The 2008 Linux Journal Readers’ Choice Awards

“The Readers’ Choice Awards take the current pulse of the Linux Community year. Here are the tools you use every day in your work and play. (…)”

More.

Ubuntu 8_04 LTS Desktop & Server

Ubuntu 8.04 LTS Desktop Edition Released.

Integrates the Latest Stable Applications with Long Term Support.

LONDON, April 21, 2008 – Canonical Ltd. announced the upcoming availability of Ubuntu 8.04 LTS Desktop Edition for free download on Thursday 24 April. In related news, Canonical also announced the simultaneous release of Ubuntu 8.04 LTS Server Edition.
Ubuntu 8.04 Long Term Support (LTS) provides a stable platform for software and hardware vendors, developers and users. With three years of support and maintenance on the desktop, 8.04 LTS is a great choice for large-scale deployment. A substantial and growing ecosystem of free and commercial software built for Ubuntu provides a rich set of choices for desktop users. This is the eighth desktop release of Ubuntu. Ubuntu’s track record in delivering – on a precise schedule every six months – a commercial operating system that is free, stable, secure and fully supported, remains unique.
“Ubuntu 8.04 LTS Desktop Edition is a very significant release as it will take Ubuntu squarely into the business environment,” said Jane Silber, COO of Canonical Ltd. “Our business and home users have told us that they want a longer support cycle to make Ubuntu a better deployment option. We have responded to that and added a commitment to much broader software and hardware support that we and our partners are excited to deliver. With enhanced commercial support through Landscape, combined with our always excellent community support, expect to see 8.04 LTS drive Ubuntu into new arenas.”
“Ubuntu’s polished, user focused version of the Linux desktop has built itself a wide enough following to compel significant ISV interest and support,” said Stephen O’Grady, principal analyst at Redmonk. “By coupling a very capable desktop offering with long term support options, Ubuntu is becoming an increasingly viable option for enterprises as well as consumers.”
“Lotus Notes and Lotus Domino bring highly scalable messaging and industry-leading collaboration to the Ubuntu desktop,” said Kevin Cavanaugh, vice president of IBM Lotus Software. “We believe the extended multi-year support for Ubuntu 8.04 LTS makes it an excellent desktop solution for corporate users who wish to deploy Lotus Notes on an open platform.” (…) More.

…

Latest Server Release Expands Ubuntu Enterprise Profile.

Ubuntu 8.04 LTS Server Edition Combines Advanced Functionality With Five Years of Maintenance and Support.

LONDON, April 21, 2008 – Canonical Ltd. announced the upcoming availability of Ubuntu 8.04 LTS Server Edition for free download on Thursday 24 April. In related news, Canonical also announced the simultaneous release of Ubuntu 8.04 LTS Desktop Edition.
Ubuntu 8.04 Long Term Support (LTS) Server Edition adds new features to enhance the performance, stability and security of this fully supported general platform. The LTS release sees further expansion of the commercial ecosystem of software, hardware and services vendors supporting Ubuntu Server.
The extended maintenance period meets demand from business users to deploy Ubuntu widely over a period of years. It also positions Ubuntu Server as a platform on which hardware and software vendors can build commercial solutions. A wide range of vendors have declared support for Ubuntu 8.04 LTS, and more are currently testing and certifying the release.
“Ubuntu 8.04 LTS Server Edition is built for business,” said Jane Silber, COO of Canonical Ltd. “This release brings together significant feature and stability improvements to a free and open platform. Ubuntu 8.04 LTS is at the centre of a growing ecosystem of applications that serve businesses of all sizes extremely well. We look forward to seeing its adoption grow across the five years we will support it.”
As part of its news today, Canonical also announced that Ubuntu 8.04 LTS Server Edition is certified on several high performance, energy efficient Sun x64 server platforms, including the Sun Fire X2100 M2, X2200 M2 and Sun Fire X4150 servers. Lisa Sieker, vice president of Systems Marketing, Sun Microsystems says, “Sun is committed to providing customers a choice of operating systems on our x64 servers. Sun has worked closely with Canonical since early 2006 and we continue to see growing interest in Ubuntu on Sun platforms.” (…) More.

Epiphany using WebKit r32284 gets 100/100 (Acid3)

Epiphany using WebKit r32284 gets 100/100 (Acid3).

Recently we’ve been working to finish off and land the last couple of fixes to get a perfect pixel-for-pixel match against the reference Acid3 rendering in WebKit/GTK+. I believe we’re the first project to achieve this on Linux — congratulations to everyone on the team!

Great work guys. Congrats.

Sun Touts Big Plans for OpenSolaris As First Release Nears

Sun Touts Big Plans for OpenSolaris As First Release Nears.

Sun’s Ian Murdock gave a presentation about OpenSolaris at LugRadio Live this past weekend. He hopes to expose open source enthusiasts to unique Sun technologies by creating a cohesive distribution that will provide a complete environment that is adequate for day-to-day use. This will involve bringing together the Solaris operating system and a diverse assortment of open source community projects and “adding a package management system to hold all these pieces together,” Murdock stated. The final release will take place in May and the distribution will adhere to a six-month release cycle, just like Fedora and Ubuntu.

