The H Roundup - Linux 3.9, better fonts for all and Note-d Java holes

Welcome to The H Roundup, your rapid review of the week with the most read news on The H, the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item. This week: Linux 3.9 arrives, better font display for Linux, compromised Apache binaries and huge Java holes, Mozilla gets legalistic for a good reason and there's fresh BSD and Linux distributions released into the world.

Features

The big event this week was the arrival at the start of the week of Linux 3.9 and Thorsten Leemhuis had all the details in his "What's new" feature. Meanwhile, Glyn Moody took on the issues and positions behind Free Software projects and trademarks, one which took on extra importance in the news as Mozilla issued a cease and desist on a much less reputable software maker.

• What's new in Linux 3.9
• What's in a (Free Software project) name?

Top News

As mentioned, Linux 3.9 arrived ready for developers to start folding into their distributions. The venerable OpenWRT got a new release and left behind some of the original hardware on which it emerged. Adobe and Google got together and contributed a new font rendering engine to the FreeType project, which will boost the readability and clarity of displays on Linux and other systems.

• Linux kernel 3.9 finalised and released
• Router Linux OpenWRT 12.09 released
• Font boost for Linux from Adobe and Google

Hiding malware in Apache web server binaries is the latest trick from the black-hatted fraternity; cPanel's Apache server seems to be the target of this low footprint attack. Google stepped in to stop developers updating their Play-store-supplied apps by other means, bringing an apparent end to Facebook's silent update plans. Google joined up with FIDO, an organisation looking for a replacement for the password, and it turns out that Lotus Notes would happily run Java applets... in mail – a gift to phishers.

• Compromised Apache binaries load malicious code
• Google locks down updating on Play store
• "Forget passwords!": Google joins FIDO
• Huge Java hole in Lotus Notes

Mozilla decided it wasn't going to take a government spyware supplier's technique of hiding its spyware by making it pretend to be Firefox and fired off a cease and desist. Meanwhile a former Opera employee who worked on Mozilla's Junior browser found himself accused by Opera of leaking trade secrets to Mozilla. The H's Open Recall was well read this week as the arrival of Debian Wheezy was nailed down to the weekend. Project Open added a stack of interoperability to its project management system including being able to round trip MS Project projects.

• Mozilla sends cease and desist to spyware maker
• Opera sues ex-employee for passing secrets to Mozilla
• Open Recall: Wheezy is coming, ownCloud joins Linux Foundation
• Project Open 4.0 can now round trip to MS Project

Open Source Releases

With two BSD-based refreshes, a Fedora remix, and the latest from Gentoo-based Sabayon, there were plenty of newly released operating systems to choose from.

• Korora 18's "Flo" offers a friendlier Fedora 18
• DragonFly BSD 3.4 lands
• OpenBSD 5.3 introduces stable SMTPD
• Sabayon 13.04 introduces experimental systemd support

Microsoft and Rackspace released tools to bring .NET developers to their clouds, Impala's Hadoop-based SQL query engine rolled out, Firefox OS got the third iteration of its in-browser simulator and a classic JavaScript benchmark reached version 1.0. After recent bug troubles, which tend to be the worst news in partition editors, the GParted developers put in the testing time to ensure a good, solid release. The Open Build Service learned how to build with Arch, KDevelop got built-in unit testing, Amarok rocked Windows, and GDB got itself ready for 64-bit ARM.

• .NET development tools for Windows Azure
• Rackspace woos .NET developers
• Impala: first SQL query engine to reach GA status
• Firefox OS Simulator 3.0 now available
• JavaScript benchmark SunSpider reaches version 1.0
• GParted Live 0.16.1-1 declared "well-tested, stable"
• Open Build Service 2.4 understands Arch Linux packaging
• KDevelop 4.5.0 adds unit test integration
• Amarok open source music player for Windows
• GDB supports AArch64 Linux
  

Coming soon, Rails 4.0, as the first release candidate for the opinionated web framework landed. Meanwhile, Mozilla's service team released Heka, a Go-based platform for managing the management messages and making them into meaningful metrics.

• Rails 4.0 goes to release candidate
• Heka beta offers high performance IT logging infrastucture

Security Alerts

If there's one place you don't want security holes, it's in your security software, but that's where McAfee found they had some this week. And, as we mentioned earlier, there was a big problem with how Lotus Notes email handles Java applets – it does handle them and leave the door open for phishing attackers.

• Security holes in McAfee's ePolicy Orchestrator
• Huge Java hole in Lotus Notes

For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(djwm)