Slashdot Mirror

An anonymous reader writes: Bruce Upbin at Forbes reports on a new and insidious way for a malicious website to spy on a computer. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack. The exploit, which the researchers are calling "the spy in the sandbox," is a form of side-channel attack. Side channel attacks were previously used to break into cars, steal encryption keys and ride the subway for free, but this is the first time they're targeted at innocent web users. The attack requires little in the way of cost or time on the part of the attacker; there's nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker.

TexasDex writes "After years of providing great news reporting to the open source community, including interviews, great Linux kernel update summaries, and even breaking the Skype spying story well before it was leaked, The H Online is closing down due to lack of profitability. I've checked them daily for years, so it's sad to see them go."

TexasDex writes "After years of providing great news reporting to the open source community, including interviews, great Linux kernel update summaries, and even breaking the Skype spying story well before it was leaked, The H Online is closing down due to lack of profitability. I've checked them daily for years, so it's sad to see them go."

TexasDex writes "After years of providing great news reporting to the open source community, including interviews, great Linux kernel update summaries, and even breaking the Skype spying story well before it was leaked, The H Online is closing down due to lack of profitability. I've checked them daily for years, so it's sad to see them go."

TexasDex writes "After years of providing great news reporting to the open source community, including interviews, great Linux kernel update summaries, and even breaking the Skype spying story well before it was leaked, The H Online is closing down due to lack of profitability. I've checked them daily for years, so it's sad to see them go."

TexasDex writes "After years of providing great news reporting to the open source community, including interviews, great Linux kernel update summaries, and even breaking the Skype spying story well before it was leaked, The H Online is closing down due to lack of profitability. I've checked them daily for years, so it's sad to see them go."

An anonymous reader writes "Linus Torvalds decided to change the code name for Linux 3.11 and even submitted an alternate Tux Logo. Heise reports: 'For this release, Linus Torvalds changed the code name from "Unicycling Gorilla" to "Linux for Workgroups" and modified the logo that some systems display when booting: it now depicts a Tux holding a flag with a symbol that is reminiscent of the logo of Windows for Workgroups 3.11, which was released in 1993.'"

Two bits of Google news from today/yesterday. This morning, Google started rolling out a major update to mobile Maps. They've created a new tablet interface, improved integration with local places, integrated the Zagat guide, and enhanced navigation to automatically route you around traffic incidents. As usual lately, Google also removed a few features: Latitude and Check-ins. If you used those you'll have to use the Google+ application now. They also made a strange change to offline maps: instead of a menu option, you now access the area you want to make available offline and search for "OK Maps." On the Chrome front, Google released Chrome 28 yesterday, the first release featuring the WebKit fork Blink. The under-the-hood changes look promising, quoting the H: "The developers say that the increased speed is also thanks to the new threaded HTML parser, which frees up the JavaScript thread, allowing DOM content to be displayed faster. The HTML parser also takes fewer breaks, which is said to result in time savings of up to 40 per cent."

An anonymous reader writes "The H-Online is reporting that the upcoming RHEL 7 will use GNOME Classic Mode over Gnome Shell as its Default Desktop GUI. Speaking to TechTarget ahead of the 2013 Red Hat Summit, Red Hat engineering director Denise Dumas said this regarding the decision: "I think it's been hard for the Gnome guys, because they really, really love modern mode, because that's where their hearts are." She added that the same team had "done a great job putting together classic mode" and that it was eventually decided to use it in favour of the more radical modern interface to spare customers the effort of relearning their way around the desktop again."

New submitter einar2 writes "German hoster Hetzner informed customers that login data for their admin surface might have been compromised (Google translation of German original). At the end of last week, a backdoor in a monitoring server was found. Closer examination led to the discovery of a rootkit residing in memory. The rootkit does not touch files on storage but patches running processes in memory. Malicious code is directly injected into running processes. According to Hetzner the attack is surprisingly sophisticated."

hypnosec writes "Security expert Tavis Ormandy has discovered a vulnerability in the Windows kernel which, when exploited, would allow an ordinary user to obtain administrative privileges of the system. Google's security pro posted the details of the vulnerability back in May through the Full Disclosure mailing list rather than reporting it to Microsoft first. He has now gone ahead and published a working exploit. This is not the first instance where Ormandy has opted for full disclosure without first informing the vendor of the affected software."

