have)? We got lots of smartphones out there, just use them…?
  re “remote logout”: why not just invalidate existing web sessions on the next login of the user? Can Facebook make a difference between web and API (e.g. widget, apps) sessions?

And here it is

Requires Android 2.1 or higher.

I have been playing with SUSE Studio for quite some time, and it never fails to amaze me. In short, it’s a utility that allows you to build your own SuSE-based Linux: you start with a general selection (openSUSE, SLES, KDE, Gnome, a JeOS , …), add repositories and packages. Then you add your configuration: set your locale and keyboard, add users, rig the network settings and the firewall, add custom backgrounds and logos, add license(s) that have to be accepted by the end user, add your own files and folders, add your custom post-built/post-boot/first boot scripts … and change many more things.
After that, it’s time for building: you can create USB images, live CDs (.iso files), XEN guests and VMware / VirtualBox / KVM (.vmdk) appliances. Built time is just a few minutes, and you can either download your appliance or take it for a test drive it right away, on the SUSE Studio servers. For that, you can connect to the web server of your appliance, log in via SSH, or have the desktop displayed in an applet within your web browser.
One of the most interesting features of SUSE Studio is the ability to keep the changes you make in your test drive. In other words: you don’t have to stick with the web interface for refining your appliance, but you can apply the more delicate refinements in a live system.

The SUSE Gallery hosts an impressive number of appliances that were made with SUSE Studio. Let me highlight just a few examples:

• Android Developer’s Desktop Remix – an Android development environment, based on openSUSE
• BrowserBox – 22 versions of 13 different web browsers (Android Browser, Internet Explorer, Firefox, Chrome, Safari, Lynx, Opera, …)
• iFolder Server – run your own iFolder file synchronization server
• Chrome OS – well, mostly Google Chrome

The just-released IE9 Beta features a slim user interface. This makes pretty much sense: in the web, the focus is on the content – not on the tool that is used to display it.
Or as Herb Sutter puts it:

Of course, that’s because the page/site is the real app. And like most apps they are indeed going the other way.

The browser is not really an app; it’s a shell, like the OS shell, just a runtime necessity to run the real app and provide some convenience housekeeping tools.

One more thing that changed since the early browser wars.