The H Week - SpringSource buys GemStone, DNSSEC on last root and another flawed signature file

In the week just past, VMware subsidiary SpringSource announced its acquisition of GemStone, Ryzom the MMORP game went open source and Google announced the latest version of Android, 2.1, is gradually gaining ground. Researchers built a truly random number generator using the quantum entanglement principle, the last root server switched over to DNSSEC and Google launched an intentionally vulnerable server service as a security teaching aid.

Featured

This week, The H published another in our Kernel Log series following the development of the 2.6.34 and a feature by Richard Hillesley examined the history of Firefox based in part on his interview with Mitchell Baker, chairperson of the Mozilla Foundation.

• Kernel Log: Coming in 2.6.34 (Part 3) - Graphics
• Firefox and the open web

Open Source

The Eclipse Foundation gained yet another member this week when Bosch, the automotive parts manufacturer joined up. WMware continued its expansion as recent subsidiary SpringSource in turn acquired GemStone. Ryzom, the popular massively multi-player online role-playing game (MMORPG) moved to an open source license. Canonical's Mark Shuttleworth said the GNOME Shell will not appear by default in Ubuntu 10.10. Miguel de Icaza suggested that integrating Microsoft's Common language Infrastructure into browsers would allow developers to write substantially better applications. Google said the latest version (2.1) of Android is steadily gaining market share and released a new beta of their Chrome browser with a built-in Flash player. Responding to questions from The H Canonical clarified the position over its H.264 licence. Red Hat and Novell won their battle in court over a patent claim against Linux, a dispute that started in 2007. Open source developer Lennart Poettering announced "Systemd", an alternative to SysV-Init and the Init system Upstart used to boot many Linux distributions.

• Bosch Group joins the Eclipse Foundation
• VMware's SpringSource to acquire GemStone
• Ryzom MMORPG game goes open source
• Shuttleworth: No default GNOME Shell in Ubuntu 10.10
• Miguel de Icaza: .NET technology for web browsers
• Google: Android 2.1 is catching up
• Google Chrome beta update integrates Flash Player plug-in
• Canonical clarifies its H.264 licence
• Patent suit against Red Hat and Novell fails
• Systemd presented as SysV-Init and Upstart alternative

Open Source Releases

• Touch support in Qt 4.7
• Motorola releases Android 2.1 for UK Milestones
• PCLinuxOS 2010.1 KDE Edition addresses bugs
• KDE's monthly bug fix released: KDE 4.4.3
• Mozilla releases Thunderbird 3.1 Beta 2
• Rhodes 2.0 to be MIT licensed
• Puppy Linux founder releases Quirky 1.0
• Linux Mint 9 RC arrives
• Opera 10.53 Beta 1 for Linux and FreeBSD
• MacRuby 0.6 arrives
• PostgreSQL 9.0 beta has replication built in
• EasyPeasy 1.6 final released
• openSUSE 11.3 Milestone 6 removes RadeonHD driver
• Mandriva Linux 2010 Spring Beta 2 arrives
• Spacewalk 1.0 strides out to manage systems
• KDevelop 4.0, open source C++ IDE, released
• Lubuntu release 10.04 "final stable beta"

Security

A flawed signature update for the firewalls of the Astaro Intrusion Prevention System crippled network operations for many of their customers. Researchers at the University of Maryland / NIST Joint Quantum Institute in collaboration with European colleagues, have been able to generate truly random numbers using a quantum entanglement device. Microsoft have said only two patches, one for Windows and one for Office will be released on this coming Patch Tuesday. The last of the 13 root servers switched over to DNSSEC on Wednesday, although DNSSEC won't actually come into service until June. Adobe Systems have now added browser accessible privacy controls to Flash. Social networking site Facebook responded quickly to a privacy hole actually introduced by the recent expansion of the privacy features. The Foxit PDF reader added a Trust Manager feature to turn off the execution of code embedded in PDF files. Google launched a new and intentionally vulnerable server as a security teaching aid. F-Secure suggested that Microsoft integrate a simple PDF reader into Windows as a way of reducing the security problems stemming from the extended features supported by, for example, Adobe Reader. Organisers of the Cyber Security Challenge competition were embarrassed when their own web site was found to have a XSS hole. Adobe provided a patch for Photoshop CS4 which blocks an attack through manipulated TIFF files.

• Flawed IPS update cripples Astaro firewall
  
• Random numbers from entangled atoms
• Microsoft to fix critical vulnerability
• DNSSEC on all root servers
• Adobe Flash 10.1 supports "private browsing"
• Facebook closes serious security hole
• Foxit Reader adds new security features
• Google's Jarlsberg server: full of holes like the cheese
• F-Secure suggests integrated PDF reader for Windows
• Cyber Security Challenge holed before launch
• Security update for Photoshop CS4

Security Alerts

There were no security alerts this week.

To see all last week's news see The H's last seven days of news and to keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(trk)