Via the H comes a report that the Simon Phipps, current President of the Open Source Initiative, thinks that the VP8 patent Cross-license agreeement Google brokered with the MPEG-LA is incompatible with the Open Source definition. The primary problems are that the license is not sub-licensable and only covers certain uses, leading to conflict with OSD clauses five, six, and seven. Phipps concludes: "As a consequence, I suggest the license is flawed when considered in relation to open source projects and is likely to be negatively received by many communities that value software freedom. Doubtless a case can be made that the patent license is optional, but I suspect the community issues may remain. Once again we're left with our fingers crossed. Google's making the right noises, but this draft agreement seems like a particularly unworkable approach for free and open source software. Its failure to allow sublicensing seems like a major flaw. Even if this doesn't result in a requirement for all end-users to sign the agreement, the discrepancies between this document and the OSD leave it disruptive to open source adoption of VP8."

An anonymous reader writes with this quick bite from the H: "Just a few days after the one year anniversary of the release of the first version of OpenOffice from the Apache Foundation (Apache OpenOffice 3.4) on 8 May 2012, the project can now boast 50 million downloads of the Open Source office suite. 10 million of those downloads happened since the beginning of March. In contrast, LibreOffice claimed it had 15 million unique downloads of its office suite in all of 2012."

The edX project today announced that they are joining forces with Stanford and releasing the source to edX on June 1st. As part of the platform going Free, Stanford will be integrating features from their Open Source Class2Go project. From Stanford: "Mitchell said that Stanford's Class2Go platform development team has been in contact with the edX team for a number of months, and that much code is already synchronized so that the collaboration between the two platforms will be a smooth one. The advantage will then be 'a larger team building one strong open source platform, rather than two competing open source platforms, which we think will be more desirable for universities around the world,' Mitchell added."

Hot on the heels of the Gtk+ 3.8 release comes GNOME 3.8. There are a few general UI improvements, but the highlight for many is the new Classic mode that replaces fallback. Instead of using code based on the old GNOME panel, Classic emulates the feel of GNOME 2 through Shell extensions (just like Linux Mint's Cinnamon interface). From the release notes: "Classic mode is a new feature for those people who prefer a more traditional desktop experience. Built entirely from GNOME 3 technologies, it adds a number of features such as an application menu, a places menu and a window switcher along the bottom of the screen. Each of these features can be used individually or in combination with other GNOME extensions."

jrepin writes "The Free Software Foundation Europe (FSFE) is running its annual Document Freedom Day campaign today to raise awareness of the importance of open standards. This year's Document Freedom Day involves over 50 groups from 30 countries and focuses on open standards in web-based streaming technologies, especially on increasing the awareness and usage of HTML5. This year's campaign is sponsored by Google and openSUSE. To celebrate the Document Freedom Day April has published a poster to explain to software users, the interest of opting for 'open formats' to exchange and store their files."

alphadogg writes with news on what Open-Xchange has been doing with the OpenOffice.org developers they hired. From the article: "Collaboration software vendor Open-Xchange plans to launch an open-source, browser-based productivity suite called OX Documents. The first application for the suite is OX Text, an in-browser word processing tool with editing capabilities for Microsoft Word .docx files and OpenOffice.org and LibreOffice .odt files, the Nuremberg, Germany, company announced this week. OX Text doesn't mess up the formatting of documents loaded into the application, said Rafael Laguna, CEO of Open-Xchange. XML-based documents can be read, edited and saved back to their original format at a level of quality and fidelity previously unavailable with browser-based text editors, according to the company." The other claim to fame is that it supports collaborative editing similar to Google Docs. Unfortunately for anyone hoping to have a Free/Open replacement for Google Docs, it's not actually fully open source: the backend is (Apache/GPL dual licensed), but the front-end code is Creative Commons BY-SA-NC, which is unequivocally non-free and notoriously difficult to define. "[Open Xchange CEO Rafael Laguna] told The H that his interpretation of Non-Commercial in the licensing was such that companies could use the software in-house, but not sell it as a service to others. Companies that want support will have to purchase the software from Open Xchange."

