FOSS Friday | WordPress vs. Thesis, Mandriva Drags on and Ubuntu keeps getting Better

This week in FOSS, we see a variety of happenings. As always, Ubuntu is generating buzz with the latest Unity theme and Mandriva Linux, which appeared dead earlier has resurrected.

GPL causes tension between WordPress and Thesis creator DIY Themes

GPL has some confusing rules and terms. WordPress creator Matt Mullenweg has accused Chris Pearson of  DIY Themes for GPL infringement. He has raised an issue citing that WordPress is released under GPL and Thesis is based around WordPress but is closed.

However, Chris Pearson has a strong defense pointing out that WordPress is like a platform and Thesis is based around WordPress but does not inherit any code from it. That makes it free of any GPL bindings. However, upsetting WordPress creators will land Thesis in an uncomfortable position.

Read more.

Mandriva comes back, planning to stay afloat for now

Mandriva Linux went into oblivion a few months ago when the company behind it shut down. However, some organizations depended on Mandriva for their business and decided to bring Mandriva back on track.

Therefore, Mandriva will live for now. However, it will be distributed exclusively and will be available on OEMs from now onwards.

Read more.

Unity Ubuntu theme aims for features

Unity theme for Ubuntu will be available from the next version onwards and has an impressive lightweight interface. However, the folks at Ubuntu have decided to focus on features and functionality of the theme now. With that in mind, the theme sports new features like Quicklists and global search.

Read more.

Palm: The Golden Goose Apple, Google, RIM HTC, Lenovo and HP was after

Palm was  sold out for a sum of $1.2 billion earlier this year. HP, which emerged as the winning bidder raced against six other tech giants, the details of which was shady until now. Recently,  Businessinsider has written a report on the deal highlighting the companies that were interested in Palm.


Surprisingly, the list includes giants like Google and Apple. We all know how  HTC walked out of the deal seeing  Palm’s poor position and left  Lenovo as a promising candidate. Later, HP swept in and took the bid with a deciding amount.

Now, both Apple and Google have a decisive share of the mobile OS world. Then why would they want to buy a competitor? It appears that Palm has a huge library of patents numbered at over 400 and another 400 in pending. This made Palm the golden goose that almost everyone wanted.

Sadly, HP outbid Apple  and Google never knew that Apple was participating in the bid. Otherwise, Palm would have been Google property and we would have seen Google supporting two competing platforms WebOS and Android.

HP has no interest in mobile technologies. However, it aims to use the IP technologies in the Palm WebOS to help printers interact over a network and to develop a tablet it has in store.


Open Source Hardware is now an Industry Standard

Over thirteen companies in this world deal in open source hardware and are all million-dollar companies. Though, the ideology of open source hardware has not become popular yet due to ignorance. However, things have started changing and open source hardware will see more acceptance very soon.

CNET News writes,

Unlike open-source software, because there have been no formal definitions, many people may not even be aware of the growing industry. But already some of those practicing its general principles have become household names among the geek set: Arduino, the programmable single-board microcontroller and software suite; Chumby, a popular Wi-Fi device; MakerBot, a low-priced 3D printer; and Adafruit, a maker of do-it-yourself hardware kits for things like MP3 players and more.

The first step to this is issuing a formal definition of open source hardware and the change is already in place. open source hardware has been formally defined as given in  this page.

The formal definition will go a long way in establishing businesses around this ideology and popularize it. This video on Open Source hardware gives an overview of the concept.

Open source hardware $1m and beyond – foo camp east 2010 from adafruit industries on Vimeo


We hope to see more such popular businesses based around open source hardware.

OpenSolaris is Still on a Rocking Boat

OpenSolaris has had a bad time ever since Oracle acquired Sun. There were reports of free CD’s from Open Solaris being halted. However, Oracle responded to some questions regarding OpenSolaris assuring that  OpenSolaris will live. However, we have come a long way from then and there are no visible efforts from Oracle to save OpenSolaris. It seems like; Oracle has just left OpenSolaris to let it die alone!


