The H Week - Linux 2.6.36, Chrome 7, Shockwave zero-day
In the past week, The H took a look at Nokia's open source Qt framework and published its customary in-depth feature on the latest 2.6.36 release of the Linux kernel. The Debian developers voted to recognise non-packagers as Debian Developers, it was proposed that the Java Community Process should be split and Google released version 7.0 of its Chrome web browser. A new vulnerability was found in the GNU C library that could lead to root privileges, Adobe confirmed a new Shockwave player zero-day and Mozilla issued security updates for its Firefox, Thunderbird and SeaMonkey products.
After attending last week's Nokia Qt Dev Days conference in Berlin, The H took a look at Nokia's open source Qt framework and the future of Nokia's mobile development. Following the release of the latest version of the Linux kernel this week, The H published its customary in-depth feature on what's new in Linux 2.6.36.
This week saw the arrival of the latest 2.6.36 Linux kernel and Linux creator Linus Torvalds was awarded the 2010 C&C Prize by the NEC C&C Foundation for his contributions to the advancement of information technology. The Debian developers passed the general resolution that non-package contributors and developers can be accorded full project membership as Debian Developers and development officially kicked off on the next version of the Debian-based Ubuntu operating system, version 11.04.
- Linux kernel 2.6.36 released
- Linus Torvalds awarded 2010 C&C Prize
- Debian votes: non-packagers to be recognised as Debian Developers
- Ubuntu 11.04 development begins
Stephen Colebourne proposed that the Java Community Process should be split into core and ecosystem organisations, and the Eclipse Foundation said that it would be voting against any proposal for Java 8 which did not include "sufficient accommodation" for the OSGi modularity and services framework.
The OpenOffice.org Community Council asked members of The Document Foundation to resign their roles from the council, the Free Software Foundation Europe (FSFE) accused the Business Software Alliance (BSA) of hampering innovation through its position on the inclusion of patented innovations in open standards and Alfresco dropped the LGPL'd Hibernate library in favour of iBatis in the Community Edition of its Enterprise Content Management platform.
- OpenOffice Council asks LibreOffice makers to resign
- Open standards dispute flares up again at the EU level
- Alfresco drops LGPL'd Hibernate for iBatis
This week HP, which acquired Palm earlier this year, announced a new version of its Linux-based webOS mobile operating system, as well as a new version of its Palm Pre smartphone, and Google released version 7 of Chrome into the web browser's stable channel, adding several new features and closing a number of security vulnerabilities.
Agile application life cycle specialist CollabNet acquired Subversion cloud expert Codesion and Open Source Business Intelligence company Pentaho announced a new partnership with open source database management specialist Ingres.
Mozilla launched a prototype of a web app store for its previously announced "open web app ecosystem" and VMware presented a prototype of a tool suite, known as Code2Cloud, for the development of applications in the cloud.
- Mozilla announces prototype of web app store
- VMware to close the gap between cloud development and the ALM world
Open Source Releases
Releases for Inges Database, Phusion Passenger, OTRS Joomla! Gateway, Wind River Linux, OpenWebBeans and the openSUSE Build Service, updates for jQuery, Bordeaux and CrossOver products, and development versions of jQuery Mobile, the Qt framework, OpenOffice.org, SeaMonkey, MythTV, Linux Mint and real-time strategy game 0 A.D.
- Ingres Database 10 makes migration easier
- Phusion Passenger 3.0.0 final released
- CogniDox releases OTRS Joomla! Gateway
- Wind River Linux 4 with new source code manager
- Apache OpenWebBeans reaches 1.0.0
- openSUSE Build Service 2.1 integrates external sources
- Bordeaux 2.0.10 Wine GUI arrives for OpenIndiana
- CrossOver 9.2 built on Wine 1.2.1 arrives
- Asterisk 1.8 released with Google Voice and SIP channel IPv6 support
- jQuery 1.4.3 and jQuery Mobile alpha released
- Development version of Qt 4.7 for Symbian^3 released
- Oracle issues first OpenOffice.org 3.3.0 release candidate
- Mozilla releases SeaMonkey 2.1 Beta 1
- Open source DVR MythTV 0.24 RC1 released
- Linux Mint 10 Release Candidate arrives
- Second alpha release for real-time strategy game 0 A.D.
The H reported on a new MysteryTwister C3 web site aimed at crypto fans, RIM's cooperation with the United Arab Emirates and on new online tutorials for budding cyber criminals. There were more trojan troubles on Lenovo's servers, Kaspersky's servers deployed spyware to some visitors to its site and a hole in the Linux kernel was discovered that could be used to gain root privileges. Intrusion detection specialist Stonesoft tried to make the idea that alarms for online networks are largely useless look new, the permanent evercookie now appears easier to kill than previously thought and the Pidgin developers updated their instant messaging application to close a denial of service vulnerability. Siemens responded to the Stuxnet worm threat by issuing a patch, but a forensic software specialist has said that this only affords protection against the existing Stuxnet variants and does not close the security hole.
- Crypto challenges for puzzle fans
- RIM co-operates with the United Arab Emirates
- Distance learning: Scamming for dummies
- Trojan trouble at Lenovo
- Hacked Kaspersky server deploys scareware
- Hole in Linux kernel provides root rights
- Alarms for online networks largely useless
- Killing the zombie cookie
- Pidgin 2.7.4 closes DoS vulnerability
- Siemens Stuxnet patch does not provide sufficient protection
Winamp and RealPlayer allowed malicious code to be injected on Windows PCs, a vulnerability in the GNU C library lead to root privileges under Linux and other OSs and Mozilla updated its Firefox, Thunderbird and SeaMonkey products to close a number of critical vulnerabilities affecting Windows, Mac OS X and Linux platforms. Google's Chrome 7.0 release closed one critical and several high-risk issues in the browser, Apple released Java security updates for Mac OS X 10.5 and 10.6, and a Adobe disclosed a new zero-day exploit for its Shockwave player.
- Security problems in media players
- Root privileges through vulnerability in GNU C loader
- Mozilla releases Firefox & Thunderbird security updates
- Google releases Chrome 7.0 stable
- Apple releases Java security updates
- Zero-day exploit for Adobe Shockwave
To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.