Smartango

The 2.6.25.3 stable kernel has been released. It was a bit earlier than expected due to "two security bugs fixed in here that just recently were made public". The release note is not clear which of the updates are the security fixes, but "all users of the 2.6.25 series are strongly encouraged to upgrade, and anyone running 2.6.24 should also move up to 2.6.25 at this time if possible." Click below for more details.

Red Hat Magazine has an interview with the AbiWord team. "AbiWord just had a great 2.6 release and the developers took several hours of their spare time over a few weeks period answering questions and providing information. Thanks to the team and especially MarcMaurer for his time and patience. We present you a detailed interview with the AbiWord team on a broad range of topics."

DesktopLinux has an article by guest author Howard Fosdick. "This paper surveys Linux's suitability for use by owners of very small businesses and the self-employed. It was written by Howard Fosdick, a self-employed database consultant who finds Linux fairly well-suited to his needs, and reckons it has saved him thousands of dollars in recent years."

CentOS has updated thunderbird (denial of service), gpdf (arbitrary code execution), the kernel (multiple vulnerabilities).

Foresight has updated firefox (denial of service).

Gentoo has updated firebird (information disclosure), ltsp (multiple vulnerabilities), inspircd (buffer overflow).

Mandriva has updated imagemagick (heap-based buffer overflows).

SUSE has updated rsync, MozillaFirefox, poppler, nagios, lighttpd, sarg, squid, bzip2, kdelibs3, texlive-bin, kdelibs4, Sun Java (various issues).

Ubuntu has updated speex (insufficient boundary checks), vorbis-tools (speex related), gst-plugins-good (speex related).

Matthew Garrett talks about power saving strategy in his unique manner. "Some people write software that lets you choose different power profiles depending on whether you're on AC or battery. Typically, one of the choices lets you reduce the speed of your processor when you're on battery. This is bad. It is wrong. The people who implement these programs are dangerous. Do not listen to them. Do not endorse their product and/or newsletter. Do not allow your eldest child to engage in conjugal acts with them. Doing this will reduce your battery life. It will heat up your home. It will kill baby seals. The sea will rise and your car will float away. If you are already running it, make sure that it always sets your cpufreq governor to ondemand and does not limit the frequencies in use. Failure to do so will result in me setting you on fire."

Marshall Kirkpatrick had a chance to talk to Neil Young at the JavaOne conference in San Francisco. "Here at the JavaOne conference in San Francisco Neil Young just announced that his whole life's work will be made available on in a dynamically updating collection delivered on Blu-ray disk. After his Keynote announcement I was fortunate enough to participate in a small group interview with a handful of other bloggers. Young offered interesting replies to questions about Trent Reznor and music piracy, about MP3 sound quality and about the way the web enables his extensive work on electric cars." (Thanks to Norman Gaywood)

Harald Welte has posted an update on the GPL-compliance case hearing held on May 8. In the end, Skype dropped all of its arguments and gave up its appeal. "This means that the previous court decision is legally binding to Skype, and we have successfully won what has probably been the most lengthy and time consuming case so far."

BetaNews covers Red Hat's release of the JBoss Operations Network 2.0 management platform. "Made generally available during this week's JavaOne conference, JBoss ON 2.0 is designed for managing cross-platform application development, testing, deployment and monitoring. Its modular architecture includes components for inventory, administration, and software updates, plus an optional monitoring module. Although some developers find that the JBoss ON Software Update feature works in a similar way to Microsoft's Windows Update service, the feature is used for distributing patches and other updates to JBoss Enterprise Platform software. But the inventory module enables cataloging of IT assets spanning Windows, Linux, Sun Solaris, HP-UX, and IBM AIX, along with a range of middleware services and servers."

Gentoo has updated x11 terminal programs (multiple vulnerabilities), egroupware (multiple vulnerabilities) and wireshark (denial of service).

Red Hat Enterprise Linux has updated gpdf (denial of service).

Slackware has updated php (PATH_TRANSLATED miscalculation) and thunderbird (multiple vulnerabilities).

HealthIT looks at the increasing popularity of Mirth in the health care world. "Mirth, an open source middleware solution, is gaining ground among health information exchanges. WebReach, a health information technology consultancy in Irvine, Calif., rolled out Mirth 1.0 as HL7-supporting messaging middleware in July 2006. Jon Teichrow, president of WebReach, refers to Mirth as a standards-based interface engine for transferring information among systems. The list of supported standards now includes HL7 v2 and v3, X12, EDI, XML, and the National Council for Prescription Drug Programs." (Found on LinuxMedNews).

