Slashdot Mirror

..download and compile the 2.6.36 kernel. A feature of the changes can be found at http://www.h-online.com/open/features/What-s-new-in-Linux-2-6-36-1103009.html A very very easy to follow guide can be found at http://kernel.net/articles/how-to-compile-linux-kernel.html Sidenote - What is up with this comment not showing up when I wasn't registered. That's stupid and annoying.

Dell might be selling preloaded Ubuntu machines but at least Dell UK makes it rather difficult to actually buy them. Basically you need to call sales rep, send them few emails, blog about how your emails just weren't answered and if you are lucky you get twitter name that might be able to help you in your quest. Not exactly the easiest shopping experience.

Major german IT publisher Heise just went live A/AAAA with all their domains yesterday.
Their comments from the full 24h hour test they ran the other week: the rate of real ipv6 problems for http clients was barely measurable.

Article in German.

They also run an english service targetting the UK.
Although they don't seem to have switched AAAA on for that domain

Really? How big do you think the team that created Stuxnet is then? Or do you really think that one guy found 4 new zero days, wrote a P2P control mechanism, a custom kernel mode rootkit, a bunch of PLC code in an obscure form of assembly language and a shim DLL to hide the PLC infection from the operator?

Don't forget the fake kernel drivers signed with a stolen certificate. Stealing or breaking the digital certificate used by JMicron to sign Windows kernel drivers should be out of range for even a skilled single hacker.

Oh and apparently there was a second certificate stolen/broken, this time from Realtek.

This thing is really scary. Even when you follow best practice for security in every detail, you would have no protection against something like Stuxnet.

It's only a security threat if you can't trust the site that the programs are originating from. Sure, this search engine *may* be able to dump a tracking code into their output and therefore break the TOR privacy[1], but you have to ask how likely to happen is this? And my answer: very unlikely.

Please. If you do not understand the fucking problem. Do the world a favor and shut the fuck up.

http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-gregory_fleischer-attacking_tor.pdf
http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/
http://www.xssed.com/news/41/A_new_critical_Google_XSS_vulnerability_promptly_corrected/
http://shiflett.org/blog/2005/dec/googles-xss-vulnerability
http://blogoscoped.com/archive/2007-09-28-n28.html
http://www.h-online.com/security/news/item/Google-fixes-cross-site-scripting-vulnerability-in-YouTube-comments-1032988.html
http://ibnlive.in.com/news/orkut-attacked-by-bom-sabado-worm/131714-11.html
http://www.geek-news.net/2010/09/twitter-hit-with-major-xss-hack.html
http://lynnepope.net/twitter-xss-attacks
http://nemesis.te-home.net/News/20090407_Metasploit_Decloaking_Engine_and_TOR.html
http://securityandthe.net/2008/12/23/finding-a-hidden-ip-address-just-got-easier/

1) http://blogs.pcmag.com/securitywatch/2010/08/unpatched_vulnerability_in_all.php
2) http://www.zdnet.com/blog/security/microsoft-warns-of-serious-unpatched-windows-7-flaw/6474
3) http://blogs.pcmag.com/securitywatch/2010/08/unpatched_vulnerability_in_all.php
4) http://www.computerworld.com/s/article/9176944/Microsoft_warns_of_bug_in_64_bit_Windows_7?source=rss_security
5) http://isc.sans.edu/diary.html?storyid=8023
6) http://news.cnet.com/8301-1009_3-10170962-83.html
7) http://www.geek.com/articles/chips/17-year-old-unpatched-windows-vulnerability-discovered-20100120/
8) http://arstechnica.com/microsoft/news/2010/03/exploits-of-unpatched-ie6-ie7-flaw-on-the-rise.ars
9) http://www.h-online.com/security/news/item/Several-known-vulnerabilities-to-remain-unpatched-on-forthcoming-Microsoft-patch-day-947191.html
10) http://www.myce.com/news/microsoft-confirms-windows-shortcut-zero-day-exploit-32107/?utm_source=myce&utm_medium=frontpage&utm_campaign=related_posts

There, 10 vulnerabilities, which either took Microsoft months after visibility to patch, or still aren't patched.

