The Mozilla Foundation has delayed the release of the next version of the open source Firefox browser.

According to the organisation’s website, the next public version of the software codenamed Deer Park is slated for a September release. The browser will carry version number 1.5.

Previously developers planned to release a version 1.1 in July, but that software version is now only listed as an alpha, which is programming lingo for a very early test version. The version 1.1 alpha will jump to version 1.4 in August, which in its turn is the beta for 1.5.

Ben Goodger, a developer for the project, revealed the updated development and release schedule last week in a posting on Mozilla’s website.

“This is, as always, subject to change,” he warned.

Additional upgrades to Firefox 2.0 and 3.0 are expected by the first and third quarter of next year respectively.

Firefox in the past months has been hit by multiple security threaths. The development delay however isn’t a result of those vulnerabilities, but is caused by a decision to add additional features to the software.

Among the expected changes, the new version will allows the browser to be upgraded through the use of small patches rather than by requiring users to download and install a full version of the software as is required currently.

Developers are also working on a technology that allows for faster caching of pages that users have previously visited, as well as a way to quickly remove cookies and history of previously visited pages and temporary internet files.

Posted by Dablu as Browsers at 6:10 AM PDT

1 Comment »

The database vendor fails to patch security holes, despite knowing about the vulnerabilities for as long as two years, an accuser says. But Oracle says it fixes holes in order of severity.
Oracle Corp. has failed to fix security flaws in its products, despite knowing about the vulnerabilities for as long as two years, a German security firm said.
Red-Database-Security GmbH reported the flaws in Oracle Reports and Oracle Forms in six advisories published July 19. The security firm specializing in Oracle products said it first notified the Redwood City, Calif., company about the flaws during a period ranging from 718 to 663 days ago.

“It seems Oracle is not interested or not able to fix these security bugs,” the firm said on its homepage.

The company claimed it told Oracle three months ago that it would publish bug details after the company released its critical patch update in July. Red-Database-Security expert Alexander Kornbrust posted the security advisories after it was determined the flaws weren’t fixed in the update.

Kornbrust rated three of the flaws of high risk, two of medium risk, and one low.

Oracle declined a request for an interview Thursday, but issued a statement saying that Oracle’s policy is to fix vulnerabilities in order of severity, those posing the highest risk are fixed before those of lower severity.

The company, however, did not appear happy with the disclosures.

“We believe the most effective way to protect customers is to avoid disclosing or publicizing vulnerabilities before a patch or workaround has been developed,” Oracle said. “We are disappointed when any details of Oracle product security vulnerabilities are released to the public before patches can be made available.”

Five of the flaws are in Oracle Reports, a reporting tool that’s a component of the Oracle Application Server. The sixth flaw is in Oracle Forms, also a component of the application server. The software tool is used to design and build enterprise applications.

Besides the application server, the vulnerabilities affect Oracle’s Internet Application Server and Developer Suite, according to Kornbrust.

In general, the Oracle Reports flaws allow an attacker to read and overwrite any file on the application server, and run any operating system command through an uploaded report from any directory, Kornbrust said. The Oracle Forms vulnerability could also allow an attacker to run any OS command.

Oracle Reports also includes various cross-site-scripting vulnerabilities, the security expert said.

Posted by Dablu as Database at 6:07 AM PDT

No Comments »

The $149 Computer-On-a-Stick is a USB flash drive with a bootable onboard Linux operating system and open source office suite.
A company called FingerGear announced today the release of its $149 Computer-On-a-Stick, which is a USB 2.0 flash drive complete with a bootable onboard Linux operating system and open source office suite.
The password-protected “computer” can be used with any Windows or Linux PC with a USB port, according to the company, and will store the user’s address book, emails, and office documents.

The office suite, developed by OpenOffice.org, is compatible with the most common Microsoft Office applications, including Word, Excel, PowerPoint, and Outlook.

The Computer-On-a-Stick runs the Linux 2.6.x series kernel and Gnome desktop. It also includes the FireFox browser, a PDF Viewer and creator, a data compression utility, and an instant messaging program compatible with Yahoo IM, MSN Messenger, AIM, and Napster.

The device’s storage is divided into a “public” and a “private” partition. The “public” partition is accessible from Windows, Linux, and Macintosh PCs, making it easy to use the product as a standard flash drive for storing files. The “private” directory can only be accessed by booting from the device and after the user enters a login password.

Software bundled on the Computer-On-a-Stick fit easily withing the device’s 256 MB capacity, the currently available maximum. Higher capacities will be available later this quarter, according to a company press release.

It comes in blue, silver or clear and is available now.

Posted by Dablu as Operating Systems at 6:04 AM PDT

No Comments »

REDMOND, Wash. — Microsoft Corp. dropped the code name Longhorn on Friday, announcing the next version of its flagship Windows operating system will be called Windows Vista.

The world’s largest software maker also said it will release the first of two test versions to developers and information technology professionals by Aug. 3.

The company did not say when it expects to release a second test version to a broader audience, but said it remains on target to ship the oft-delayed update to Windows XP sometime in the second half of next year.

Microsoft gave an internal gathering of its employees in Atlanta the first word about the new name Thursday.

“The core idea around Windows Vista is bringing clarity to the user so they can focus on what matters most,” Brad Goldberg, general manager for Windows product management said Friday.

Vista’s features will include better ways to visualize data, such as seeing through windows that are stacked atop each other, more natural file organization and faster searching.

The operating system will also be designed to better protect computers against viruses and spyware.

Posted by Dablu as Operating Systems at 5:59 AM PDT

No Comments »