OStatic

There are many reasons to love the open source approach. The events chronicled in an article on NetworkWorld surrounding an exploit affecting Firefox outlines, quite elegantly, how open code outwardly appears risky, and -- well, wide open -- and how that same quality generates faster fixes and stronger applications.

A security researcher discovered that Firefox is vulnerable to remote memory corruption, enabling attackers to execute malicious (or at least very much unauthorized) code within the context of the browser. While security researchers spend countless hours searching out bugs and vulnerabilities, it's not usually the case that the offending attack finds its way into the public eye. Yesterday, however, this little exploit was published on several security sites. The vulnerability affects Firefox versions 3.0 through 3.0.7, on all platforms. In less than 24 hours, developers issued a patch for the vulnerability, to be included in next week's 3.0.8 release.

There are some phrases that come up repeatedly, especially in one's professional life: It's all about who you know. I need to put in some face time. Focus on developing your networking skills.

Traditionally these sorts of things were said in relation to attending conferences and conventions -- live and in-person. Now, however, it's more common to meet and collaborate with others online. Meet the social networking services, which, as the name implies, are as much social as work related. Just like face-to-face conventions, social networks unite people to collaborate on and discuss ideas, and, at least occasionally, goof off.

Whether you're using your social networking time for honest to goodness work, or as a diversion cleverly disguised as work, it's good to use it effectively. You'll end up getting your work done faster, or at least pack as much playtime into your day as possible.

Using this time effectively (for whatever reason) is difficult due to the sheer number of networking services. Linux users have a native gem for keeping on top of it all -- Gwibber.

Though 2009 has only just begun, it looks like this year's going to be a busy one for Chumby Industries. The makers of the hackable, completely open, Linux-based, internet-enabled, so-much-more-than-an-alarm-clock -- well, alarm clock -- have announced a number of partnerships since January's Consumer Electronics Show.

The first two partnerships, with Samsung and Marvell, bring the widget-based Chumby platform to digital photo frames and similar embedded devices. The latest partnership, with Broadcom Corporation, aims to bring the Chumby platform to internet-enabled televisions, set top boxes, and Blu-Ray players.

By way of Heise Online comes word that Tor, the internet anonymization system, has hit a milestone of nearly mythical proportions -- there are currently no known bugs in the Tor code.

Tor began scanning its development releases in September using Coverity, a bug detection application developed by Stanford University in collaboration with the US Department of Homeland Security. In September, Coverity revealed 171 issues in Tor's code base, ranging from annoying yet not critical sloppiness to bugs capable of causing crashes that would prove challenging to debug. By December, Tor had lowered this number to 15, and last week, Coverity testing revealed that the project had successfully eliminated the last known issues.

Over at ChannelWeb, Kevin McLaughlin gathered some industry insights on the significance of Linux netbooks. In some ways, the subject seems as though it's reached critical mass and there's not much more to say, but McLaughlin's article highlights a few points that aren't often mentioned and are easily glossed over.

Earlier this year I wrote about the Chumby internet appliance/open source alarm clock. Though Chumbys have been available in the US for a little over a year now, Chumby Industries hasn't been able to officially sell these products internationally.

Chumby Industries intended all along to open sales outside the US, but electronics standards (and approval procedures) vary from country to country, and it's been time consuming. Some international users turned to friends in the States or third party shippers, but now, at least in a few countries, this is no longer necessary. Chumby is available at select retailers in Japan, and a Japanese language Chumby portal was launched last month.

If the fact that the ParanoidLinux distribution (now in an alpha-alpha stage ) is based on a work of science fiction isn't unsettling, consider two key peripheral issues.

The first unsettling issue is that in some censorship-centric areas of the world, an operating system granting a user anonymity could be literally life-saving.

The second unsettling issue is that an effort is being made to package security tools -- ones that exist in current Linux and BSD systems, or are readily available through repositories -- into yet another distribution.