The H Week – Debian 6.0 approaches, FFmpeg changes, HTML5, Stuxnet & 25 years of the virus

The past week has been rather turbulent for some developers with upheavals in the FFmpeg project and a difference of opinion over the future of HTML between the WC3 and WHATWG. Google stepped up its campaign for the WebM video format by dropping H.264 support from Chrome and the GNOME Foundation launched a new web site to showcase GNOME 3. Russia ruled that its federal authorities should switch to FOSS to avoid possible back doors in commercial software and full scale cyber-war was announced as unlikely by the OECD.

Featured

In our features this week Glyn Moody examined the ethics of hackers and open source in the light of the recent WikiLeaks controversy, Juergen Schmidt looked at the JIT spraying exploit and Richard Hillesley wrote of the necessity for developers to protect the integrity of commercially sponsored open source projects.

• In defence of hackers and open source
• Return of the sprayer - exploits to beat DEP and ASLR
• Sun's open source legacy – code and compromises

Open Source

Reference Linux distribution Debian was reported to be on schedule for a February release and the main development phase for the next Linux kernel release closed on Tuesday. Two major stewards of the open source movement joined forces to lobby the US Department of Justice to block the sale of Novell patents to CPTN. The Khronos Group released two software components that will simplify the development of multimedia applications for mobile devices, and EPEL announced an add-on package repository for RHEL6. The FFmpeg developers made a surprise announcement that the FFmpeg project had gained new management and changed its development model.

• Debian 6.0 scheduled for beginning of February
• Main development phase of Linux kernel 2.6.38 completed
• OSI and FSF ask US DoJ to intervene over Novell patents
• Khronos Group releases OpenMAX AL 1.1 and OpenSL ES 1.1
• EPEL offers add-on packages for RHEL 6
• Development of FFmpeg under new management

A schism between the W3C and WHATWG saw the announcement of a new HTML5 logo by the W3C, followed by an announcement from WHATWG that HTML would drop the version numbers and become a 'living standard', followed by the W3C backing off on its statements about HTML5 and the new logo.

• W3C unveils HTML5 logo
• HTML5 to become a living standard called "HTML"
• W3C backdown on HTML5 logo claims

Google explained its decision to support WebM and drop H.264 in Chrome, and the Free Software Foundation backed that decision by urging web site operators to abandon H.264 in favour of WebM video.

• WebM: Google explains
• FSF backing Google's push for WebM codec

The GNOME Foundation announced that it was seeking a new Executive Director after Stormy Peters' move to Mozilla, and a web site was launched to showcase the features of the upcoming GNOME 3 desktop.

• GNOME Foundation seeking new Executive Director
• Web site to showcase GNOME 3

Russian president Putin signed off a plan to "switch federal authorities to free software" in an effort to avoid any back doors there might be in commercial software from the US, and Latvia mandated that all its government departments must accept ODF files.

• Russia to switch to open source by 2015
• Latvia: ODF acceptance mandatory
  

Open Source Releases

• Mozilla releases Firefox 4 Beta 9
• FreeBSD 8.2 RC2 released for testing
• Tor project releases update to close critical hole
• New features in Amarok 2.4
• Xfce 4.8.0 desktop environment released
• Testers wanted: Python 3.2 RC1 arrives
• jQuery 1.5 beta 1 released on the 5th birthday of jQuery
• Yahoo updates YUI JavaScript framework
• IPFire open source firewall updates kernel
• Gingerbread-based CyanogenMod 7.0 nightly builds
• Clonezilla Live open source clone system adds new options
• Version 3.0 of the Parrot virtual machine arrives
• Oracle releases first VM VirtualBox 4.0 update
• Apache Pivot 2.0 released
• OpenERP releases version 6.0 of its ERP business applications suite
• Foursquare open sources two development tools
• Mozilla releases Thunderbird 3.3 Alpha 2
• Technology Preview for Qt SDK 1.1
• Final PC-BSD 8.2 release candidate arrives
• XBMC media software ported to Apple TV, iPhone, iPad

Security

The Stuxnet worm continued to generate speculation and controversy with a report from the New York Times presenting evidence that US and Israeli experts had developed the code, while other commentators said its lack of cutting edge stealth techniques and indiscriminate targeting suggested sloppy programming.

• Was Stuxnet a joint US-Israeli project?
• Stuxnet not such a masterpiece after all?

The first virus that infected IBM-compatible PCs appeared in 1986, apparently intended as a form of copy protection. 25 years later and rather than being written-for-kicks code with obvious and disruptive nuisance value, today's malware is secretive and written for criminal gain: for example, the Carberp banking trojan construction kit which is reported to be evolving rapidly. While known as transmission vectors for trojans, USB devices can also emulate keyboards and input malicious commands. Hackers at the recent Black Hat conference presented a method of programming a mobile phone to act as a keyboard emulator.

• 25 years of PC viruses and copy protection
• Online banking trojan developing fast
• Hacking with USB keyboard emulators

A study from the Organisation for Economic Co-operation and Development concluded that a full scale war conducted in cyber space was improbable and the European Network and Information Security Agency published guidelines for security and resilience in governmental clouds.

• OECD study: an actual cyberwar is improbable
• Cloud guidelines for public bodies

Security Alerts

• Tor project releases update to close critical hole
• Sybase plugs holes in Application Server

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)