The H Week - Linux 2.6.39 approaches, Google I/O, WebGL insecurity, Flash 10.3 fixes holes
This week, Glyn Moody discussed what Microsoft's acquisition of Skype means for FOSS and The H published a new edition in the Coming in 2.6.39 Kernel log series. Google kicked off its I/O developer conference with Android, the German Foreign Office explained its elimination of open source and Ubuntu 8.04 LTS reached its end of life on desktops. Researchers published details of a security hole in WebGL, Sony delayed reopening PSN and Adobe released version 10.3 of Flash Player, closing several security vulnerabilities.
Featured
Glyn Moody scoped out the Skype situation as Microsoft swallowed up the proprietary VOIP maker and asked if there was an opportunity for open source in its wake. The final part of the Thorsten Leemhuis's Kernel Log mini-series, "Coming in 2.6.39", looked at the new and modified drivers going into the, now imminent, next version of Linux.
Open Source
Linux 2.6.39 is nearly with us, the German Foreign Office explained why it was going back to Windows and Office, Apple appeared to not comply with the Webkit LGPL... then they did, AMD committed to getting the open source BIOS coreboot working with all their processors and SCO finally disappeared by renaming itself TSG Group.
- Linux 2.6.39 nears completion
- German Foreign Office explains open source elimination
- Apple reluctant to release iPhone WebKit source code - Update
- AMD Embedded commits to open source BIOS coreboot
- SCO becomes TSG in legal name-shift
Google's big developer event took place this week and the first day was all about Android, though Google went on to disappoint people by confirming that there would be no Honeycomb (Android 3.x) source code till after the release of a future version of Android called Ice Cream Sandwich. Google's App Engine got a native boost when it was announced that it would run Google's Go language compiled to x86 and finally Google announced the Linux-based, Chrome-browser-based Chromebook notebooks being made by Samsung and Acer.
- Google I/O opens with Android
- No Honeycomb open source till after Ice Cream Sandwich
- Google I/O: App Engine to support Go
- Google's Chrome OS machines arrive
ForgeRock put themselves at the centre of OpenICF, a group built around the Identity Connector Framework, and SGI upped its support of the Lustre file system and announced it was joining OpenSFS, a group focused on open source scalable file systems such as Lustre. Mandriva and Zarafa got together, as did the creator of Scala and the creator of the Scala-based Akka middleware to make Typesafe, a Scala company.
- ForgeRock announces launch of OpenICF
- SGI expands Lustre file system support, joins OpenSFS
- Mandriva & Zarafa announce partnership
- Scala creator launches Scala company Typesafe
Ubuntu were also having their developer summit: OpenStack was selected as the future foundation of Ubuntu cloud offerings, LXDE-based Lubuntu got official blessing, Canonical announced they were joining GENIVI and making an in-car infotainment remix of Ubuntu and Nokia took the opportunity to announce Qt 5. Ubuntu 8.04 LTS passed its end of life date.
- OpenStack is the future for Ubuntu clouds
- Lubuntu to become official Ubuntu derivative
- Qt 5 to arrive in 2012
- Canonical joins GENIVI, creates Ubuntu IVI Remix
- Ubuntu Desktop 8.04 LTS reaches end of life
Open Source Releases
Releases this week included Talend's enterprise service bus, an updated Parted Magic, bug fixes for KDE, mobile framework Rhodes enhanced, an update to Amarok, a "huge step" for phpMyAdmin and better firmware for the Boxee Box.
- Talend expands portfolio to include ESB Standard Edition
- Parted Magic 6.1 brings graphics updates
- KDE SC 4.6.3 released with various bug fixes
- Rhodes 3.0 gains NFC & Windows Phone 7 support
- Amarok 2.4.1 adds new "Preview" feature
- phpMyAdmin 3.4.0 is a "huge step"
- Boxee Box 1.1 firmware update brings browser enhancements
Development releases
- WordPress 3.2 Beta 1 drops support for IE6
- LibreOffice 3.4 Beta 4 now available
- Linux Mint 11 "Katya" release candidate arrives
- Microsoft publishes Python Tools for Visual Studio Beta 2
- digiKam 2.0.0 approaches with new beta
Security
Vupen announced they had an exploit for Chrome which got past the sandbox, ASLR and DEP, while Context researchers pointed out that WebGL was a whole new attack surface for malware.
- Chrome exploit for Windows passes every security hurdle
- WebGL as a security problem
- Khronos respond to WebGL security report
Sony delayed their planned reopening of the Playstation network, a hole in Skype for Mac was already fixed but Skype fixed it again anyway and OpenID warned of an identity theft problem that existed in extended forms of the protocol.
- Sony delays PSN reopening
- Confusion over Skype for Mac security issue - Update
- Identity theft with OpenID
Chrome 12 beta and Chrome 11 both got different elements of protection against Flash-based cookies and the UK's Information Commissioner's Office gave guidelines on how to comply with the new EU cookie laws. Meanwhile Adobe got a grip on Flash cookies with version 10.3 of the Flash player.
- Chrome 12 Beta brings Flash cookie protection
- ICO gives advice on EU cookies law
- Chrome 11 update patches high risk vulnerabilities, updates Flash
- Getting a grip on Flash cookies: Adobe publishes Flash 10.3
Facebook apps were inadvertently leaking access tokens to advertisers, the Apache HTTP server had a DoS problem down in its portable runtime and malware authors discovered Unicode and how to write backwards to cover their tracks.
- Facebook apps leak access data
- Apache HTTP Server update fixes remote DoS issue - Update
- Backwards Unicode names hides malware and viruses
Linux security distribution Backtrack 5 was released, as was, unfortunately, the source code for the ZeuS trojan kit, and Google's dancing doodle led to image searches which had been poisoned by malware.
- Security distribution BackTrack 5 released
- ZeuS source code freely available on the net
- Google doodle takes you to scareware sites
Security Alerts
For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(djwm)