The H Week - 2.6.36 merge closes, Oracle cuts open source and Intel and HP buy security companies
This week – the Linux kernel 2.6.36 merge window closes, Oracle makes further cuts to open source programmes, open source support for multi-touch grows, jQuery starts development of a mobile version of its JavaScript framework and Vim and WebKit gain new features. Two of the top hardware companies, Intel and HP, each acquire a security software company. Various quite serious security flaws are found in Windows and in the Linux kernel. Two squabbling rival Warez forums hack each other and a free Android game is found to secretly transmit the GPS location.
Featured
The H published two features this week, the first a sequel to last weeks story in the CSI:Internet series on trojans hidden in Flash files and the second another from our regular columnist Glyn Moody on the future of open source and open source licensing.
Open Source
The development of the 2.6 series of the Linux kernel moved inexorably on with the announcement this week of the closure of the merge window and the first pre-release of version 2.6.36. Oracle was much in the news with the disclosure that it would no longer support the open development of OpenSolaris and with the loss of another member of the DTrace team. Fortunately the fork of OpenSolaris to Illumos seems to be forging ahead and Nexenta has already announced that with the next version, its Solaris / Ubuntu hybrid will become an Illumos / Ubuntu hybrid. Multi-touch gathered momentum with Canonical saying its uTouch library will be used to add multi-touch capability to Ubuntu 10.10 and the announcement by one of the developers that he has decoded the Apple Magic Trackpad. Also on the multi-touch theme; the KDE desktop now has a shell for tablets. Canonical released a point update to Ubuntu 10.04 LTS and Mark Shuttleworth gave 11.04 its code name: Natty Narwhal. The OIN defensive patent pool broadened its remit a little and became a sponsor for research on ID management. The jQuery Project developers announced the launch of the jQuery Mobile project for a cross-platform mobile version of their JavaScript framework. The Vim programming editor gained support for Python 3, WebKit gained the ability to render mathematical formulas on web pages and Red Hat extended support for RHEL by three years.
- Main development phase for Linux kernel 2.6.36 concluded
- Oracle turns its back on OpenSolaris
- Oracle loses another DTrace creator
- Illumos begins diverging from OpenSolaris
- Nexenta Core 3.0 released, next version will be Illumos based
- Canonical release uTouch 1.0 - multi-touch for Ubuntu 10.10
- KDE for tablets
- Canonical developer decodes Apple's Magic Trackpad
- Ubuntu 11.04 to be a Natty Narwhal
- Canonical releases Ubuntu 10.04.1 LTS
- OIN sponsors mobile ID management research
- jQuery Mobile Project announced
- Vim editor learns Python 3
- WebKit renders mathematical formulas
- Support of Red Hat Enterprise Linux extended by 3 years
Open Source Releases
- Trinity Rescue Kit 3.4 released
- CouchDB update fixes data loss problem
- PyMT 0.5 advances multi-touch for Python
- FoxToPhone sends URLs from Firefox to Android phones
- InfraRecorder CD & DVD burner updated
- Javascript server Node.js moves to 0.2.0
- KMyMoney 4.5 for KDE Platform 4 released
- Playable alpha for real-time strategy game 0 A.D. released
- Ruby 1.9.2 released
- Clojure 1.2: A combination of scripts and functional programming
Security
Some significant acquisitions this week as two of the biggest IT companies seek to show they take security seriously; HP is to buy security analysis and assurance specialist Fortify Software and Intel bought anti-virus software company McAfee. An ancient and possibly underestimated Windows authentication flaw has re-surfaced and a new flaw in the way in which some applications retrieve linked external data was revealed. The Linux kernel was found to still have a serious security flaw that apparently had been identified and had a patch available, six years ago. k9mail released the first Android mail app to feature OpenPGP encryption and decryption. A squabble broke out between two rival Warez sites when each hacked the other. A free Android game was found to secretly transmit the GPS location for phones that run it and the free cross platform open source anti-virus program ClamAV saw a new point version release.
- HP to acquire Fortify Software
- Intel acquires McAfee
- Authentication under Windows: A smouldering security problem
- New Windows vulnerability: Applications download malicious code from the net
- Root privileges through Linux kernel bug - Update
- k9mail for Android with OpenPGP support
- Mud-slinging in the Warez scene
- Android game secretly transmits GPS coordinates
- ClamAV 0.96.2 released
Security Alerts
- ColdFusion vulnerability more critical than first thought
- VLC Media Player 1.1.3 fixes critical security vulnerability
- Google closes critical vulnerabilities in Chrome 5
- Critical vulnerabilities in Adobe Reader and Acrobat plugged
(trk)