The H Roundup - Hardware destruction and open source creations
Welcome to The H Roundup, your review of the week with the most read news on The H, the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item. This week: hardware destruction, OS switcharound, Open Source laptops, Android code-signing holes, shiny new Chrome, vulnerability custody fights, language surveys and the rise of PHP, backdoors that let zombie alerts in, and mourning for Seth Vidal.
Top News
What do you do when you have malware? One US government department decided to destroy the hardware it turned out it wasn't on, and carried on till it ran out of budget. Meanwhile, Ubuntu Touch hit a small milestone as the developers flipped the way round the software was so that it became an Ubuntu kernel with a containerised Android system. Lovers of open hardware got a chance to catch up with Novena's open source laptop, which now has a bigger FPGA and loses the Raspberry Pi headers we noted when it launched.
- US government agency destroys hardware to clear malware
- Ubuntu Touch no longer launched by Android
- Novena open source laptop trades Raspberry Pi headers for power
Android was also in the headlines when a security startup announced that there was a "masterkey" problem that let attackers insert undetectable (at least by the mobile OS) code into application files. It didn't take long for the Android community to identify what the bug was and create a fix for it. Getting that fix to everyone though is a much trickier challenge for Google.
Google rolled out Chrome 28, its first stable browser based on the Blink WebKit-fork. It also brought with it Google's latest take on web notifications, at least on Windows systems. A blame game was brewing between Secunia and Videolan, makers of VLC, over vulnerabilities and their fixes; Videolan has already gone as far as warming up the lawyers.
- Chrome 28 with new Blink engine and Rich Notifications
- Secunia vs VLC - Whose vulnerability is it anyway?
PHP is the fastest growing language, and isn't the fastest growing language. It all depends on which automatic interest-rating survey you believe. What you won't believe is how insecure the US emergency system is... insecure enough for someone to prank TV stations and viewers with zombie attack reports.
To end the news this week, there was the sad news that Seth Vidal, creator of yum, was killed in a hit and run accident while out cycling. Vidal was especially remembered by the Red Hat and Fedora communities where he had made a great contribution.
Features
Thorsten Leemhuis explains what's new in SUSE's latest enterprise Linux roll out, SLES 11 SP3, and explains how rapid release cycles are a good thing and how Mozilla offers a development model.
Open Source Releases
If you wanted a complete photo-sharing platform, a secure booting enterprise Linux, a corporate search engine, virtualisation for an ARM server, a fresh BSD package manager, the latest LibreOffice, a distributed key/value store, Groovy tools or QML for WebApps, there was a good chance there was an open source release for you in the past week:
- Photographer.io software stack open sourced
- SLES 11 SP3 brings Secure Boot support to the enterprise
- Searchdaimon open sources its enterprise search
- Xen 4.3 releases today with ARM server support
- MidnightBSD gets a new package manager
- Open Recall: Defending against PRISM, LibreOffice 4.1 RC2, Odin.js
- Riak 1.4 can count on the cluster
- Spring Tool Suite and Groovy Tool Suite go 3.3.0 for Kepler
- Developer Break: Nokla Imaging, Perforce, QML, REST, AWS SDKs
Security Alerts
Patch Tuesday saw Microsoft plug six critical holes in Windows, Internet Explorer and even its font rendering. Adobe continued to shore up Flash Player and Shockwave and close some holes in ColdFusion. Over at HP, they were being a little embarrassed about the backdoors they'd left in some storage products.
- July's Patch Tuesday fixes Windows privilege system
- Adobe fixes Flash Player, Shockwave and ColdFusion
- New backdoor in HP server products
For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.
(djwm)