This week’s retrospex is dominated by Google’s developers conference I/O that takes place in San Francisco right now. There are news on Android M, Polymer 1.0 and Brillo, Google’s operating system for the internet of things. Other than that severe security flaws have been found in Docker images in the official repository.
At Google I/O the company revealed the first developer preview of Android M, the next big update due this fall. Contrary to the L developer preview there will be monthly updates delivered over the air until the final version is released. We’ve already installed the first preview on a Nexus 9 tablet and gave it a spin: features such as granular control over app permissions and a dark UI theme are already working, while the power saving doze isn’t.
With Brillo and Weave Google finally sets foot on the IoT market, just as leaks revealed last week. Brillo is based on Android – especially its communication capabilities – and optimized for weaker hardware. The API framework Weave will serve as a means of communication between smart things an smartphones. The latter will be able to discover Brillo devices and provide the user with means to interact with them. For more on the keynote, watch the recording from last night:
Android Data Binding & Material Design Support Library
Aside from the keynote there were several more in-depth announcements especially relevant to developers. First and foremost the Android Studio IDE will support C and C++ programming languages for NDK developers. Furthermore Android M will introduce Data Binding which greatly improves interactions between app layouts and the underlying code. The Android Support Library was updated with standardized Material Design elements like the FAB or the expanding action bar. Up until now developers had to use their own implementations. As the library requires a minimum of API level 7 devs may bring Material Design Apps to devices still running Android 2.1 Eclair, released in January 2010.
Updates for Polymer, Angular and Node.js
Another web project driven by Google, AngularJS, got an update to version 1.4. As the official blog states special attention has been given to improving animations, which have been completely refactored. For the complete change log, see their latests blog post.
Node.js was updated to version 0.12.4 last Saturday. The change log is rather short with npm being updated to version 2.10.1, changes in V8 and returning support for Windows XP and 2003.
Unsecure Docker images found in the official repository
IT operations firm Banyan has conducted a security study of container images hosted in the official Docker repository. They found that around 30 per cent of all images tested contained severe security flaws such as Heartbleed and Poodle in OpenSSL. Looking only at user-pushed images these numbers climbed as high as 40 per cent. The study was conducted may 20th and verified on 4 other occasions.
As a solution Banyan proposes a thorough operations management process when using containers—which isn’t surprising for an ops-company. Still, their warnings hold true. You can read the complete report on their blog where it is also available for download.