The H Week - ASF subpoenaed, Hudson to serve Eclipse, more problems at Sony

This week, The H spoke with security expert Ivan Ristić and published a new edition in the Coming in 2.6.39 Kernel Log series, the ASF was subpoenaed and Oracle proposed that Hudson become an Ecilpse project. Sony discovered that another of its services had been compromised, there was a potential intrusion at LastPass and the Tor Project confirmed plans to fork Firefox.

Featured

This week, The H featured an interview with security expert Ivan Ristić about his IronBee project and creating an open source security community around it, and Thorsten Leemhuis took a look at what's coming in the architecture and infrastructure of the next Linux Kernel, version 2.6.39.

• IronBee, Community and SSL: An interview with Ivan Ristić
• Kernel Log – Coming in 2.6.39: Part 3 - Architecture and Infrastructure

Open Source

Oracle vs Google over Android got a new twist as Oracle had the Apache Software Foundation subpoenaed, Oracle proposed the recently and fractiously forked Hudson as a new Eclipse project and the layoffs began at newly acquired Novell's Provo headquarters.

• Apache Software Foundation subpoenaed
• Hudson proposed as Eclipse project by Oracle
• Layoffs begin at Novell's Utah base

Puppet Labs announced it was switching from GPL to Apache licensing for its Puppet deployment platform, Mozilla rejected a request from the Department of Homeland Security to stop listing an add-on which redirected around recent domain name seizures, and jQuery creator John Resig left Mozilla for a new job at the Kahn Academy.

• Puppet switching from GPL to Apache licence
• Mozilla rejects US government request to remove add-on
• jQuery creator John Resig leaves Mozilla

UK developers showed Raspberry Pi, a planned-to-be £15 USB-key-sized ARM-based computer for education, German hackers built a modular light banner, and a number of free music notation packages for Linux, Windows and Mac OS X appeared.

• Raspberry Pi: A £15 USB-key-sized ARM computer?
• "Photon banner" do-it-yourself LED screen
• Free music notation for Linux, Windows and Mac OS X

Sweble arrrives, a Wikitext parser which should open the way for more tools for Wikipedia and other resources. The JIT-powered Python engine that is PyPy is now Python 2.7.1 compatible, and the latest version of jQuery has better handling of attributes and greater performance.

• Wikitext parser Sweble gets first public release
• JIT powered Python engine PyPy is "catching up"
• jQuery 1.6 has better attributes

Open Source Releases

New versions of Tiny Core Linux, OpenBSD, FreeNAS, Pinta and Piwik. Developers will find new versions of the Qt SDK, Google's GWT and Apache's Qpid messaging platform and enterprises will want to check out a new version of RHQ.

• Tiny Core Linux 3.6 brings improved installer
• OpenBSD 4.9 adds support for NTFS file system
• FreeNAS 8.0 now available
• Version 1.0 of Pinta Paint.NET clone released
• Piwik 1.4 with IPv6 and web cron
• Nokia releases Qt SDK 1.1
• Google Web Toolkit 2.3 arrives
• Apache's Qpid AMQP platform hits 0.10
• Version 4.0 of RHQ system monitoring software released

Development releases

• Wine 1.3.19 brings improved Direct3D 9 support
• Last beta of Mozilla's Add-on SDK
• Milestone 7 releases for Eclipse 3.7 and Eclipse 4.1
• Google brings Canary builds of Chrome to Mac OS X
• PostgreSQL 9.1 beta adds synchronous replication

Security

It doesn't get any better for Sony; the company had hoped to reactivate its cracker-disrupted services only to find another service, SOE, had also been compromised and details of another 25 million accounts had been taken. In a letter to lawmakers, Sony indicated that it had found evidence that Anonymous was to blame but Anonymous denied the allegation. Then on Friday, a report suggested that a third attack on Sony's systems was due.

• Sony will reactivate its suspended online services soon
• Another 25 million Sony users compromised
• Sony suggests Anonymous to blame for cyber attack
• Report: Sony to face third attack

Password storage service LastPass saw enough unusual traffic that it believed it had possibly been broken into and suggested all users change their passwords, Magix tried to block the publication of an exploit using a lawyer and Mac OS X trojan kits have appeared on the market.

• Potential intrusion suspected in LastPass password service
• Magix blocks exploit publication
• Trojan construction kit for Mac OS X - yours for $1,000

The Tor Project set out a plan to fork Firefox to get around a number of issues with the usability and stability of their anonymous browsing solution, Apple released its promised update that shrinks the controversial location database to seven days of data, Microsoft updated Windows Phone 7 to block bad certificates and UK-based Sophos acquired Astaro, maker of hardware and software security appliances.

• The Tor Project plans a Firefox fork
• Apple releases iOS updates to address location tracking concerns
• Microsoft issues first Windows Phone 7 security update - update
• Sophos has acquired network specialist Astaro

Security Alerts

• Vulnerabilities in Zyxel's ZyWall products

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(djwm)