Now, STFU.

ur wrong about open systems being secure

http://www.h-online.com/security/news/item/Android-rootkit-demonstrated-1049183.html

intressting not on an other iphone flamebaite
http://www.h-online.com/open/news/item/Google-uses-remote-delete-to-remove-Android-apps-from-smartphones-Update-1029188.html

ur wrong about open systems being secure

http://www.h-online.com/security/news/item/Android-rootkit-demonstrated-1049183.html

intressting not on an other iphone flamebaite
http://www.h-online.com/open/news/item/Google-uses-remote-delete-to-remove-Android-apps-from-smartphones-Update-1029188.html

Examine the rumors: H, and The Register.

Examine the facts: Digitask was contracted to provide the technology.

Name specific security holes that exist in the older ones that they have said "we aren't releasing patches".

link

Apple has released version 4.0 of its iOS mobile operating system, formerly know as the iPhone OS, closing a total of 65 vulnerabilities, some of which could be used by an attacker to take remote control of the device. [...]

The iOS 4 update is only available for iPhone 3G and 3GS and second and third generation iPod Touch devices. [...] The company has yet to confirm if it will issue a separate security update for first generation iPhone and iPod Touch devices.

If they do decide to release a separate security update for older devices, then we can say they haven't dropped support for them.

Again, there haven't been new FEATURE upgrades, but it still works as well as it did when you bought it. If the phone service (on an iPhone) were no longer available, I would consider that "no support".

You misunderstand what "support" means. Apple doesn't provide phone service for the iPhone -- AT&T does, so the scenario you describe is one in which AT&T stops supporting the iPhone.

The support Apple provides is in the form of software patches. If they stop providing those patches, they stop supporting the device.

One or should I say 65 more things it does for business is address security vulnerabilities.

According to Apple several of these could lead to remote code execution.

See:
The H Security - http://www.h-online.com/security/news/item/Apple-s-iOS-4-update-fixes-65-vulnerabilites-1027039.html

or Apple's own security advisory

http://support.apple.com/kb/HT4225

Unfortunately I now have to agree to their new terms of service to get these security fixes:

http://apple.slashdot.org/story/10/06/22/0318202/Apple-Wants-To-Share-Your-Location-With-Others

New article here on _Next3: Ext3 with snapshots_ http://www.h-online.com/open/news/item/Next3-Ext3-with-snapshots-1020107.html on adding snapshots to EXT3 file systems.

More is here too: http://lwn.net/Articles/387231/

Perhaps the best article is on sourceforge - http://sourceforge.net/apps/mediawiki/next3/index.php?title=FAQ#Is_Next3_related_to_Ext3cow.3F

PS: For the lazy, quotes from [1]

Software supporters include Adobe, Sorensen and Skype while the hardware supporters include AMD, ARM, Broadcom, Freescale, Logitech, Marvell, NVIDIA, Qualcomm and Texas Instruments. The Ogg Theora foundation is listed as a supporter.

Google is licensing its intellectual property, which includes On2 technologies IP assets, under an open source license which is only revocable if a licensee files a patent infringement lawsuit against the VP8 code as released by Google.

The software is open sourced under a BSD-style licence, and is optimised for the web with a "low computational footprint" for hand held and other portable internet devices.

Early builds of browsers supporting WebM include Chromium and Mozilla nightly builds, with an Opera Beta coming soon, and a Google Chrome early access release available on May 24th.

Google have already begun converting videos on YouTube.

Weeeeeeee!!!!

[1] http://www.h-online.com/open/news/item/Google-open-source-VP8-as-part-of-the-WebM-Project-1003772.html

And... as predicted:

http://code.google.com/events/io/2010/sessions/webm-open-video-playback-html5.html
http://openvideoalliance.org/2010/05/google-frees-vp8-codec-for-html5-the-webm-project/?l=en
http://www.h-online.com/open/news/item/Google-open-source-VP8-as-part-of-the-WebM-Project-1003772.html

Wildfox? Stupid.

