Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.
This week in FOSS, we see a variety of happenings. As always, Ubuntu is generating buzz with the latest Unity theme and Mandriva Linux, which appeared dead earlier has resurrected.
GPL causes tension between WordPress and Thesis creator DIY Themes
GPL has some confusing rules and terms. WordPress creator Matt Mullenweg has accused Chris Pearson of DIY Themes for GPL infringement. He has raised an issue citing that WordPress is released under GPL and Thesis is based around WordPress but is closed.
However, Chris Pearson has a strong defense pointing out that WordPress is like a platform and Thesis is based around WordPress but does not inherit any code from it. That makes it free of any GPL bindings. However, upsetting WordPress creators will land Thesis in an uncomfortable position.
Mandriva comes back, planning to stay afloat for now
Mandriva Linux went into oblivion a few months ago when the company behind it shut down. However, some organizations depended on Mandriva for their business and decided to bring Mandriva back on track.
Therefore, Mandriva will live for now. However, it will be distributed exclusively and will be available on OEMs from now onwards.
Unity theme for Ubuntu will be available from the next version onwards and has an impressive lightweight interface. However, the folks at Ubuntu have decided to focus on features and functionality of the theme now. With that in mind, the theme sports new features like Quicklists and global search.
Now, both Apple and Google have a decisive share of the mobile OS world. Then why would they want to buy a competitor? It appears that Palm has a huge library of patents numbered at over 400 and another 400 in pending. This made Palm the golden goose that almost everyone wanted.
Sadly, HP outbid Apple and Google never knew that Apple was participating in the bid. Otherwise, Palm would have been Google property and we would have seen Google supporting two competing platforms WebOS and Android.
HP has no interest in mobile technologies. However, it aims to use the IP technologies in the Palm WebOS to help printers interact over a network and to develop a tablet it has in store.
Over thirteen companies in this world deal in open source hardware and are all million-dollar companies. Though, the ideology of open source hardware has not become popular yet due to ignorance. However, things have started changing and open source hardware will see more acceptance very soon.
Unlike open-source software, because there have been no formal definitions, many people may not even be aware of the growing industry. But already some of those practicing its general principles have become household names among the geek set: Arduino, the programmable single-board microcontroller and software suite; Chumby, a popular Wi-Fi device; MakerBot, a low-priced 3D printer; and Adafruit, a maker of do-it-yourself hardware kits for things like MP3 players and more.
The first step to this is issuing a formal definition of open source hardware and the change is already in place. open source hardware has been formally defined as given in this page.
The formal definition will go a long way in establishing businesses around this ideology and popularize it. This video on Open Source hardware gives an overview of the concept.
OpenSolaris has had a bad time ever since Oracle acquired Sun. There were reports of free CD’s from Open Solaris being halted. However, Oracle responded to some questions regarding OpenSolaris assuring that OpenSolaris will live. However, we have come a long way from then and there are no visible efforts from Oracle to save OpenSolaris. It seems like; Oracle has just left OpenSolaris to let it die alone!
The Oracle and OpenSolaris teams did not start with a friendly term and this is affecting OpenSolaris.
However, contrary to many beliefs, I think Oracle is doing great. Firstly, it bought a plummeting company, which needs some applause. The deal included a host of services and technologies, which are managed by communities. MySQL, OpenSolaris, they all fall under this category and this is outside the realms of Oracle’s business model. They have not done this business earlier and are taking their time to get things back on track.
We can clearly see results here! MySQL fans have stopped complaining. OpenSolaris will have its turn soon too. We need to trust Oracle. At least, that is the best we can do right now.
Is Reddit having funding problems in spite of doing 280 million pageviews per month? Reddit is supposed to be a place for great geek minds. It is famous for its geeky humor and for doing stories and threads rarely found elsewhere.
This popularity pushed Reddit to 280 million pageviews per month, which is humongous in itself. However, the funniest part of this is that Reddit is not really monetizing this traffic. On top of that, it has started to face some monetary issues and has considered asking for donations from its readers.
We see that the iPhone 4 reception ballyhoo turns up a number of times at numerous places and Apple just throws one lame excuse after another at its consumers, making things worse for itself in the end. Apple recently turned up with the idea of “Blame it all on the software” but apparently, Consumer Reports has outsmarted that idea and has conducted some extensive signal quality test on the iPhone 4 to prove this. Undoubtedly, the fault is with the crappy hardware the iPhone 4 is made of.