An anonymous reader writes "Mozilla has put up a blog post about how building a paid app will work for Firefox OS. The Firefox Marketplace will host web apps, and Mozilla is quick to point out that the apps won't lock you into Firefox OS. They will use the receipt protocol, which other devices can support. If they end up doing so, users could buy the app just once and run it anywhere. 'There is, of course, a chicken vs. egg problem here so Mozilla hopes to be the egg that helps prove out the decentralized receipt concept and iterate on the protocol. Mozilla invites other vendors to help us work on getting receipts right so that paid apps are as portable and "webby" as possible.' Mozilla has a JavaScript API for exposing device receipts, and a client-side library can then contact a verification service URL from the receipt." Somewhat related: a recent panel at Mobile World Congress consisted of representatives for Firefox OS, Ubuntu for Phones, and Sailfish OS. They spoke about the need for alternatives to Android and iOS, and how manufacturers and carriers actually seem eager to use these new operating systems to differentiate their products

wehe writes "Heise News reports today some Samsung notebooks can be turned into a brick if booted just one time via UEFI into Linux. Even the firmware does not boot anymore. Some reports in the Ubuntu bug tracker system report that such notebooks can not be recovered without replacing the main board. Other Linux distributions may be affected as well. Kernel developers are discussing a change in the Samsung-laptop driver." It appears even Samsung is having trouble tracking down the problem (from the article): "According to Canonical's Steve Langasek, Samsung developers have been attempting to develop a firmware update to prevent the problem for several weeks. Langasek is advising users to start Ubuntu installation on Samsung notebooks from an up-to-date daily image, in which the Ubuntu development team has taken precautions to prevent the problem from arising. It is, however, not completely clear that these measures are sufficient."

Titus Andronicus writes "fuse-exfat, a GPLv3 implementation of the exFAT file system for Linux, FreeBSD, and OS X, has reached 1.0 status, according to an announcement from Andrew Nayenko, the primary developer. exFAT is a file system designed for sneaker-netting terabyte-scale files and groups of files on flash drives and memory cards between and among Windows, OS X, and consumer electronics devices. It was introduced by Microsoft in late 2006. Will fuse-exfat cut into Microsoft's juicy exFAT licensing revenue? Will Microsoft litigate fuse-exfat's developers and users into patent oblivion? Will there be a DKMS dynamic kernel module version of the software, similar to the ZFS on Linux project? All that remains to be seen. ReadWrite, The H, and Phoronix cover the story."

aloniv writes "The reverse-engineered free/libre and open source driver for NVIDIA cards Nouveau has reached another milestone. 'The Nouveau driver in the current Linux 3.8 development branch has recently acquired everything that's necessary to support the 3D acceleration features of any GeForce graphics hardware. Together with a current version of libdrm and the Nouveau 3D driver in Mesa 3D 9.0, this allows Linux applications to use 3D acceleration even with the most recent GeForce graphics cards."

sfcrazy writes with this excerpt from Muktware: "Samsung, which became a market leader thanks to Android, is reportedly working on a smartphone powered by Linux-based Tizen operating system. The company is working with NTT Docomo to create a Tizen powered smartphone. ... Samsung already has its Bada operating system which it uses in some devices. Samsung was expected to merge Bada efforts with Tizen but there has been no attempt in that regards. How Samsung, the Android market leader, positions this phone and creates an app ecosystem around it will be interesting to watch."

An article at The H makes the case that many open source foundations have successfully proven their worth and withstood the test of time as legitimate entities. This leads to the question: where do they go from here? The author suggests an umbrella foundation to provide consistent direction across many projects. Quoting; "As you might expect, the main aim of most foundations is to promote their own particular project and its associated programs. For the putative [Open Source Foundation Foundation], that would generalise into promoting open source foundations as a way of supporting open source activity. In practical terms, that might translate into establishing best practice, codifying what needs to be done in order to create an open source foundation in different jurisdictions with their differing legal requirements. That would make it far easier for smaller projects – such as Krita – to draw on that body of knowledge once they have decided to take this route. It might also encourage yet more projects to do the same, encouraged by the existence of support mechanisms that will help them to navigate safely the legal requirements, and to minimise costs by drawing on the experience of others. After all, this is precisely the way open source works, and what makes it so efficient: it tries to avoid re-inventing the wheel by sharing pre-existing solutions to problems or sub-problems."

