Profile

Cover photo
Jon Larimer
Works at Google
Lives in Atlanta
1,957 followers|317,893 views
AboutPostsPhotos

Stream

 
+S. Larimer giving our hen Regina a haircut.

It's not for fashion, though. She was attacked by a hawk last week. We took her to the vet and she's fine now, but this is the 3rd time she's been attacked while the other chickens haven't been ever.

The problem is her fabulous hair-do. The feathers on her head obstruct her vision so she can't see the hawks flying around looking for dinner. We gave her a trim and she should be safe for another few months.
4
1
Omari Stephens's profile photoS. Larimer's profile photo
 
"Gimme the reverse mullet," she says. "It'll be fine," she says.
Add a comment...

Jon Larimer

Discussion  - 
 
 
Following public discussion of vulnerabilities in versions of Webkit last week, I’ve had a number of people ask questions about security of browsers and WebView on Android 4.3 (Jellybean) and earlier. I want to provide an update on what we’re doing and guidance on steps that users and developers can take to be safe, even if your device is not yet running Lollipop. 

Keeping software up to date is one of the greatest challenges in security. Google invests heavily in making sure Android and Chrome are as safe as possible and doing so requires that they be updated very frequently.  With Google’s assistance, Android device manufacturers (OEMs) have been moving rapidly to improve the rate that devices are updated and to ship devices with the most recent versions of Android. We provide patches for the current branch of Android in the Android Open Source Project (AOSP)[https://source.android.com/] and directly provide Android partners with patches for at least the last two major versions of the operating system.  

Improving WebView and browser security is one of the areas where we’ve made the greatest progress.  Android 4.4 (KitKat) allows OEMs to quickly deliver binary updates of WebView provided by Google, and in Android 5.0 (Lollipop), Google delivers these updates directly via Google Play, so OEMs won’t need to do anything.  Until recently we have also provided backports for the version of WebKit that is used by Webview on Android 4.3 and earlier. But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a 2+ year old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely. With the advances in Android 4.4, the number of users that are potentially affected by legacy WebKit security issues is shrinking every day as more and more people upgrade or get new devices.

There are also steps users and developers can take to mitigate the risk of potential exploitation of WebKit vulnerabilities without updating to Lollipop. Using a browser that is updated through Google Play and using applications that follow security best practices by only loading content from trusted sources into WebView will help protect users.

When browsing on any platform, you should make sure to use a browser that provides its own content renderer and is regularly updated. For instance on Android, Chrome [http://goo.gl/elSkZX] or Firefox [http://goo.gl/Q5X6e3] are both great options since they are securely updated through Google Play often: Chrome is supported on Android 4.0 and greater, Firefox supports Android 2.3 and greater. Chrome has been the default browser for all Nexus and Google Play edition devices since 2012 and is pre-installed on many other popular devices (including Galaxy devices from Samsung, the G series from LG, the HTC One series, and the Motorola X and G), so you may already be using it.

Using an updatable browser will protect you from currently known security issues, and since it can be updated in the future it will also protect you against any issues that might be found in the future. It will also allow you to take advantage of new features and capabilities that are being introduced to these browsers. 

If you are an application developer, there are also steps you should take to keep users safe. Application developers should make sure that they are following all security best practices[http://goo.gl/b6a3ta]. In particular, to resolve this issue when using WebView[http://goo.gl/FKeouw], developers should confirm that only trusted content (e.g. loaded from a local source or over HTTPS) is displayed within WebViews in their application. For maximum security when rendering content from the open web, consider providing your own renderer on Android 4.3 and earlier so that you can keep it up to date with the latest security patches.
130 comments on original post
5
Add a comment...
 
Hello west coast!

Half Moon Bay, CA
5
Add a comment...
 
I've seen quite a few bad Year in Photos videos but mine is actually pretty good
1
Add a comment...

Jon Larimer

Shared publicly  - 
 
 
.DEX: Android's Dalvik Executable (v0.99) - feedback is more than welcome!
".DEX: Android's Dalvik Executable (v0.99) - feedback is more than welcome !"
3 comments on original post
2
1
Charlie Hubbard's profile photo
Add a comment...

Jon Larimer

Shared publicly  - 
 
First day of vacation is going great
2
Chris Pick's profile photoRolf Rolles's profile photoJon Larimer's profile photojason lash's profile photo
7 comments
 
thats why they call them 'headache racks'!
Add a comment...

Jon Larimer

Shared publicly  - 
The ice storm that basically shut down the city is now producing a lot of babies. The labor and delivery units at metro Atlanta Hospitals are swamped with women delivering babies they conceived nine months ago during the ice storm.
1
Add a comment...
Have them in circles
1,957 people
Tomek Rabczak's profile photo
Paul Lammertsma's profile photo
Bob Lemos's profile photo
Munir Saani's profile photo
ash x's profile photo
Jack Bergen's profile photo
Wei-Hsiung Chen's profile photo
Tedj MEABIOU's profile photo
leon van keulen's profile photo
 
Google Fiber is coming to Atlanta
Atlanta, Fiber is coming. Get the latest updates and track our progress.
13
Fred Richards's profile photoKelvin Williams's profile photoCharlie Smith's profile photo4 Seasons Heating & Air's profile photo
4 comments
 
so excited!
Add a comment...

Jon Larimer

Shared publicly  - 
 
Luckily I'm an adult so I can eat as much pizza as I want.
Kids in the United States eat so much pizza that some researchers now argue the food should join the ranks of sugary drinks and fast foods.
1
N' Betz's profile photo
N' Betz
 
some researchers now argue the food should join the ranks of sugary drinks and fast foods
wtf ?
Wasn't it considered fastfood before that in the U.S. ?
I mean, PizzaHut/Domino's pizza style are clearly fastfood. Italian pizzas in a restaurant, that's different. :p
Add a comment...
 
Sunset from Kroger on NYE, with 191 Peachtree in the background and the American flag flapping gloriously in the wind.

I'll give you one guess which Kroger this was...
4
Natey Nukez's profile photoJon Larimer's profile photoZeke Cao's profile photo
4 comments
 
I used to work in that parking lot. Before they remodeled it. So what did we win?
Add a comment...

Jon Larimer

Shared publicly  - 
 
Tree is UP!

+S. Larimer 
8
1
Jon Larimer's profile photomichael hartman's profile photoKevin McMullin's profile photo
2 comments
 
On the bottom? Who cares? i couldn't tell until i looked closely enough
Add a comment...
 
nogotofail is an open-source tool developed by the Android Security Team to test apps and devices for known TLS/SSL vulnerabilities.

http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html
15
1
Roman Blachman's profile photo
Add a comment...
People
Have them in circles
1,957 people
Tomek Rabczak's profile photo
Paul Lammertsma's profile photo
Bob Lemos's profile photo
Munir Saani's profile photo
ash x's profile photo
Jack Bergen's profile photo
Wei-Hsiung Chen's profile photo
Tedj MEABIOU's profile photo
leon van keulen's profile photo
Work
Occupation
Computer stuff
Skills
Computering
Employment
  • Google
    Security Engineer, 2011 - present
    Android Security Team
  • IBM
    Senior Security Researcher (X-Force), 2009 - 2011
  • nCircle
    Senior Software Developer, 2004 - 2009
    nCircle was bought by Tripwire
  • Internet Security Systems
    Security Researcher (X-Force), 1998 - 2004
    ISS was bought by IBM
Story
Tagline
Jon.
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Atlanta
Previously
Pennsylvania