The H Roundup - Linux Mint 15, Rails attacks, PayPal XSS
Welcome to The H Roundup, your rapid review of the week with the most read news on The H, the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item. This week: Linux Mint 15 might be the better Ubuntu for the desktop, the Samsung Galaxy S4 has already been hacked, PayPal was vulnerable to XSS, and Thorsten Leemhuis calls on developers to develop their software for everyone.
The Linux Mint developers have released the latest version of their distribution, based on Ubuntu 13.04 and including some applications the team developed specifically for their distribution. The H investigates if it has a chance to take on Ubuntu on the desktop.
Looking at distribution-specific developments like those by the Linux Mint team, Thorsten Leemhuis postulates that developing software for one Linux distribution only hurts the open source community as a whole.
This week, it emerged that the boot loader of the new Galaxy S4 smartphone has already been hacked, allowing arbitrary operating systems to be booted on the device. In less positive hacking outcomes, attackers have been targeting vulnerabilities in Ruby on Rails and the Apache web server. It also emerged that PayPal was once again vulnerable to cross-site scripting attacks.
- Samsung Galaxy S4 already hacked
- Attack wave on Ruby on Rails
- Log file vulnerability in Apache server
- PayPal vulnerable to cross-site scripting again
The peculiarly named RebeccaBlackOS allows interested users to test applications running under Wayland's compositor Weston in a safe live environment, Intel has been showing off a version of Tizen with the GNOME Shell desktop environment, and an intrepid developer wrote an office suite in thirty days.
- Live Linux distribution shows off Wayland
- Tizen with GNOME 3 shell shown by Intel
- "30 day" office suite Joeffice launched
In a reversal of an earlier policy, the Australian government has decided to back the ODF document standard, Bloomberg reports that Chinese hackers have stolen weapons plans from US defence companies and The H's Developer Break gets readers up to speed with the latest titbits of interest to software developers.
- Australia government goes with ODF document standard
- Report: US weapon and aircraft plans stolen
- Developer Break: CMIS, Spring, R, jEdit, Hadoop, and VNC over GIF
Open Source Releases
Open source releases this week included MIT Game Lab releasing a game engine that emulates physics at relativistic speeds, new versions of the Elm language, and the expect-lite tool, as well as a new release of Hortonworks' HDP.
- EclipseLink 2.5.0 offers JPA 2.1 reference implementation
- MIT Game Lab open sources relativistic game engine
- Elm language update sets out to "improve everything"
- Expect-lite 4.6.0 introduces foreach loops
- Hortonworks releases HDP 1.3 with Hive enhancements
Where development releases are concerned, a beta of Fedora 19 and the first beta of LibreOffice 4.1.0 appeared.
- It's alive: Lid lifted on Fedora 19 "Schrödinger's Cat" beta
- LibreOffice 4.1.0 Beta 1 arrives with over a thousand changes
Users of Novell Client for Windows, the ModSecurity plugin for the Apache web server, and the Apache Struts framework should heed the following security alerts:
- 0-days in Novell Client for Windows
- DoS vulnerability in ModSecurity fixed - Update
- Important security update for Apache Struts
For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.