Information freedom for open source users.

The Microsoft Vulnerability Research program said Wednesday that third party developers have patched less than half the bugs it reported to them over the past 12 months.

SimplyMEPIS is a simply wonderful distribution. It was the first to offer a complete out of the box experience all tied up in a pretty package. It would be fair to say that it was probably the inspiration for many of the easy-to-use distributions available today. more>>

Even though most Android users are still waiting for Android 2.2, details about the next version Android 3.0, or Gingerbread are starting to emerge. Android 3.0 release date is looking like Q4 of this year, possibly around October. And Gingerbread may already be in some testers’ hands – Phandroid has shown an unverified photo of a test build of Android 3.0 running in the wild.

Cyber Cynic: “I get that Apple’s iPad is hotter than hot with over three million sold so far, but to say “Apple has won the battle for tablet computing already” is really overreaching.”

NCR announced two compact POS (point of sale) devices that run SUSE Linux for Point of Service, as well as a number of Windows operating systems. The RealPOS 40 and RealPOS 60 use Intel Atom and Celeron processors, respectively, offer enhanced energy efficiency, and provide both four powered serial ports and up to eight powered USB ports, the company says.

eSecurityPlanet: “Starting with Bouncer 6.0, the company is moving to a software appliance model powered by Ubuntu Linux.”

The Linux Mint development team have issued the KDE Edition of version 9 of their Ubuntu-based Linux distribution, code named “Isadora”. Linux Mint aims to be user friendly and to provide a more complete out-of-the-box experience by including support for DVD playback, Java, and various plug-ins and media codecs.

Basket Note Pads is a multipurpose note-taking application for KDE. Business people can use it to keep track of important tasks and notes. Writers can use it to organize their thoughts. Students can use it for note taking. And generally anyone can use it as a virtual paste bin or clip drawer. Basket was one of the last KDE 3 programs to be ported to KDE 4. While the development appeared to have stalled for some time, it has picked up again, and the developers have released a beta version for KDE 4.

IT World: “I’ve been taking some shots at open core lately, because I’ve come to the realization there are inherent flaws in this business model as it relates to open source.”

Let’s catch up quickly in the Psystar/Apple situation, so we don’t miss any of the action. When I read the new DMCA exemptions EFF won, I immediately started to think about Psystar, so I wanted to see what’s new. Maybe you did too. So here’s the latest I could find. The appeal is going forward. Presumably the next step in the appeal will be oral argument, although I can’t swear to it, since Psystar filed its brief under seal with the Ninth Circuit Court of Appeals back in May, so we can’t read it, and that’s when they would have made the request or not. I can’t believe the entire document needed to be sealed, but that is what happened. Perhaps they’d prefer we not get a chance to analyze it?

Tech Source: “In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 cloud based service provided through the efforts of a security researcher known as Moxie Marlinspike.”

The developers behind the GNOME project have gathered in the Netherlands this week for the annual GUADEC conference. During a meeting that took place at the event, the GNOME release team made the difficult decision to delay the launch of GNOME 3, the next major version of the popular open source desktop environment. The new version has been deemed unready for mass consumption and will need another round of refinements before it can achieve the level of maturity and robustness that is expected by the software’s users.

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

Corporate backing and a large supportive community – almost all Linux distributions can boast of at least one half of that. Fedora, since its inception in late 2003 as Red Hat’s community distribution, has nurtured around itself a devoted community. It has achieved this after providing, release after release, an innovative and complete distribution that demands attention and respect.

The Geek Stuff: “When I drafted this article, I really came-up with 7 sysadmin habits. But, out of those 7 habits, three really stood out for me.”

Researchers at the Georgia Institute of Technology are helping the U.S. military analyze and develop the advantages of open-source software — programs that make their source code open to others so it can be changed and improved. Bringing many minds to bear on a given program can lead to software that is both high quality and low cost, or even free. For example, the Linux operating system, which licenses its basic source code for free, is now used to run many servers in companies, government and academia. The U.S. military is interested in open source, too, because it offers the potential for increased speed and flexibility, among other advantages. Scientists and engineers from the Georgia Tech Research Institute (GTRI) are working with military agencies to maximize the open-source potential.

Linux User and Developer: “Mostly seen as a scripting language for system administrators, it is actually capable of doing almost everything and beyond the limitations of regular programming languages. Python started its life as a time-saver programming language.”