Already available in third party repositories, the GNOME 2 fork MATE and GNOME 3 fork Cinnamon will now be included in Fedora 18. From the H: "After almost two months' delay, the Fedora Project has released the first and final beta of Fedora 18. The distribution, which is code-named 'Spherical Cow,' includes the MATE desktop – a continuation of the classic GNOME 2 interface – in its repositories for the first time. Fedora 18's default edition uses GNOME 3.6.2 as its interface and a separate KDE Spin provides the KDE Software Collection 4.9.3; Xfce 4.10 and version 1.6.7 of Linux Mint's Cinnamon are also available from the distribution's repositories."

Mojo66 writes "After project savings had been estimated to amount to at least €4 million in March, more precise figures are now in: Over €10 million (approximately £8 million or $12.8 million) has been saved by the city of Munich, thanks to its development and use of the city's own Linux platform. The calculation compares the current overall cost of the LiMux migration with that of two technologically equivalent Windows scenarios: Windows with Microsoft Office and Windows with OpenOffice. Reportedly, savings amount to over €10 million. The study is based on around 11,000 migrated workplaces within Munich's city administration as well as 15,000 desktops that are equipped with an open source office suite. The comparison with Windows assumes that Windows systems must be on the same technological level; this would, for example, mean that they would have been upgraded to Windows 7 at the end of 2011. Overall, the project says that Windows and Microsoft Office would have cost just over €34 million, while Windows with Open Office would have cost about €30 million. The LiMux scenario, on the other hand, has reportedly cost less than €23 million. A detailed report (in German) is available."

From the H reporting on LinuxCon Europe comes news that several Linux kernel developers have been laid off by AMD as part of its workforce reduction. From the article: "OSRC staff primarily worked to develop the Linux support for AMD's server processors, but they also wrote code and extensions for related desktop and notebook CPUs – for example, they looked after the code to support CPU frequency scaling for the PowerNow and Turbo Core technologies. While working on the kernel's IOMMU and KVM support, one of AMD's former employees contributed to the development of the "IOMMU groups" feature that was integrated into Linux 3.6; this feature provides the basis for a new Linux 3.6 technology that allows a host's PCIe devices to be passed through to virtual machines and can also be used with Intel CPUs." Looks like the group was doing interesting research on hypervisors, lockless data structures, and multi-core synchronization primitives among other things. The Open Source Radeon driver developers are not affected by this at least.

In development for the better part of the last decade, the 0.17 release of the Enlightenment window manager is slated for November 5th. Leading up to this, the H has an enlightening interview with project lead Rasterman on what to expect. From the article: "Today Enlightenment offers most of what you get from GNOME and KDE, and probably the same if not a bit more than XFCE. It just doesn't try and ship a suite of apps with it. It is the desktop (Window manager, settings, file manager, application launching and management) minus the apps. ... The biggest thing E17 brings to the table is universal compositing. This means you can use a composited desktop without any GPU acceleration at all, and use it nicely. We don't rely on software fallback implementations of OpenGL. We literally have a specific software engine that is so fast that some developers spent weeks using it accidentally, not realizing they had software compositing on their setup."

Via the H comes news of a possible remote attack vector using the protocol handler installed by Valve's Steam platform: "During installation, it registers the steam:// URL protocol which is capable of connecting to game servers and launching games ... In the simplest case, an attacker can use this to interfere with the parameters that are submitted to the program. For example, the Source engine's command line allows users to select a specific log file and add items to it. The ReVuln researchers say that they successfully used this attack vector to infect a system (PDF) via a batch file that they had created in the autostart folder. ... In the even more popular Unreal engine, the researchers also found a way to inject and execute arbitrary code. Potential attackers would, of course, first have to establish which games are installed on the target computer. "

jones_supa writes "The Finnish smartphone startup Jolla has revealed the next chapter in their roadmap. The company announced that it is setting up an alliance to license a MeeGo-based OS called Sailfish to other OEMs. The operations, backed by 200M€, will begin at spring 2013. CEO Jussi Hurmola believes that the next big revolution in smartphones will happen in China, and the OS will provide an alternative independent smartphone ecosystem there. Jolla strives for more openness than OHA, by letting the partners design their services directly without needing green light from the alliance. Sailfish is headquartered in Hong Kong and R&D centers will be established in other parts of mainland China, possibly Shanghai and Peking."

