The H Week - OpenIndiana, ZFS, Java & Flash spies

In the past week, The H published two new editions of the Kernel Log, took an in-depth look at using the HAVP anti-virus proxy and reported on the imminent launch of OpenIndiana, an alternative to OpenSolaris. Mozilla released a new beta for its Firefox 4 browser and Oracle and NetApp sorted out ZFS related patents. Timetables for Java JDK 7 appeared, a number of browsers received security updates, Flash Player could allow attackers to access users' video and audio input devices and a new email worm is on the loose.

Featured

This week on The H, we showed how to use the HAVP anti-virus proxy to bolster your protection from web attacks. The Kernel Log reported on the approach of an end to the maintenance of Linux 2.4 and 2.6.27, along with all the latest news from the Linux Kernel ecosystem, and introduced the first of the "Coming in 2.6.36" series which looked at what will be new in the next release of the Linux kernel.

• Using the HAVP anti-virus proxy to protect from web attacks
• Kernel Log: Videos from LinuxCon and end to maintenance of 2.4 and 2.6.27 nears
• Kernel Log: Coming in 2.6.36 (Part 1) - Graphics

Open Source

News arrived of the imminent launch of an alternative to OpenSolaris in the form of OpenIndiana, NetApp and Oracle agreed to bury the hatchet over ZFS related patents, a time-table for JDK 7 could see the release of a less feature rich release in the middle of next year and the FSF encouraged Google to fight Oracle's patent claims against Android's Dalvik virtual machine.

• Solaris alternative OpenIndiana to launch next week
• NetApp and Oracle lift ZFS patent cloud
• JDK7 by mid-2011?
• FSF: "We encourage Google to fight Oracle's claims"

Mozilla released the fifth beta of Firefox 4 with Windows versions getting a GPU boost and, as the release gets nearer, the developers have started to cull features that won't make the final version. The foundation's labs also announced a browser-based gaming project to help developers bring better games to the web.

• Mozilla releases Firefox 4 Beta 5
• Start of feature cull for Firefox 4
• Mozilla Labs launches browser-based gaming project

Broadcom released open source drivers for Linux that work with the company's wireless hardware and Debian 7.0 was given it's name (Wheezy). Backports became an official Debian repository which allows users of the stable version to update package to the latest version without upgrading their entire operating system and there will be a Fedora conference in Switzerland next week

• Broadcom releases open source wireless driver for Linux
• Debian 7.0 named
• Backports now an official Debian repository
• Fedora conference in Switzerland next week

Microsoft's open source project hosting, Codeplex.com, donated $25,000 to the developers of the Mercurial source code control system, CouchDB developers Couchio changed their name to CouchOne and Rhomobile applauded Apple's App Store rule changes which would allow its open source Ruby framework to be used to develop iPhone apps. The WordPress Foundation took over the WordPress trademark and the Plex media centre is heading to LG televisions.

• Codeplex.com contributes $25,000 to Mercurial
• CouchOne is the new name for Couchio
• Rhomobile applauds Apple dropping App Store language restrictions
• WordPress Foundation take control of WordPress trademark
• Open source Plex media center to run on LG TVs

Open Source Releases

This week saw the release of the latest maintenance update to Debian 5.0, the first Illumos based version of Schillix, a Debian based version of Linux Mint and the beta release of the Mono-free "Saner Defaults" Ubuntu Remix. There were also updates to Rails 2.3, the YUI JavaScript framework, the Redis NoSQL database, the CyberDuck file transfer application, the GNU Debugger and the Limbas database tool. Alpha versions of PostgreSQL 9.1 and Python 3.2 and a third beta version of the KDE personal information management suite also arrived.

• Debian 5.0.6 "Lenny" released
• Schillix 0.7.1i released with Illumos underneath
• Linux Mint Debian released
• "Saner Defaults" remix of Ubuntu beta released
• Rails 2.3.9 extends bridge to Rails 3
• JavaScript framework YUI 3.2 interprets gestures
• Version 2.0 of NoSQL database Redis released
• Cyberduck FTP client adds Google Storage support
• GNU Debugger adds D language support
• Limbas database tool updated to version 2.1
• First alpha for PostgreSQL 9.1 appears
• Second alpha for Python 3.2 arrives
• Third beta of KDE PIM Suite uses Akonadi

Security

A number of browsers received security updates this week; Firefox 3.6.9 arrived with anti-clickjacking support, Apple released a security update for Safari and Opera 10.6 took care of DLL hijacking vulnerabilities. A man-in-the-middle attack was shown to be useful in convincing the Flash Player to give attackers access to a systems video and audio input devices, while malware was found to be impersonating browser's malware blocking pages. TrueCrypt 7.0a was released, Django was updated to close an XSS hole, Microsoft withdrew its SteadyState kiosk mode and new email worms were spotted in the wild. Adobe alerted users to a new zero day vulnerability in Adobe Reader, iOS 4.1 for the iPhone closed 24 vulnerabilities and a two year old IE flaw exposed users to the danger of data theft.

• Firefox 3.6 gains anti-clickjacking support, Thunderbird & SeaMonkey updated
• Apple releases Safari security updates
• Opera 10.6 update addresses DLL vulnerability
• Flash Player as a spy system
• MSIL/Zeven malware impersonates warning pages
• TrueCrypt 7.0a released
• Django 1.2.2 released to close XSS enabling hole
• Microsoft withdraws SteadyState
• New email worm on the move

Security Alerts

• Data theft in Internet Explorer via two-year old vulnerability
• iOS 4.1 released for iPhone and iPod touch
• Adobe warns of zero day vulnerability in Reader and Acrobat

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)