So what about: German appeal court upholds Microsoft FAT patent

http://www.h-online.com/open/news/item/German-appeal-court-upholds-Microsoft-FAT-patent-985550.html

Please mod parent up; so far this seems the only informed comment on this thread (sigh).
Link to TFA: http://www.h-online.com/open/news/item/Canonical-clarifies-its-H-264-licence-993182.html

"like free software, digital music has zero marginal costs. As basic economics teaches us, this means that the price of such goods will tend to zero. That's certainly happening in the world of computing, with Microsoft, for example, offering all kinds of cut-price deals on PCs (notably netbooks) in an attempt to discourage manufacturers from installing GNU/Linux. This knock-on benefit of free software is often overlooked, but is real and increasing as open source applications start to be deployed within companies"

"Instead of trying to stop digital goods being circulated freely, businesses need to find ways of making money around those free goods. For free software, that has meant selling things like authorised versions and services. The recorded music industry already successfully sells authorised versions in competition with free versions, so that approach is being adopted, even if not consciously. On the services side, the crucial thing to recognise is that services mostly sell scarcity - people's expertise and time - and that there are equivalents in the world of music"

Why Making Money from Free Software Matters

We have a kind of social dilemma which comes from architectural creep. We had an Internet that was designed around the notion of peerage - machines with no hierarchical relationship to one another, and no guarantee about their internal architectures or behaviours, communicating through a series of rules which allowed disparate, heterogeneous networks to be networked together around the assumption that everybody's equal.
In the Web the social harm done by the client-server model arises from the fact that logs of Web servers become the trails left by all of the activities of human beings, and the logs can be centralised in servers under hierarchical control. Web logs become power. With the exception of search, which is a service that nobody knows how to decentralise efficiently, most of these services do not actually rely upon a hierarchical model. They really rely upon the Web - that is, the non-hierarchical peerage model created by Tim Berners-Lee, and which is now the dominant data structure in our world.
The services are centralised for commercial purposes. The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control. So the Web, with services equipped in a basically client-server architecture, becomes a device for surveillance as well as providing additional services. And surveillance becomes the hidden service wrapped inside everything we get for free.
The cloud is a vernacular name which we give to a significant improvement in the server-side of the web - the server, decentralised. It becomes, instead of a lump of iron, a digital appliance, which can be running anywhere. This means that for all practical purposes servers cease to be subject to significant legal control. They no longer operate in a policy-directed manner, because they are no longer iron, subject to territorial orientation of law. In a world of virtualised service provision, the server which provides the service, and therefore the log which is the result of the hidden service of surveillance, can be projected into any domain at any moment and can be stripped of any legal obligation pretty much equally freely.
This is a pessimal result.

read the rest here.
if you're too lazy to read watch it here.

And people have never lied about that before.

They do not, in any way, do a line-by-line audit. Anyone with even a slight understanding of malicious software will know many ways to sneak malware past Apple.

According to this story:
http://www.h-online.com/security/news/item/Researchers-show-infecting-smartphones-with-malware-is-relatively-easy-950091.html
It's not so easy.
Quote: "According to the researchers, only Apple's AppStore offers a certain amount of protection against malicious applications. Brown and Tijerina said that the AppStore rigorously checks the source code for potential security problems caused by buffer overflows, copyright infringements, and permitted protocols as well as APIs."

So, yes, I'm sort-of an Apple-fanboi. But enough mistakes have been made with the Windows-platform. We don't need a deja-vu on any mobile platform.

The headline states "Chavez to limit internet freedom" as if he has just instituted a Great Firewall of Venezuela. He has done nothing of the sort. All he has done is make a public call for more regulation of the internet to prevent false and defamatory information. Clueless politicians across the globe make similar calls all the time, even in the land of the free. Much more worrying is the planned Australian censorship of the internet.

http://www.h-online.com/security/news/item/Exploit-for-new-IE-hole-952183.html

English version of the report.