The Internet Security Threat Report April 2008

About this Symantec Report, read !!

• The Partial Relativity of Bullshit.
• The Most Stupid Security News Ever.

 

Apple Adds Anti-Hacker Features to QuickTime (via eWeek)

Apple Adds Anti-Hacker Features to QuickTime (via eWeek)

Faced with a security crisis affecting its media player, Apple responds with key exploit prevention mechanisms aimed at thwarting hacker attacks.

Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits.

The XPMs (exploit prevention mechanisms) have been fitted into the WIndows and Mac OS X versions of QuickTime 7.4.5, a new update that also patches 11 high-risk security vulnerabilities.

According to a source familiar with Apple’s moves, QuickTime for Windows Vista now features ASLR (address space layout randomization), a security technology that randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses.

ASLR, which has been used by Apple to add code scrambling diversity to Mac OS X Leopard, is used in tandem with additional security features to reduce the effectiveness of exploit attempts.

Several open-source security systems – OpenBSD, PaX and Exec Shield – already implement ASLR in some form. Microsoft has also fitted ASLR into default configurations of Windows Vista.

In addition to ASLR, QuickTime for Windows will also do stack buffer safety checking (Visual Studio 2005’s /GS option) and support for hardware NX on Windows Vista.

The security hardening has also extended to QuickTime for Mac OS X, which gets:

1. Stack buffer safety checking (-fstack-protector to gcc)

2. Function call hardening, which should prevent some buffer overflows

Security researchers reacted to Apple’s move with applause. “That’s a pretty big change for a point release,” said Dino Dai Zovi, a hacker who has written multiple exploits for QuickTime. “They [Apple] have way more guts than many other software companies to do something like that. Either that, or they are afraid of the backlash if malware starts targeting QuickTime and iTunes in a more serious way.”

Dai Zovi, who used a QuickTime exploit to hack into a MacBook Pro machine at the 2007 CanSecWest security conference, said the decision to enable the use of ASLR and NX on Vista will hamper exploits.

“QuickTime looks like it may have just gotten more difficult. That is definitely a good thing,” Zovi said.

New Botnet Dwarfs Storm (via slashdot)

New Botnet Dwarfs Storm (via slashdot)

ancientribe writes:
“Storm is no longer the world’s largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers.”

Sin comentarios…

REPOST: Ode to Security Researchers

REPOST: Ode to Security Researchers:

After reading some articles (not only: ‘Linux Ignored, Not Immune,’ Says Hacker Contest Sponsor), I have decided to repost a previous entry ;-) In my opinion, the same applies to some journalists, bloggers, software developers, et cetera…

By Martin Pittenauer – 0×2a: Ode to security researchers

 “Dear security researchers, that…

• don’t prance around like a pwnie over every 0day
• value responsibility and public interests over your own ego
• have grown up
• don’t complain about people who haven’t, all the time
• understand software development processes and the meaning of “trivial”
• don’t insist on being baby-sitted 24/7 by $BIG_COMPANY
• aren’t at the center of the universe
• can resist making cheap jokes
• have written code worth mentioning, to broaden your horizon
• can make their outcome without having to pimp their personality, sell stuff to questionable characters or use tactics akin to extortion
• face discussion instead of declaring everybody else stupid
• don’t try so very hard to be a cool kid

…, I wish there were more of you.”

Well, as an open-mined person, I have decided to transcript this to your consideration…

Linux Foundation Publishes Study on Linux Development Statistics

Linux Foundation Publishes Study on Linux Development Statistics: Who Writes Linux and Who Supports It.

ANNOUNCEMENT: The Future of Epiphany

ANNOUNCEMENT: The Future of Epiphany (edit: the Gnome web browser)

“(…)This single back-end will be * WebKit *.

We see several advantages in WebKit. These include:

* The WebKit APIs. The API has been designed from the ground up, and
feels like any other GObject based API. A two-way GObject bindings to
the web page’s DOM, and to JavaScript is in development;
this will allow us and our Extensions to access the DOM directly, which
hasn’t been possible before in Epiphany in either C or Python.
* WebKit uses Gnome technologies directly. Similarly to Gecko, it uses
Cairo for graphics, and Pango for the rendering. On top of that, it uses
libsoup for the network layer, and GStreamer for the <video> and <audio>
tag support in HTML5.
* Starting in time for Gnome 2.24, WebKit/GTK+ will implement a
6-month release cycle synchronised with the Gnome release schedule.
* We feel that WebKit has the momentum, and can bring more developers
to both Epiphany directly and the Gnome platform by extension.
WebKit/GTK+ already has more people working on it than are working on
either GtkMozEmbed or the Epiphany gecko back-end.
* WebKit is a better match for *other* uses in Gnome, e.g. as a HTML
widget in Yelp, in Devhelp, and as an editor in Evolution replacing
GtkHTML.
We will propose WebKit as an approved external dependency for Gnome.
In case that we are unable to complete this development in time for
2.24.0, we will delay the new Epiphany to 2.26. For this end, we will
maintain the gnome-2-22 branch in a state that allows us to potentially
make the 2.24.0 release off of that branch.”