HealthIT looks at the increasing popularity of Mirth in the health care world. "Mirth, an open source middleware solution, is gaining ground among health information exchanges. WebReach, a health information technology consultancy in Irvine, Calif., rolled out Mirth 1.0 as HL7-supporting messaging middleware in July 2006. Jon Teichrow, president of WebReach, refers to Mirth as a standards-based interface engine for transferring information among systems. The list of supported standards now includes HL7 v2 and v3, X12, EDI, XML, and the National Council for Prescription Drug Programs." (Found on LinuxMedNews).

The LWN.net Weekly Edition for May 8, 2008 is available.

From the Mozilla security blog: "The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions. Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy." Presumably this is only an issue for Windows users, but it is still scary. More information can be found in bugzilla.

Free software users rarely, if ever, need to be concerned about the license that governs the applications they use. Unlike developers or distributors, users are unlikely to pay attention to whether a program is released under a BSD, GPL, or some other license—not so with proprietary software. If Blizzard Entertainment has its way, it could get a whole lot worse, with proprietary vendors controlling the behavior of its users and enforcing it by way of the Copyright Act. Click below (subscribers only) for the full article.

CentOS has updated the kernel (multiple vulnerabilities).

Debian has updated kazehakase (multiple vulnerabilities from old version of PCRE library).

Mandriva has updated emacs (temporary file vulnerability), kdelibs (local code execution if somebody installs the wrong thing setuid root), and openssh (command restriction bypass).

Red Hat has updated the kernel (RHEL3, RHEL4, RHEL5: multiple vulnerabilities, one from 2005).

rPath has updated the kernel (race condition in filesystem lock code).

Ubuntu has updated thunderbird (multiple vulnerabilities), OpenOffice.org (multiple vulnerabilities), and ltsp (open X server).

Harald Welte lets it be known that there will be a hearing on May 8 in his GPL-enforcement case against Skype, which is shipping Linux-based phones without making source available. "Interestingly, Skype is arguing against the validity of the GPL as a whole, asserting that it is violating anti-trust regulation and similarly strange claims."

Here's an APC Magazine article which proclaims that the Windows-based EeePC 900 will cost less than the Linux version - though the fine print notes that the Linux-based system comes with more storage. "APC played briefly with the machines on show at the launch. The XP version of the Eee boots quite speedily for a Windows box, but is still notably slower than its Linux counterpart. Even Asus' press release promoting the product acknowledges that the Linux machine is faster to get started. 'It provides a fast boot-up time, ideal for quick internet access while waiting for public transport or taking notes on-the-go,' it breathlessly proclaims."

The 2.6.25.2, 2.6.24.7, and 2.4.36.4 stable kernel updates have been released. They contain a single fix for a "pretty nasty" security hole in the filesystem locks code. The curious can see the full commit with description in Viroese: "fcntl_setlk()/close() race prevention has a subtle hole - we need to make sure that if we *do* have an fcntl/close race on SMP box, the access to descriptor table and inode->i_flock won't get reordered."

The first OpenOffice.org 3.0 beta release is available, and the project is looking for testers. "The most immediately visible change to OpenOffice.org 3.0 is the new 'Start Centre', new fresh-looking icons, and a new zoom control in the status bar. A closer look shows that 3.0 has a myriad of new features. Notable Calc improvements include a new solver component; support for spreadsheet collaboration through workbook sharing; and an increase to 1024 columns per sheet. Writer has an improved notes feature and displays of multiple pages while editing. There are numerous Chart enhancements, and an improved crop feature in Draw and Impress."

Jesse Keating has a report from Linux Fest Northwest. "In Bellingham we arrive, somewhat late at night. Driving through the downtown area we spot a large banner hanging across the street advertising the Fest. Times have certainly changed. It's certainly fun to see the influx of geeks mesh with the biker bars and the college crowd. At the hotel you can tell it's fest time. Lobby filled with geeks: laptops, ham radios, smarmy t-shirts abound; excited conversations about kernels and desktops, and rpms, and debs, and who's going to win Alpha Geek this year. Snickering comments about whether or not the hotel wireless will withstand the abuse a hotel full of Linux geeks can throw at it, and a bemused rueful grin is the only answer one gets from the hotel staff (turns out that the hotel internet is pretty unusable by the time we arrive, but there is open wireless somewhere near that still works!)."