The FSF says to Google that it "can end the web's dependence on patent-encumbered video formats and proprietary software (Flash)". [...] The foundation says "Apple has had the mettle to ditch Flash on the iPhone and the iPad -- albeit for suspect reasons and using abhorrent methods (DRM)". This, they claim, has pushed web developers to create Flash-free alternatives of their pages.

So apart from their usual paranoia (on wich they had to backpedal in the past), the FSF thinks Apple is right on the issue.

Some are wondering how the DoJ and law enforcement will react to a major upsurge in fully encrypted traffic.

With glee, probably. Since Skype won't talk about how its protocols and software work, it's entirely possible that they have methods of monitoring all calls made on the network. (In fact, one Austrian official admitted that they have no problem intercepting Skype communications.) Even if the full encryption spec is published for cryptographic review and is found to be sturdy, the clients are closed-source, meaning they could simply wait for a specific kind of packet and switch the call into an unencrypted or poorly-encrypted mode for easy wiretapping.

From here: http://www.h-online.com/open/news/item/HTML5-controversy-centres-on-Adobe-Update-931069.html

Update - Ian Hickson has withdrawn his claims. In a posting to the W3C mailing list he said "I was under the impression (based on [1] and some posts to secret mailing lists) that Larry had filed a formal objection on the 2D Context part of what people outside this working group call HTML5. However, I see Larry has now posted publicly that this is not the case".

My guess, this troublemaking was real, but they are backpedalling now.

Adobe is playing the last cards in their slimy little hand to sabotage HTML5.

Standards bodies either survive attempts by wealthy corporate troublemakers to stop the open standards process, or they become irrelevant.

I can't wait to see Flash finally end. It's been a buggy, annoying tool to work with since it came on the scene. Even so, their reign should have been as endless as Windows - all it would have taken was the slightest bit of good stewardship. Too bad they couldn't even be bothered to keep up with 5-10 year old changes in hardware and operating systems.

It's fitting that Macromedia/Adobe's laziness and arrogance will destroy their grip on the web.

Its Active X in internet Explorer thats usually the issue. Turn it off

I'm sure I have seen this issue before about IE and the zero day issue in a news article.

Yep found it and it has those chinese hacker type persons in it as well in 2008. ;-)
http://www.h-online.com/security/news/item/Two-new-zero-day-exploits-dent-Microsoft-s-Patch-Tuesday-739273.html

Here is micro$oft's advice on how to disable Active content.
http://support.microsoft.com/kb/154036

They have Ted T'so of Linux filesystem fame working for them now.

The main objection of the open source community to TPM chips is that they are capable of generating public/private key pairs where the private key is contained within the TPM and is not even known to the computer owner. It is also possible, during manufacture, to inject private keys into a TPM that will be known to a third party, i.e. a computer manufacturer or major copyright holder, but again, not known to the computer owner. Potentially this leads to manufacturers and content providers being able to limit what the computer owner can and can't do with their PC. The Free Software Foundation refers to this kind of restriction of the computer owner and user's rights as "Tivoisation".

The most recent GNU General Public License (GPLv3) specifically states that GPLv3 licensed software is forbidden from running on platforms which require a private signing key, unless the key is freely available to the computer owner; this specifically excludes hardware that uses a TPM. This has been suggested as one of the reasons why, at present, the Linux kernel is sticking with GPLv2.

Does anyone have any information about whether this particular release will become RHEL 6?

The last info I saw on it was from this article.

Ext4 has been mature and stable for at least 3 years now.

Then why did a bunch of people lose data in March of this year?

That's fixed though. Just mount your filesystems with the option alloc_on_commit to get the safe Ext3 behavior.

Ext4 has been mature and stable for at least 3 years now.

No, it's been in the kernel for three years but was developmental for most of that. It was only declared stable with 2.6.28, which was released just over one year ago. Personally, I'm going to wait another year or two here. When it comes to file systems, I tend to be on the conservative side.