An anonymous reader writes "In an apparent reaction to the security vulnerabilities demonstrated by The H's associates at heise Security, the company behind WhatsApp Messenger is taking action against the developers of a library of functions for using the WhatsApp service via a PC. The developers have responded by removing the source code from the web. However, the popular texting alternative WhatsApp still has a major security problem. Attackers can compromise other users' accounts with relative ease, and send and receive messages from another user's account. Forked versions of the code are still available on Github."

sl4shd0rk writes "Upon examining the PDF Engine behind Google Chrome, Google employees Mateusz Jurczyk and Gynvael Coldwind discovered numerous holes. This led them to also test Adobe Reader, which turned up around 60 holes which could crash the PDF reader, 40 of them being potential attack vectors. The duo notified Adobe, who promised fixes, but as of the latest updates (Tuesday of this week) for Windows and Macintosh, 16 of the reported flaws are still present (the Linux version has been ignored). To prove it, Mateusz and Gynvael obfuscated the info and released it, saying the unpatched holes could easily be found. The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader."

sl4shd0rk writes "Upon examining the PDF Engine behind Google Chrome, Google employees Mateusz Jurczyk and Gynvael Coldwind discovered numerous holes. This led them to also test Adobe Reader, which turned up around 60 holes which could crash the PDF reader, 40 of them being potential attack vectors. The duo notified Adobe, who promised fixes, but as of the latest updates (Tuesday of this week) for Windows and Macintosh, 16 of the reported flaws are still present (the Linux version has been ignored). To prove it, Mateusz and Gynvael obfuscated the info and released it, saying the unpatched holes could easily be found. The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader."

From the H: "Allan Day has written a blog post on the concrete plans for 'GNOME OS' and provided background on the ideas that have motivated those plans ... Day starts by emphasizing that GNOME OS is not an attempt to replace existing distributions. Although the creation of a standalone GNOME OS is part of the plans, the idea is to make that a testing and development platform, and any improvements that come from GNOME OS should 'directly improve what the GNOME project is able to offer distributions.' Many of the drivers for GNOME OS are, Day says, old ideas to improve the development experience, such as automated testing and sandboxed applications, and while the developers could have separate initiatives for each feature, the idea is to work on them as a 'holistic plan' under the moniker 'GNOME OS.'" A few slides provide more context. In the works are stabilizing the platform APIs, improving deployment of applications, making everything automatically testable, and probably the most controversial: "The increasing popularity of mobile and touch devices represents a challenge to existing desktop solutions. This situation is complicated by the emergence of new hybrid devices that combine keyboards, touchpads and touchscreens. During our discussions last week we talked about how existing types of devices – primarily laptops and desktops – have to remain the primary focus for GNOME ... At the same time, we also want to ensure that GNOME remains compatible with new hardware. ... We have set the goal of having a touch-compatible GNOME 3 within a maximum of 18 months." The drive toward touch may seem obnoxious to desktop users, but spreading Free Software to a hardware ecosystem that is currently locked down and proprietary seems like a good goal to have.

Caught via the H is news that more components of webOS have been released: "The core applications provide a comprehensive set of platform user applications, including Email, Calendar, Contacts, Memos, Accounts, Clock and Calculator." Additionally, HP has opened up the development branch of system manager: "We are excited to open up the active development branch of our upleveled System Manager. This major upgrade incorporates the latest QtWebKit and Qt technologies in an improved architecture. Modern QtWebKit now underlies all applications, providing state-of-the-art support for HTML rendering and I/O. The latest stable release of Qt has been integrated across the system, eliminating alternate rendering paths and providing a clean base for the future. These changes bring enhanced stability and performance to Open webOS." As always, source can be had from the Open webOS github. A bit of bad news for existing device owners, however: "...we are aiming for support on future hardware platforms where SoC’s support Linux 3.3+ kernel and where open source replacements for proprietary components are integrated. Existing devices cannot be supported because of those many proprietary components, including graphics, networking and lack of drivers for a modern kernel." Existing device owners will have to live with the "webOS community edition."

sabri writes "Cnet reports that German security expert Felix Lindner has unearthed several vulnerabilities in Huawei's carrier grade routers. These vulnerabilities could potentially enable attackers, or the Chinese government, to snoop on users' traffic and/or perform a man-in-the-middle attack. While these routers are mostly in use in Asia, Africa and the Middle East, they are increasingly being used in other parts of the world as well, because of their dirt-cheap pricing. Disclaimer: I work for one of their competitors." Via the H, you can check out the presentation slides. Yesterday Huawei issued a statement 'We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims...'