The  OpenSolaris governing board is left clueless in this situation and has issued an ultimatum to Oracle that if it does not nominate a contact person, the  board will dissolve itself putting OpenSolaris under the responsibility of Oracle directly.

The Oracle and OpenSolaris teams did not start with a friendly term and this is affecting OpenSolaris.

However, contrary to many beliefs, I think Oracle is doing great. Firstly, it bought a plummeting company, which needs some  applause. The deal included a host of services and technologies, which are managed by communities. MySQL, OpenSolaris, they all fall under this category and this is outside the realms of Oracle’s business model. They have not done this business earlier and are taking their time to get things back on track.

We can clearly see results here! MySQL fans have stopped complaining. OpenSolaris will have its turn soon too. We need to trust Oracle. At least, that is the best we can do right now.

Reddit is having Funding Problems In Spite of Doing 280 Million Pageviews per Month!

Is Reddit having funding problems in spite of doing 280 million pageviews per month?  Reddit is supposed to be a place for great geek minds. It is famous for its geeky humor and for doing stories and threads rarely found elsewhere.

This popularity pushed Reddit to 280 million pageviews per month, which is  humongous  in itself. However, the funniest part of this is that Reddit is not really monetizing this traffic. On top of that, it has started to face some monetary issues and has considered asking for donations from its readers.

For those of you who do not know, Reddit is part of Condé Nast that happens to be a billion dollar corporation and has  authoritative blogs like ArsTechnica and Wired under its banner.

Clearly, the company is ignoring Reddit for some weird reason. The Reddit community is one of the most popular across the Internet and this is the reason why Mike Schiraldi, one of the engineers behind Reddit had to ask for donations. Apparently, Reddit’s enjoys only a small share of the annual budget of Condé Nast  here.

However, Reddit has survived this long without making use of its readers to earn and this might be the right thing to do. Though, going low on funds changes many things.


Face it Apple. Your iPhone 4 has Signal Problems and Consumer Reports’ Engineers have Proof

We see that the iPhone 4 reception ballyhoo turns up a number of times at numerous places and Apple just throws one lame excuse after another at its consumers, making things worse for itself in the end. Apple recently turned up with the idea of “Blame it all on the software” but apparently, Consumer Reports has outsmarted that idea and has conducted some extensive signal quality test on the iPhone 4 to prove this. Undoubtedly, the fault is with the crappy hardware the iPhone 4 is made of.


The  Consumer Reports blog writes,

It’s official. Consumer Reports’ engineers have just completed testing the iPhone 4, and have confirmed that there is a problem with its reception. When your finger or hand touches a spot on the phone’s lower left side—an easy thing, especially for lefties—the signal can significantly degrade enough to cause you to lose your connection altogether if you’re in an area with a weak signal. Due to this problem, we can’t recommend the iPhone 4.

With that, Consumer Reports gives Apple thumbs down. The iPhone 4 was pitted against the Palm Pre and the iPhone 3GS on an AT&T network and none of them had signal problems of the level of iPhone 4. The report says,

We reached this conclusion after testing all three of our iPhone 4s (purchased at three separate retailers in the New York area) in the controlled environment of CU’s radio frequency (RF) isolation chamber. In this room, which is impervious to outside radio signals, our test engineers connected the phones to our base-station emulator, a device that simulates carrier cell towers (seevideo: IPhone 4 Design Defect Confirmed). We also tested several other AT&T phones the same way, including the  iPhone 3G S and the  Palm Pre. None of those phones had the signal-loss problems of the iPhone 4.

Not only this, they came up with an affordable solution for this signal problem! The solution is as it appears at many other places; to cover the antenna gap with a duct tape. Apple is selling a case to solve this “Software” issue but you can  get it free as well.

This has gotten the iPhone 4 out of the recommended phone list at Consumer Reports even though it performs exceptionally well in other categories of smartphone comparison. It is time Apple faces that it made a bad iPhone otherwise, it is going to have a bad year all throughout 2010.