The latest version of Linux offers a whole host of new features – for example a USB 3.0 infrastructure, drivers for the Sound Blaster X-Fi, KMS support for Radeon chips and improved versions of Btrfs and Ext4. As is traditional with new Linux versions in the main development branch, however, this is only the tip of the iceberg.

Yes it is OSS. It's not GPL, but an open source frontend with the right license would still be OSS.

If the underlying driver isn't also GPL'd, then it's not open-source.
 
And as long as we don't have access to that underlying driver, we have no way to guarantee that there's no backdoor into our communications.
 
Of course, we already know that the Austrian interior ministry has confirmed it has no problem listening to Skype conversations.
 
If Austria can do it, it seems likely that other governments have that capability (even if they claim otherwise despite documentation to the contrary).

Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free?

Mr Gates, here's a list.

Not that he will ever read this.

"Steve Jobs belonged to the Homebrew Computer Club."

By William Henry Gates III

February 3, 1976

An Open Letter to Hobbyists

To me, the most critical thing in the hobby market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the hobby market?

Almost a year ago, Paul Allen and myself, expecting the hobby market to expand, hired Monte Davidoff and developed Altair BASIC. Though the initial work took only two months, the three of us have spent most of the last year documenting, improving and adding features to BASIC. Now we have 4K, 8K, EXTENDED, ROM and DISK BASIC. The value of the computer time we have used exceeds $40,000.

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these "users" never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?

Is this fair? One thing you don't do by stealing software is get back at MITS for some problem you may have had. MITS doesn't make money selling software. The royalty paid to us, the manual, the tape and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in hobby software. We have written 6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very little incentive to make this software available to hobbyists. Most directly, the thing you do is theft.

What about the guys who re-sell Altair BASIC, aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at.

I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at 1180 Alvarado SE, #114, Albuquerque, New Mexico, 87108. Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software.

Bill Gates

General Partner, Micro-Soft

Firstly, I have never been "hounded" by WGA. Sure, sometimes it wants to install before other updates. So does Windows Media Player and Internet Explorer.

Aside from that, you CAN patch from MS themselves without WGA, using Offline Update. You can even burn the resulting files to disk and take it with you for patching friends/families machines.

I didn't think it affected me either until I put a new copy of debian on a machine and did an "apt-get install gnome" and found a copy of mono being installed on my machine. What I want to know is WTF was debian even thinking when they did that? It's obvious they weren't thinking very well since they back-pedaled and claimed that mono wasn't in the default install, by which they mean that it's only in the gnome metapackage and not the gnome-core or gnome-desktop. It's also equally obvious that anyone who wants to install gnome will first try apt-get install gnome rather than the non-intuitive gnome-core. The point is that Mono is creeping into distributions ...

As a fellow Debian user, I too am incensed that Debian developers, without consulting the user base have taken a monumental leap away from the projects original stated goals and ideals. You now have a team of cockroaches inside the bread box: Eduard Bloch (Zomb), Mirco Bauer (meebey), Mirco Bauer (meebey), Sebastian Dröge (slomo), Jo Shields (directhex), and David Paleino (hanska) somehow got into Debian and are spending their time to inject contaminate it with Microsoft imitations of legitimate technologies.

" What this means in real terms is that the pkg-cli-apps, pkg-cli-libs and pkg-mono teams now have a second person with upload rights..."

Again, if Miguel's time on earth is so precious short, WTF is he spending it encouraging people to reinvent the wheel using failed products? Mono needs to be removed from Debian. The mono team needs to be removed from Debian. If they want to continue their work, fine, but do it in Redmond far away from the from any Open Source or Free Software projects.

The whole fiasco also speaks volumes to how the trade journals have been whittled down, removed and controlled. Debian was high-tech, ethical when it came out. Now gNewSense fills that role. However, there's no reason to cede Debian to Microsoft, especially not since important distros are built from Debian. But that would be the main reason Microsoft activist have it as a target to ruin.

With the back-pedalling, Debian leadership shows it is aware of the problem. Next step is to do something. Right now it looks like a personnel problem with a small clique pushing their personal agenda where the monomaniacal goal is to shove M$ technology in every project in existence. It doesn't seem to matter to them if something is good quality or bad, efficient or inefficient, appropriate or not licensed with a clear safe license or not.