An anonymous reader writes "Glyn Moody writes at The H that Google's Nexus 7 tablet seems to be in a good position to shake up the market and pave the way for serious Android competition to the iPad. That said, he's worried about the potential downsides to a market full of mostly 'open' devices: 'Such customised systems are likely to be as locked down as they can be – the last thing either manufacturers or companies want is for users to start fiddling with the settings or installing their own software. As a result, the apps that run on such systems are likely to be closed source, since that's the way vertical markets tend to work. Such systems will also expose a persistent problem with the open source development methodology. While big and general projects find it relatively easy to attract interested developers, smaller, more targeted solutions tend not to thrive as free software.'"

solardiz writes "A new community-enhanced version of John the Ripper adds support for GPUs via CUDA and OpenCL, currently focusing on slow-to-compute hashes and ciphers such as Fedora's and Ubuntu's sha512crypt, OpenBSD's bcrypt, encrypted RAR archives, WiFi WPA-PSK. A 5x speedup over AMD FX-8120 CPU per-chip is achieved for sha512crypt on NVIDIA GTX 570, whereas bcrypt barely reaches the CPU's speed on an AMD Radeon HD 7970 (a high-end GPU). This result reaffirms that bcrypt is a better current choice than sha512crypt (let alone sha256crypt) for operating systems, applications, and websites to move to, unless they already use one of these 'slow' hashes and until a newer/future password hashing method such as one based on the sequential memory-hard functions concept is ready to move to. The same John the Ripper release also happens to add support for cracking of many additional and diverse hash types ranging from IBM RACF's as used on mainframes to Russian GOST and to Drupal 7's as used on popular websites — just to give a few examples — as well as support for Mac OS X keychains, KeePass and Password Safe databases, Office 2007/2010 and ODF documents, Firefox/Thunderbird/SeaMonkey master passwords, more RAR archive kinds, WPA-PSK, VNC and SIP authentication, and it makes greater use of AMD Bulldozer's XOP extensions."

About two months ago, HP made the first source releases of webOS components. Conspicuously absent, however, were the sources to the Luna system manager, and it was not possible to build an image for the TouchPad with what was available. On Tuesday, the webOS team released the Luna sources and build tools as "webOS Community Edition." This is a continuation of their previous source releases, and is intended only for the TouchPad; Open webOS is still slated for release in September and will be designed for porting to new hardware platforms. Quoting the developers: "With the release of the webOS Community Edition you can now learn how the TouchPad works, modify your TouchPad experience and then apply that learning to Open webOS 1.0 in the future. We are excited to empower the community to create custom user experiences on the TouchPad. For example, developers can now modify the card view, launcher, notifications, Just Type and more." You can grab the latest over at Github. The developers claim you can build and install it onto actual hardware: anyone want to give it a shot?

With the goal of bringing more experimental development to the OpenBSD code base, a few developers have announced a fork named Bitrig. According to their FAQ, Bitrig aims to build a small system targeting only modern hardware and "be a very commercially friendly code base by using non-viral licenses where possible." Their first step toward that goal was removing GCC in favor of LLVM/Clang. The project roadmap shows their future goals as adding FUSE support, improving multiprocessing, porting the system to ARM, and replacing the GNU C++ library with LLVM's.

New submitter lsatenstein writes with this snippet from The H:"The regional government of Spain's Basque Country has decreed that all software produced for Basque government agencies and public bodies should be open sourced. Joinup, the European Commission's open source web site, cites an article in Spanish newspaper El Pais [English translation], saying that the only exceptions will be software that directly affects state security and a handful of projects which are being conducted in conjunction with commercial software suppliers."

An anonymous reader tipped us to news that the Software Freedom Conservancy is expanding its GPL compliance efforts. Quoting Bradley Kuhn: "This new program is an outgrowth of the debate that happened over the last few months regarding Conservancy's GPL compliance efforts. Specifically, I noticed that, buried in the FUD over the last four months regarding GPL compliance, there was one key criticism that was valid and couldn't be ignored: Linux copyright holders should be involved in compliance actions on embedded systems. Linux is a central component of such work, and the BusyBox developers agreed wholeheartedly that having some Linux developers involved with compliance would be very helpful. Conservancy has addressed this issue by building a broad coalition of copyright holders in many different projects who seek to work on compliance with Conservancy, including not just Linux and BusyBox, but other projects as well." The anonymous reader adds: "This news was also discussed in the latest episode of the Free as in Freedom Oggcast." Update: 05/30 14:20 GMT by U L: It may not be entirely clear, but several Linux developers have assigned copyright so that the Conservancy can pursue violations for them.

