Category Archives: Software

I Can Haz Android (on an OpenMoko Freerunner)

Posted on by

I have been assimilated. Or at least my OpenMoko Freerunner has been! It’s now running the Koolu port of Android 1.5 “Cupcake” on it, and with a *very* helpful hint from Damian Spriggs on the OpenMoko community mailing list it’s able to make and receive calls and SMS’s. For the record you need to get ADB working and grab a root shell on the phone. Then you can use the sqlite command line utility to set the “provisioned” flag in its DB.

# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> INSERT INTO secure (name, value) VALUES ('device_provisioned', 1);

I’ve also found a rather nice application called VCardIO for importing my contacts exported in VCard v2.1 format from KDE’s Kontact addressbook. Now we’ll see how it goes over the next few days!

Firefox 3.5.1 Vulnerability

Posted on by

Oh no, not again..

Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.

Interestingly the SecurityFocus BID for this says it’s FF 3.5, but the ISC SANS post above does say 3.5.1 (and they do know what they’re talking about). There is also a CVE number allocated to it, but I’m having problems reaching that at present to check what it says. One possible explanation is that Mozilla pushed out 3.5.1 to fix the 3.5 0day that appeared recently, but this bug was found beforehand and Mozilla weren’t aware of it prior to releasing 3.5.1 (or they thought it was more important to get the other fix out whilst they worked on this).

Firefox 3.5 0day Vulnerability

Posted on by

Oh joy, within 24 hours of the MS IE/ActiveX exploit we have a remote vulnerability against Firefox 3.5.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Currently Mozilla have no “known vulnerability” page for Firefox 3.5 security issues, I presume once it’s created it’ll be here.

There is a sample exploit available already, so it’ll be in the wild soon if not already. 🙁

Linux Based Open-PC Project Launched

Posted on by

The KDE News website has the announcement of a new Open-PC project to create a PC shipped with Linux and other FOSS software. Why another ? Well, as they say:

The project was initiated in response to the lack of quality in the Free Software-based hardware solutions currently on the market. As many reviewers and end-users have stated, the pre-installed software used by hardware vendors generated a bad image for Free Software with potentially interested end-users. Much of the software was buggy and not widely tested and device drivers were often unstable, non-free or not available at all.

There’s a lot of questions to answer yet – what form factor, what software, etc – so they are running a survey to try and gauge peoples thoughts. The site says there is a second survey planned for a later date, presumably focusing in on options once they’ve got general ideas. The other interesting thing is that they’ve apparently already got a major PC manufacturer lined up and they are aiming to be shipping by late 2009 with part of the profits going to funding FOSS projects.

There is more information in Frank Karlitschek’s presentation (PDF) from the Desktop Summit in Gran Canaria.

Google Chrome OS

Posted on by

I suspect that the world and its dog will have heard about this by now, but in case you’ve somehow missed the announcement from Google..

Google Chrome OS will run on both x86 as well as ARM chips and we are working with multiple OEMs to bring a number of netbooks to market next year. The software architecture is simple — Google Chrome running within a new windowing system on top of a Linux kernel. For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.

If (and I emphasis if) this takes off then MS might be in for something of a rough ride in the Netbook market. The Netbook vendors have been unable to stand up to the MS monopoly with Linux on Netbooks until now, perhaps Google can start to rebalance the marked a little ?

Final report for “Inquiry into Improving Access to Victorian Public Sector Information and Data” released

Posted on by

The Victorian Government has been running an inquiry into access to the data that it generates, and they’ve finally tabled their report (PDF). I’ve only had a chance for a quick scan of it so far but its three main recommendations are as follows.

Firstly – this info should be made available and it should be cheap (ideally free!):

The Committee has proposed three key recommendations for access to and re-use of Government information. First, the Committee recommends that the Victorian Government develop an Information Management Framework for the purpose of facilitating access to and re-use of Victorian Government information by government, citizens and businesses. The default position of the framework should be that all PSI produced by Victorian Government departments from now on be made available at no or marginal cost.

Secondly – they should use Creative Commons licensing wherever possible!

The second key recommendation of the Committee is that the Victorian Government make use of the Creative Commons licensing model for the release of PSI. The Committee was told Creative Commons licences can be appropriately used for up to 85 per cent of government information and data, providing a simple to understand and widely used system for the re-use of PSI. Remaining Victorian Government PSI should either not be released, or released under licences tailored specifically for restricted materials.

Thirdly – and least excitingly – there should be a portal for this info..

The Committee’s third key recommendation is that the Victorian Government establish an on-line directory, where the public can search for and obtain information about PSI held by the Victorian Government. Depending on the access conditions Government has attached to specific PSI, people will be able to download information and data directly, or make contact with people in the Victorian Government to discuss access conditions.

They also have a recommendation and finding relating to state government purchasing of software related to open source:

The Committee also considers the use of open source software (OSS) within and by the Victorian Government. One of the Committee’s recommendations is that the Government ensure tendering for software is neither licence specific nor has proprietary software-specific requirements, and that it meet the given objectives of Government.

Finding 23: There is sufficient evidence of cost-competitiveness between open source software and proprietary software for government to carefully consider both options during software procurement and development.

They also consider the licensing of software developed by the government:

As noted in section 10.4.3.2 below, current Victorian Government policy is to allocate IP rights in software produced for it to the software developer, with certain restrictions to ensure the Government’s interests are protected. This means that there is nothing to restrict people who develop software for the government from subsequently releasing it as OSS.

Unfortunately it looks like MS Word stuffed up their references and headings for them – what irony! There is no section 10.4.3.2 in the PDF, it’s probably referring to section 10.3.3, which is followed by section 10.3.4 which in turn is followed by 10.3.3.1 – er ?

Even more interesting is when they talk about file formats:

Recommendation 42: That the Victorian Government require, as part of its whole-of-government ICT Procurement Policy, that software procured by the Government be capable of saving files in open standard formats, and that wherever possible, the software be configured to save in open standard formats by default.

There’s heaps more there, but I’ve run out of time to read it tonight! 🙂

(Found via OpenAustralia on Twitter)

ODF Plugfest

Posted on by

After the noise over whether or not the implementation of ODF (Open Document Format) in SP2 for Microsoft Office 2007 was deliberately broken for monopolistic purposes or incompetently implemented (or a combination of both) it’s nice to see that there is active interoperability work going on between vendors and developers at the ODF PlugFest, and the KOffice developers Jos van den Oever and Sven Langkamp attended and contributed to an article on the KDE DOT news website and Sven blogged about his positive experiences at the workshop.

It was first time I was going to such a workshop and I had expected that there would be fights between the different vendors like it happened in some blogs before the workshop. It was a pleasant surprise for me that the athmosphere was very friendly and productive. It was really nice to meet other people projects/companys, put the competition aside for some time, work and drink some beer together.

One neat feature mentioned there is the OfficeShots website which lets you submit an ODF document and then get back renderings of it (PDF, screenshot, ODF) from various ODF implementations. There are 8 listed at present (including KOffice), but sadly MS Word or Google Docs aren’t amongst them (yet).