Mono is start to end a Microsoft technology. Those few individuals writing to defend mono must cease astroturfing and offer full disclosure as to their employment. M$ astroturfing is not tolerated.

I didn't think it affected me either until I put a new copy of debian on a machine and did an "apt-get install gnome" and found a copy of mono being installed on my machine. What I want to know is WTF was debian even thinking when they did that? It's obvious they weren't thinking very well since they back-pedaled and claimed that mono wasn't in the default install, by which they mean that it's only in the gnome metapackage and not the gnome-core or gnome-desktop. It's also equally obvious that anyone who wants to install gnome will first try apt-get install gnome rather than the non-intuitive gnome-core. The point is that Mono is creeping into distributions ...

As a fellow Debian user, I too am incensed that Debian developers, without consulting the user base have taken a monumental leap away from the projects original stated goals and ideals. You now have a team of cockroaches inside the bread box: Eduard Bloch (Zomb), Mirco Bauer (meebey), Mirco Bauer (meebey), Sebastian Dröge (slomo), Jo Shields (directhex), and David Paleino (hanska) somehow got into Debian and are spending their time to inject contaminate it with Microsoft imitations of legitimate technologies.

" What this means in real terms is that the pkg-cli-apps, pkg-cli-libs and pkg-mono teams now have a second person with upload rights..."

Again, if Miguel's time on earth is so precious short, WTF is he spending it encouraging people to reinvent the wheel using failed products? Mono needs to be removed from Debian. The mono team needs to be removed from Debian. If they want to continue their work, fine, but do it in Redmond far away from the from any Open Source or Free Software projects.

The whole fiasco also speaks volumes to how the trade journals have been whittled down, removed and controlled. Debian was high-tech, ethical when it came out. Now gNewSense fills that role. However, there's no reason to cede Debian to Microsoft, especially not since important distros are built from Debian. But that would be the main reason Microsoft activist have it as a target to ruin.

With the back-pedalling, Debian leadership shows it is aware of the problem. Next step is to do something. Right now it looks like a personnel problem with a small clique pushing their personal agenda where the monomaniacal goal is to shove M$ technology in every project in existence. It doesn't seem to matter to them if something is good quality or bad, efficient or inefficient, appropriate or not licensed with a clear safe license or not.

Mono is start to end a Microsoft technology. Those few individuals writing to defend mono must cease astroturfing and offer full disclosure as to their employment. M$ astroturfing is not tolerated.

I didn't think it affected me either until I put a new copy of debian on a machine and did an "apt-get install gnome" and found a copy of mono being installed on my machine. What I want to know is WTF was debian even thinking when they did that? It's obvious they weren't thinking very well since they back-pedaled and claimed that mono wasn't in the default install, by which they mean that it's only in the gnome metapackage and not the gnome-core or gnome-desktop. It's also equally obvious that anyone who wants to install gnome will first try apt-get install gnome rather than the non-intuitive gnome-core.

The point is that Mono is creeping into distributions through packages like Tomboy. I think that things like Mono shouldn't be in default packages or a dialog should be asked for things which are clearly offensive to at least some significant portion of the linux community. You don't see them doing that for NVIDIA drivers, I know the licenses are different and Mono at least claims to be open-source but I guess there's a lot more people who want to avoid MS than people who want to avoid NVIDIA.

Have you been living under a rock?

In this case, I believe he is referring Slashdot story posted earlier this year where a company used GPL'd software (ScummVM) in a kids game. Basically, the shit hit the fan once the lawyers at Atari found out that the Wii SDK licensing agreement explicitly prohibits open source software licenses, like the GPL.

Are you saying that Ubuntu has a way to automatically download an ARM version of FireFox and OpenOffice?

I don't know about Ubuntu but Debian most certainly has Firefox and OpenOffice packages for ARM that are ready to use.

Even then, what about Flash and Adobe Reader? How am I going to play my favorite YouTube videos and Facebook games?