An anonymous reader writes "Perl 5.16.0 is now available with plenty of improvements all around. You can view a summary and all the change details here. With Perl on an annual release schedule, and projects like Mojolicious, Dancer, perlbrew, Plack, and Moose continuing to gain in popularity, are we in the middle of a Perl renaissance?"

An anonymous reader sends word that Apache OpenOffice 3.4 has been released (download). This is the first release since OpenOffice became a project at the Apache Software Foundation. The release notes list all of the improvements, the highlights of which The H has summarized: "According to its developers, Apache OpenOffice (AOO) 3.4.0, the first update since OpenOffice.org 3.3.0 from January 2011, now starts up faster than its predecessor and introduces a number of new features such as support for documents secured using AES256 encryption. The Linear Programming solver in the Calc spreadsheet program has been replaced with the CoinMP C-API library from the Computational Infrastructure for Operations Research (COIN-OR) project. As in LibreOffice 3.4.0, the DataPilot functionality has been renamed to Pivot Table, and now supports an unlimited number of fields. A new 'Quote all text cells' CSV (Comma Separated Values) export option has been also added to Calc. Other changes include improved ODF 1.2 encryption and Unix Printing support and various enhancements to the Impress presentation and Draw sketching programs."

Earlier today, Tizen, Intel's post-MeeGo mobile OS, announced the availability of their first stable release. The H has a summary of the new features: "The source code for Tizen's Larkspur release has seen a number of new features added. The Web capabilities have now got full W3C/HTML5 specification support with 'key' WebRTC features incorporated and APIs to access the local camera and vibration. ... Tizen's graphics are based on X11 with a compositing window manager based on Enlightenment Foundation Libraries ... The SDK's IDE includes a new browser based tool which offers support for the Tizen APIs within a browser; this should allow developers to run and debug Tizen 'web applications' and see how those applications run with various device profiles. The alpha release of the browser based simulator should reduce the need to work with the emulator for many applications." The SDK release notes and source release notes have the gritty details. A new community wiki has been created, and source is available via git. This release comes just before the first Tizen developer conference, May 7-9th in San Francisco.

JRiddell writes "Kubuntu, the KDE flavour from Ubuntu, has found a new sponsor in Blue Systems. They will be providing more resources than were available by previous sponsor Canonical. The project will remain much the same: community led, KDE focused, Ubuntu flavour. With the new independence it can branch out into new markets such as a Kubuntu Active flavour for tablets."

supersloshy writes "The popular GNOME desktop environment has just announced the release of version 3.4. User-facing updates include, among others, a new look for many GNOME applications, smooth scrolling support in GTK, integrated document search in GNOME Shell, a new dynamic background, improved accessibility configuration options, new high-contrast icons, and more documentation. Developer-facing improvements include the release of GTK+ 3.4 and updates to standard GNOME libraries as part of the latest GNOME Developer Platform."

Thinkcloud writes "The Linux From Scratch (LFS) project has published version 7.1 of its manual for building a custom Linux installation. The new release of the step-by-step instructions is 345 pages long and uses more up-to-date components than previous versions – for example, the 3.2.6 Linux kernel and version 4.6.2 of the GNU Compiler Collection (GCC). The update also includes fixes to bootscripts and corrections to the text, as well as updates to 20 packages."

ekimd writes "Adobe has anounced their plans to abandon future updates of their Flash player for Linux. Partnering with Google, after the release of 11.2, 'the Flash Player browser plugin for Linux will only be available via the 'Pepper' API as part of the Google Chrome browser distribution and will no longer be available as a direct download from Adobe.' Viva la HTML 5!" And it appears that Mozilla won't be implementing Pepper anytime soon.

First time submitter jan.van.gent writes "The European Parliament is on the verge of adopting a directive reforming standards, reform which would introduce FRAND patent licensing terms, an undefined term which has been seen as a direct attack on the fundamental principles of Free and Open Source software. The Business Software Alliance has been very active trying to get FRAND terms into the directive."