It’s official. Consumer Reports’ engineers have just completed testing the iPhone 4, and have confirmed that there is a problem with its reception. When your finger or hand touches a spot on the phone’s lower left sideâ€”an easy thing, especially for leftiesâ€”the signal can significantly degrade enough to cause you to lose your connection altogether if you’re in an area with a weak signal. Due to this problem, we can’t recommend the iPhone 4.
With that, Consumer Reports gives Apple thumbs down. The iPhone 4 was pitted against the Palm Pre and the iPhone 3GS on an AT&T network and none of them had signal problems of the level of iPhone 4. The report says,
We reached this conclusion after testing all three of our iPhone 4s (purchased at three separate retailers in the New York area) in the controlled environment of CU’s radio frequency (RF) isolation chamber. In this room, which is impervious to outside radio signals, our test engineers connected the phones to our base-station emulator, a device that simulates carrier cell towers (seevideo: IPhone 4 Design Defect Confirmed). We also tested several other AT&T phones the same way, including the iPhone 3G S and the Palm Pre. None of those phones had the signal-loss problems of the iPhone 4.
Not only this, they came up with an affordable solution for this signal problem! The solution is as it appears at many other places; to cover the antenna gap with a duct tape. Apple is selling a case to solve this “Software” issue but you can get it free as well.
This has gotten the iPhone 4 out of the recommended phone list at Consumer Reports even though it performs exceptionally well in other categories of smartphone comparison. It is time Apple faces that it made a bad iPhone otherwise, it is going to have a bad year all throughout 2010.
REMnux is a nifty security tool based on Ubuntu. It is essentially a stripped down version of Ubuntu to create a sandbox environment and test for exploits remotely. The official website defines REMnux as,
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.
REMnux comes pre-loaded with an array of security related tools to check network activity, check memory activity and to debug and understand code execution.
The features of REMnux are best explained as,
Skype is the current leader in VOIP technologies and generates a lot of buzz with each of the developments it makes. Skype holds its VIOP technology as its most prized possession and a hacker has recently managed to crack it!
For obvious reasons, Skype is unhappy at the blog, which pointed this out and brought down the post in question. However, it is still available on Google Cache.
The author Sean O’Neil writes in his blog saying,
For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries.
It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption – the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all.
O’Neil wants to say that Skype uses all the security it can to secure its voice data. There are seven encryptions involved in Skype’s protection and it was broken only for educational purpose. The people behind this hack are IT Cryptologists. However, they also admit to the fact that a part of this code was leaked and might be in use by crackers already.
Skype is being very secretive about this and is refusing to make any official reply. Clearly, it is a fault on part of the hackers that this code was leaked. Still, Skype should officially assure its users regarding this security issue.
Google has made every attempt to keep Chrome secure and safe from hackers. However, it was only a question of days before someone outsmarted their annoying sandbox and today is the day.
Google Chrome has been hacked by a browser plugin! The plugin checks for login account details on Gmail, Twitter and Facebook and runs with the help of JQuery. Once again, this is a proof of concept hack and will not leak any information retrieved in the process.
The hack has exploited the access to DOM, which the plugins are allowed. The hack can also be used to steal cookies and hijack sessions as reported by the hacker Andreas Grech on his blog.
By allowing access to the DOM, an attacker can thus read form fields…including username and password fields. This is what sparked my idea of creating this PoC.
The extension I present here is very simple. Whenever a user submits a form, it tries to capture the username and password fields, sends me an email via an Ajax call to a script with these login details along with the URL and then proceeds to submit the form normally as to avoid detection.
Google Chrome’s sandbox for plugins just got pwned.
YouTube is really pushing it. It started providing 1080p videos a few months ago in December 2009 and today, a post on the YouTube blog talked about support for 4096p videos. To help you have an idea, that is the size of a 25 feet screen.
The video resolution of 4K or 4096p is 4096 x 3072 and it is giant in size. According to the blog post on YouTube, the IMAX movies projects their movies using two 2K projectors. The current highest resolution (1080p) video on YouTube is 1K.
However, the idea of such a video support is questionable. To start with, who on earth other than lucky granny has that kind of an internet connection. Those videos will buffer endlessly at many countries and clearly, YouTube and Google does not care. This is a clear move to make people want for the 1 Gb/s connection Google has in store, and sure as hell, I am already falling for it. Too bad, I am not in the US.
The YouTube blog writes on this saying,
We always want videos on YouTube to be available in the highest quality possible, as creators intend. In December of last year, we announced support for 1080p, or full HD. At 1096 x 3072 pixels, 4K is nearly four times the size of 1080p. To view any video in a source resolution greater than 1080p, select “Original” in the video quality pulldown menu.