Do you really want to use a proprietary browser plugin with a horrible security history like Adobe Flash, with _known_ vulnerabilities that have been unpatched for over 8 months?
With new open technologies like HTML5, Flash is becoming more and more obsolete anyway.
YouTube videos can be easily downloaded and played with mplayer. Gnash, a reverse-engineered libre replacement for Adobe Flash, gets better continuously. Many Flash applications already work with Gnash, like YouTube or the flash photo galleries generated by some Adobe applications.

The libre software situtation is much better when it comes to PDF, as PDF is, unlike Flash, an open standard. There are plenty of libre alternatives to Adobe Reader, most of them less bloated and way faster than the original. The FSF has launched a portal site for those.

Are you saying that Ubuntu has a way to automatically download an ARM version of FireFox and OpenOffice?

I don't know about Ubuntu but Debian most certainly has Firefox and OpenOffice packages for ARM that are ready to use.

Even then, what about Flash and Adobe Reader? How am I going to play my favorite YouTube videos and Facebook games?

Do you really want to use a proprietary browser plugin with a horrible security history like Adobe Flash, with _known_ vulnerabilities that have been unpatched for over 8 months?
With new open technologies like HTML5, Flash is becoming more and more obsolete anyway.
YouTube videos can be easily downloaded and played with mplayer. Gnash, a reverse-engineered libre replacement for Adobe Flash, gets better continuously. Many Flash applications already work with Gnash, like YouTube or the flash photo galleries generated by some Adobe applications.

The libre software situtation is much better when it comes to PDF, as PDF is, unlike Flash, an open standard. There are plenty of libre alternatives to Adobe Reader, most of them less bloated and way faster than the original. The FSF has launched a portal site for those.

What kind of changes does it bring that I would/should give a !@# about?

I found this informative Heise article (linked to from the comments in TFA) gave helpful explanations, for example:

• Btrfs uses Copy on Write: Modified data is written into new data blocks to preserve the old data. Only once the data has been written is the tree to the data updated - until then, the file entry points to the old data blocks.
• Checksums verify metadata and data blocks, which allows flawed data to be detected
• Files can be compressed when they are written (mount option compress)
• The file system can be up-sized or down-sized as well as de-fragmented during operation

It's not quite ready for prime time yet, but looks good.

It was withdrawn from the contest

How many iPhone app reviewers are there? How long does it take to fully test an application so you don't get sued for allowing something that:

1) Bricks the phone 2) Has child porn shoved inside it 3) Is free, barely does what the description says it will do, and yet you need to waste your time deciding if it's just not broken enough to put up there

If there are one hundred app reviewers, there are too few.

How about simply being a Trojan? Apple just let through one.
Well, no, actually, that was the Symbian guys.

he Symbian Foundation plans to revise its procedures for testing and signing software after digitally signing a trojan for its Symbian mobile phone operating system by mistake.

Will this kill Symbian, or don't they have to fear there will be many people trying to sign software for it?

SCO is reborn.

You heard me right SCO is reborn to file another frivolous lawsuit.

http://www.h-online.com/open/SCO-vs-Linux-New-investor-rescues-SCO-from-bankruptcy--/news/113540

The original plan was 100% by 2008, the current plan is 80% by 2012. It all started in 2004

Anyway, the suitor has been announced: Gulf Capital Partners. Which raises the question: is there a Microsoft connection to these guys? The only company with any discernible reason to keep Sweet Zombie SCO alive is Microsoft.

I have answered my question: yes there is a definite MS connection. "The issue is not if you're paranoid, it's if you are paranoid enough." -- Max, "Strange Days"

The best places to check are:

http://www.endpcnoise.com/
http://www.silentpcreview.com/
http://www.acousticpc.com/
According to this, 3d support for r6xx and r7xx ATI cards (currently, everything numbered HD 2000 and up) is finally coming out.

Here is one card for $70 that meets your criteria if the 3D support above is really there.
http://www.silentpcreview.com/powercolor-hd4650