Android 3.0's source isn't being released, a Certificate Authority compromise shakes SSL trust, Firefox 4 finally gets released, Microsoft sues Android device makers and Linus dismisses claims of GPL violations in Android. All this and more in The H Week.

Featured

This week, The H's Christopher von Eitzen detailed what's new in the freshly released and long awaited Firefox 4.0, Thorsten Leemhuis looked at the start of Linux 2.6.39 development and Richard Hillesley discussed the two ethical forces of open source, pragmatism and idealism.

• What's new in Firefox 4.0
• Kernel Log: Development of 2.6.39 under way, series 33 revived
• The pragmatism of free software idealism

Open Source

Google announced there'd be no source code released for Android 3.0 "for the foreseeable future", the fuss over the legitimacy of Android's Bionic library headers was called "totally bogus" by Linus Torvalds, Microsoft sued Barnes & Noble over the Android based Nook and Amazon opened an Appstore for Android users in the US.

• Google says no Android Honeycomb source for now
• Linus on Android headers: claims "seem totally bogus"
• Microsoft sues vendors and manufacturers over Android devices
• Amazon's Android Appstore is open for business

GNOME 3 is almost with us as it enters the release candidate phase, Debian's "Squeeze" got its first maintenance update, Red Hat didn't quite make it to being a billion dollar company but it did release a beta of RHEL 6.1 and the Linux Foundation brought together Smart TV companies to put together a MeeGo TV platform.

• GNOME 3 approaches the finish line
• First update for Debian "Squeeze"
• Red Hat is on its way to $1 billion in sales
• Beta version of Red Hat Enterprise Linux 6.1
• Linux Foundation switches MeeGo TV on

After a very long wait, Firefox 4 finally arrived and in 24 hours got over seven million downloads (and 20 million in 48 hours). Mozilla won't be waiting as long to release Firefox in future as it revealed plans for the new slipstreamed release process. Firefox 4 still had one release candidate to go though, for the version for Android and Maemo. Developers were kept happy with an updated Firebug for the new browser though.

• Firefox 4 finally finished and freed
• Firefox 4 downloads approach 7 million, after less than 24 hours
• Mozilla moves to Google Chrome style slipstreamed releases
• Mozilla issues Firefox 4 release candidate for Android and Maemo
• Firebug 1.7.0 released in time for Firefox 4.0

Google updated all the Chrome versions (channels) this week, with 10 getting security patches, the first Chrome 11 beta debuting and the first appearance of the in development Chrome 12. Meanwhile Google's founder got himself a patent for the Google doodle, the company's fast compression system Snappy got open sourced and Page Speed appeared as an SDK and extension for Chrome.

• Chrome 10 update patches security vulnerabilities
• Google releases first Chrome 11 beta
• Google Dev channel reaches version 12
• Google doodles itself a patent
• Google gets Snappy over compression
• Page Speed for Chrome

Apple's Mail.app users can start encrypting their mail again as MacGPG gets Mail.app compatibility back, Mac OS X only browser Camino gets an update, Chameleon aims to get iPhone apps on the Mac desktop, MacRuby edges ever closer to final release, VLC gets a bit of Mac specific polish and Apple pull Samba from the next version of Mac OS X.

• New MacGPG once again compatible with Apple's Mail.app
• Camino 2.0.7 Mac web browser updated
• The Chameleon Project to bring iOS apps to the Mac
• MacRuby 0.10 now works with Xcode 4
• VLC Media Player 1.1.8 updates UI elements on Mac
• Apple removes Samba from Mac OS X 10.7 Server

Open Source Releases

• Wine 1.3.16 includes Firefox 4 based engine
• Gnash 0.8.9 GNU Flash player arrives
• Mandriva Enterprise Server 5.2 released
• webOS 2.1 SDK released
• LibreOffice 3.3.2 now available
• Python web framework Django 1.3 released
• GParted Live partition editor updated
• Ardour 3 is taking shape
• Moonlight gains hardware accelerated video playback

Security

When a certificate authority is compromised, trust goes into meltdown and that's exactly what happened this week as attackers compromised Comodo; browser makers were forced into releasing hurried updates to blacklist the rogue certificates and fingers were pointed. Meanwhile, the Stuxnet legacy rolls on as SCADA systems come under deeper scrutiny.

• SSL meltdown forces browser developers to update
• SSL meltdown: a cyber war attack?
• Industrial Control Systems: security holes galore

The wiki of the PHP developers was hacked, a password service used simple IP blocks to respond to hacker attacks, BlackBerry brought their Protect service to Europe and Apple closed more holes with an OS update.

• PHP developer wiki server hacked
• Password service locks out hackers
• BlackBerry Protect now available in Europe
• Apple releases Mac OS X 10.6.7 update

Apache's HTTPClient had a critical bug in how it handled proxies, Adobe closed holes in Flash everywhere, Google closed Chrome holes and a DLL hijacking hole was found in Google's Picasa.

• Apache HTTPClient 4.1.1 fixes critical security bug
• Adobe releases Flash 10.2 for Android, patches vulnerabilities
• Adobe fixes vulnerabilites in Flash, AIR and Acrobat
• Chrome 10 update patches security vulnerabilities
• Vulnerability closed in Google Picasa

Security Alerts

• Security flaw in RealPlayer
• Another zero-day exploit for SCADA systems

For all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(djwm)