The H Week - Ubuntu 11.04 Beta 1, Firefox 4 for Mobile, Comodo fallout

Canonical released the first beta of Ubuntu 11.04, Mozilla issued the final version of Firefox 4 for Mobile and Google is said to be taking more control of its open source Android mobile operating system from device makers. There was further fallout from the compromising of the Comodo Certificate Authority, Microsoft temporarily turned off encryption for Hotmail users in some countries and the FBI asked for help decrypting a clue in a murder case.

Featured

This week in The H, we looked at how CSP could help stop cross-site scripting attacks, we listed the community events going on in the UK this month and took a first browse over whats going to be in the next Linux kernel. The H was also pleased to present "A migrator's guide to Drizzle" by Andrew Hutchings who explained how to move from using MySQL to the newly stable Drizzle database.

• CSP: Thwarting cross-site scripting and click-jacking attacks
• The H Community Calendar - April 2011
• Kernel Log: First release candidate for Linux 2.6.39
• A migrator's guide to Drizzle

Open Source

The UK Government announced its new strategy for ICT projects within government and, on paper, it looks good for open source. That's better than over in Switzerland where open source vendors lost out on government tenders because they couldn't offer Microsoft software.

• UK ICT strategy offers "level playing field" to FOSS again
• Open source vendors turned down by Swiss Federal Supreme Court

Mozilla ended support for embedding the Gecko layout engine in other applications which may have an effect on other open source projects. In more positive news though, the browser builders started getting support for their "Do Not Track" header and shipped Firefox 4 for Mobile, minus Flash support.

• Mozilla kills embedding support for Gecko layout engine
• Mozilla's "Do Not Track" header gaining support
• Mozilla releases Firefox 4 for Mobile

Google were reportedly taking a firmer grip of the reins with Android device makers, but the developers behind CyanogenMod ignored that and are near to releasing their 7.0 version based on Android 2.3 Gingerbread. The "Father of Java", James Gosling, announced that he's now a Google employee.

• Report: Google taking more control of Android
• Gingerbread-based CyanogenMod 7.0 nears completion
• Gosling goes to Google

Nokia wrote an open letter to developers telling them to work with Qt as it was investing in it and there'd be a 150 million more Symbian phones out there in the next few years. Nokia also put the source for Symbian back online as part of their new "open and direct" model.

• Nokia tells Qt developers it is investing
• Symbian source surfaces at Nokia

Linux distributions are to get a new directory in the root directory, /run/ for those temporary files needed at startup. Novell said they were relaxed about the changes Red Hat made to their RHEL source releases, a new version of the GNU Compiler Collection arrived and was ready to Go and Hercules, once famed maker of graphics cards, turned up with a 10" Linux powered netbook.

• Linux distributions to include /run/ directory
• Novell not fazed by Red Hat changes
• Many new features in GCC 4.6
• Hercules launches 10-inch Linux powered eCAFÉ Netbooks

The Python JIT compiler Unladen Swallow was confirmed as dead, not resting and not pining for the fjords. Other things due to pass away are openSUSE 11.2 and Ubuntu 9.10; both are approaching their end-of-life.

• Unladen Swallow dead, not resting
• openSUSE 11.2 to reach end of life in May
• Ubuntu 9.10 approaches end of life

Open Source Releases

Released this week: An Enlightened Linux and a Linux that looks ahead, a Linux for teaching and a Linux for cloning, a photo manager, a full text search engine and platform, a cloud platform, some mobile web templates, a virtualisation platform and a Java web framework.

• Bodhi Linux reaches 1.0.0 stable
• Foresight Linux 2.5 released
• openSUSE 11.4 Edu Li-f-e released
• Clonezilla Live open source clone system updated
• Shotwell photo manager adds new search bar
• Apache Lucene and Solr 3.1 released
• OpenNebula 2.2 open source cloud software arrives
• Mobile Boilerplate: Templating for web apps
• Xen version 4.1 released
• Apache Click's at 2.3.0

Development releases

• Release Candidate for Scala 2.9.0 arrives
• Slackware 13.37 gets a third release candidate
• ReactOS 0.3.13 improves memory management
• The Bazaar version control system enters beta for version 2.4
• Greplin open sources Python tools
• Google's App Engine brings Java and Python closer to parity
• HP announces webOS 3.0 SDK developer beta
• NetBeans 7.0's first release candidate appears
• Blender 2.57 release candidate published
• Canonical releases Ubuntu 11.04 Beta 1

Security

The fallout from the compromising of Comodo Certificate Authority continues. Mozilla admits it shouldn't have kept quiet, a single hacker claims that he did the hack and Comodo admitted that two more resellers were also compromised.

• SSL meltdown: Mozilla admits mistakes in its information policy
• Single hacker claims responsibility for Comodo certificate theft
• Comodo: two more resellers were compromised

Microsoft temporarily turned off encryption for Hotmail in sensitive countries, MySQL's website was vulnerable to SQL injections, McAfee's site was found to have holes in it and a report on NASA's network found plenty of problems which weren't rocket science.

• Microsoft restores Hotmail encryption to Syrian and other users
• MySQL allegedly hacked - via SQL injection
• Holes in McAfee's web site
• Critical NASA network vulnerable to attack

Fixes appeared for the latest battleground for security, printers, the Cree.py application tracked you based on the photos and tweets you put on the web, VMware found a privilege escalation vulnerability on its Linux products and the FBI asked for help cracking a code. The big false alarm story of the week was when NetworkWorld published an article claiming keyloggers were installed on all Samsung printers, based on a warning from an anti-virus package.

• When buffer overflows in printers become a risk
• Cree.py application knows where you've been
• VMware warns of vulnerability in its products
• FBI asks for help cracking a code in unsolved murder case
• False alarm over an alleged Samsung Trojan

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)