(Via: Techmeme)

REMnux, an Ubuntu Fork to Reverse Engineer Malware

REMnux is a nifty security tool based on Ubuntu. It is essentially a stripped down version of Ubuntu to create a sandbox environment and test for exploits remotely. The  official website defines REMnux as,

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on  Ubuntu and is maintained by Lenny Zeltser.

REMnux comes pre-loaded with an array of security related tools to check network activity, check memory activity and to debug and understand code execution.

The features of REMnux are best explained as,

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for  analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

Setting up of virtual environments is an essential step in checking security hacks and REMnux does exactly that. The download is a VMware virtual machine file, which is actually a stripped down version of Ubuntu. Adobe and JavaScript vulnerability scanning tools are available by default making this an excellent tester for browser security.

Try REMnux  here.

Hackers Crack Skype’s Proprietary VOIP Protocol

Skype is the current leader in VOIP technologies and generates a lot of buzz with each of the developments it makes. Skype holds its VIOP technology as its most prized possession and a hacker has recently managed to crack it!


For obvious reasons, Skype is unhappy at the blog, which pointed this out and brought down the post in question. However, it is still available on  Google Cache.

The author  Sean O’Neil  writes in his blog saying,

For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries.

It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption – the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all.

O’Neil  wants to say that Skype uses all the security it can to secure its voice data. There are seven encryptions involved in Skype’s protection and it was broken only for educational purpose. The people behind this hack are IT Cryptologists. However, they also admit to the fact that a part of this code was leaked and might be in use by crackers already.

Skype is being very secretive about this and is refusing to make any official reply. Clearly, it is a fault on part of the hackers that this code was leaked. Still, Skype should officially assure its users regarding this security issue.

(News Source)

Hacker Pwnes Google Chrome’s Security Brags with a Plugin

Google has made every attempt to keep Chrome secure and safe from hackers. However, it was only a question of days before someone outsmarted their annoying sandbox and today is the day.

Google Chrome has been hacked by a browser plugin! The plugin checks for login account details on Gmail, Twitter and Facebook and runs with the help of JQuery. Once again, this is a proof of concept hack and will not leak any information retrieved in the process.

The hack has exploited the access to DOM, which the plugins are allowed. The hack can also be used to steal cookies and hijack sessions as reported by the hacker Andreas Grech on his blog.

He writes,

The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.

By allowing access to the DOM, an attacker can thus read form fields…including username and password fields. This is what sparked my idea of creating this PoC.

The extension I present here is very simple. Whenever a user submits a form, it tries to capture the username and password fields, sends me an email via an Ajax call to a script with these login details along with the URL and then proceeds to submit the form normally as to avoid detection.

Google Chrome’s sandbox for plugins just got pwned.


YouTube Adds Support for 4096p Videos

YouTube is really pushing it. It started providing 1080p videos a few months ago in December 2009 and today, a post on the YouTube blog talked about support for 4096p videos. To help you have an idea, that is the size of a 25 feet screen.

The video resolution of 4K or 4096p is 4096 x 3072 and it is giant in size. According to the blog post on YouTube, the IMAX movies projects their movies using two 2K projectors. The current highest resolution (1080p) video on YouTube is 1K.

However, the idea of such a video support is questionable. To start with, who on earth other than lucky granny has that kind of an internet connection. Those videos will buffer endlessly at many countries and clearly, YouTube and Google does not care. This is a clear move to make people want for the 1 Gb/s connection Google has in store, and sure as hell, I am already falling for it. Too bad, I am not in the US.

The YouTube blog writes on this saying,

We always want videos on YouTube to be available in the highest quality possible, as creators intend. In December of last year, we announced support for 1080p, or full HD. At 1096 x 3072 pixels, 4K is nearly four times the size of 1080p. To view any video in a source resolution greater than 1080p, select “Original” in the video quality pulldown menu.