geek4 writes with this excerpt from eWeek Europe: "An analysis of Google Android Froyo's open source kernel has uncovered 88 critical flaws that could expose users' personal information. An analysis of the kernel used in Google's Android smartphone software has turned up 88 high-risk security flaws that could be used to expose users' personal information, security firm Coverity said in a report published on Tuesday. The results, published in the 2010 edition of the Coverity Scan Open Source Integrity Report, are based on an analysis of the Froyo kernel used in HTC's Droid Incredible handset. ... While Android implementations vary from device to device, Coverity said the same flaws were likely to exist in other handsets as well. Coverity uncovered a total of 359 bugs, about one-quarter of which were classified as high-risk."

Several readers have sent word that Fedora 14, codenamed Laughlin, has been released. A brief listing of the major changes has been posted, and the download is available at the Fedora project's site. Reader jfruhlinger points out a quick review of the new version, saying, "Remember the days when being a Linux user was like being part of a select priesthood — arcane knowledge needed, but great rewards? Steven Vaughan-Nichols has tested out Fedora 14, and that was how it went. No Ubuntu-style handholding, but some powerful new features."

An anonymous reader writes "A proposal has been brought up with KDE developers by Cornelius Schumacher to merge the KDE libraries with the upstream Qt project. This could potentially lead to KDE5 coming about sooner than anticipated, but there's very mixed views on whether merging kdelibs with Qt would actually be beneficial to the KDE project, which has already led to two lengthy mailing list talks (the first and second threads). What do you think?"

quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

Trailrunner7 writes "On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks. The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader."

andydread writes "It seems Microsoft's campaign to scare manufacturers away from open source and Linux in particular is proceeding at full force. The latest news is from Digitimes out of Taiwan. Apparently Microsoft is threatening Acer and Asustek with having to pay Microsoft a license fee for the privilege of deploying Linux on their devices. This time, it's in the form of Android and Chorme OS. So basically, this campaign is spreading to PC vendors now. What are the implications of this? Does this mean that if I build PCs with Linux (Ubuntu/ChromeOS/Fedora) and sell them I am at risk of getting sued by Microsoft? "

An anonymous reader writes "It's official: Ubuntu has, with its ironically named 'Unity' interface, chosen to move away from GNOME for Ubuntu Natty Narwhal. Or at least move away from GNOME Shell. Mark Shuttleworth says that Ubuntu will still be 'GNOME,' even if it's not using GNOME Shell. Do you agree?"

LingNoi writes with this excerpt from ComputerWorld UK: "The London Stock Exchange has said its new Linux-based system is delivering world record networking speed, with 126 microsecond trading times. The news comes ahead a major Linux-based switchover in twelve days, during which the open source system will replace Microsoft .Net technology on the group's main stock exchange. The LSE had long been criticised on speed and reliability, grappling with trading speeds of several hundred microseconds. The 126 microsecond speed is 'twice as fast' as its main international competitors, the London Stock Exchange said. BATS Europe and Chi-X, two dedicated electronic rivals to the LSE, are reported to have an average latency of 250 and 175 microseconds respectively. Neither company immediately provided details. But many of the LSE's older and more traditional rivals offer speeds of around 300 to 400 microseconds. Nevertheless, Linux is now standard in many exchanges, including the New York Stock Exchange."

GMGruman writes "In September, Symbian 3 was Nokia's latest great hope for becoming relevant in the modern smartphone market. Now comes word that the Symbian Foundation is shutting down, ending the Symbian 3 and Symbian 4 efforts. Nokia is now banking on MeeGo, a collaboration with Intel whose release date — and fit to smartphones — is highly uncertain. InfoWorld's Ted Samson thinks that it's time for Nokia to swallow its pride and stop pretending it will ship MeeGo in time to matter, and instead consider adopting Android — or even Windows Phone 7, which after all might finally support copy and paste by the time Nokia decides to hitch its mobile wagon to a new horse."