The Register covers the release of an open-source rootkit. "When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger."

Dave Phillips takes a look at Java-based music and sound applications. "I've wanted to write this article for quite a while. Over the years I've noted that Java-based music and sound applications have increased in number and quality, yet no comprehensive list or summaries have covered these advances. And so at long last I present this survey of music and sound applications that require Java. The presentation follows no particular order, but in this first part I'll begin by questioning the use of Java in sound and music applications development, followed by a brief look at Java's internal audio and MIDI capabilities."

Linux-Watch wraps up OSCON, the O'Reilly Open Source Convention held last July. "This year, OSCON introduced the Open Mobile Exchange, a one-day event addressing business, technology, web, and open source topics related to the mobile technology industry. Other events included a "hallway track" held to "debate and discuss important issues," as well as an OSCamp, a freewheeling user-directed "unconference" that was open to all comers. The event was further enlivened by the colocation of the second annual Ubuntu Live developers conference held during the first two days of OSCON at the same Oregon Convention Center location."

Here are the first Fedora updates, freshly signed: samba (F9, wrong permissions of group_mapping.ldb), xastir (F8: insecure temporary files), bitlbee (F9: account hijack), wordpress (F9: privilege escalation).

Gentoo has updated yelp (format string vulnerability), dnsmasq (DNS cache poisoning), realplayer (buffer overflow), mysql (privilege escalation).

Mandriva has updated python (multiple vulnerabilities).

rPath has updated libtiff (arbitrary code execution).

The Fedora project has sent out an update on its progress toward getting updates for its stable releases moving again. "Today we've reached a major milestone in this progress. We have done a successful compose of all the existing and as of yesterday pending updates for Fedora 8 and Fedora 9, all signed with our new keys. These updates will soon hit mirrors in a new set of directory locations. What we don't have quite yet is the updated fedora-release package in the old updates location that will get you the new keys and the new repo locations. The last mile testing of this update requires that new updates be live on the mirrors." That last step may take another day or so, but it's getting close.

Internet News looks at Dell's new Inspiron Mini 9 sub-notebook. "Except for a keyboard that omits the usual row of function keys above the number row, the Mini's specs match several of its competitors'. A glossy 8.9-inch display with 1,024x600 resolution shows most Web pages with no need for horizontal scrolling. Under the hood are Intel's Atom N270, a 1.6GHz one-core processor with 2MB of Level 2 cache, and GMA 950 integrated-graphics chipset. The $349 configuration will feature a custom Dell interface atop Ubuntu Linux 8.04, much as Asus and Acer offer customized versions of Xandros and Linpus Linux, respectively."

Matt Hartley questions the slow adoption of Linux by US schools. "“Software alternatives are just not available for Linux.” I hear the statement above almost everyday. What makes the statement so ridiculous is that it is completely inaccurate 99 percent of the time. Normally I would dismiss this as the loss of the person or the business that has opted to limit their horizons with their platform decisions, but when I hear this coming from schools...I find myself shaking my head in complete disbelief."

Mandriva has updated libtiff (denial of service) and django (cross-site request forgery).

Slackware has updated php (multiple vulnerabilities).

SUSE has updated ibmjava5 (multiple vulnerabilities).

Ubuntu has updated libxml2 (denial of service).

The OpenBTS project, which is building a free GSM base station with GNU Radio, the Universal Software Radio Peripheral, and Asterisk, has announced its existence. Evidently they had an operating GSM network at the recent Burning Man event. Code is not available yet, but should be in the near future; see the OpenBTS page for more information.

Groklaw questions the recent Novell-Microsoft deal. "I've been thinking about something for a few days now. It's about the latest Novell-Microsoft deal that was announced on August 20, where Microsoft agreed to buy another $100 million worth of vouchers from Novell. I was wondering: how come two public companies can make a deal that seems to me to be material and yet keep pieces of the deal secret?"

Red Hat announced that it has acquired Qumranet, Inc., developers of the KVM virtualization tool. "Qumranet is the inventor and key maintainer of KVM, the only virtualization technology that is fully incorporated into the Linux kernel. Red Hat views KVM as the next generation of virtualization technology -- it combines support for the latest hardware virtualization capabilities and the rapid feature development of the Linux kernel into a complete, highly functional, virtualization platform. Red Hat believes that a strong coupling between the hypervisor and the kernel is a major advantage." (thanks to Matt Domsch).

The LWN.net Weekly Edition for September 4, 2008 is available.

Guest author Val Henson writes: "Back in 2001, I landed my (then) dream job as a full-time Linux kernel developer and distribution maintainer for a small embedded systems company. I was thrilled - and horrified. I'd only been working as a programmer for a couple of years and I was sure it was only a matter of time before my new employer figured out they'd hired an idiot. The only solution was to learn more about operating systems, and quickly. So I pulled out my favorite operating systems textbook and read and re-read it obsessively over the course of the next year." Click below (subscribers only) for a review of that textbook.

Mandriva has updated opensc (unauthorized PIN change) and wordnet (code execution vulnerability).

Ubuntu has updated libtiff (code execution).

KDE 4.1.1 has been released. This is primarily a bug-fix release; see the full changelog for all the details.

Terse minutes from the August 26 Fedora board meeting have been posted; they offer some hints at how the "infrastructure issues" discussion went. One-line summaries include "Ongoing tension between Fedora being able to act independently and Red Hat being liable for Fedora's actions" and "Don't want to get into a situation where every Fedora decision or announcement has to be vetted through Red Hat executive levels."

Here's a CNet article about the "CSI Stick," a new data-grabbing gadget evidently favored by law enforcement agencies. "This device connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption." Another good reason to want a phone with free (and replaceable) operating software - this sort of vulnerability can be fixed. (Via Schneier).

ITPro has posted a lengthy article looking at the differences in corporate behavior brought about by different free software licenses. "IBM has taken a three-year old version of OpenOffice, 1.1.4, which was the last release to be dual-licensed by Sun, and has heavily modified the code, which it has no obligation to release back to the community, and has clearly chosen this version precisely because this is the case. The perceived advantage for IBM is that the part-proprietary code can be marketed uniquely as an IBM product, and the extensions don't have to be released back to the community. As a result, IBM has effectively forked the code and cannot take advantage of later enhancements to OpenOffice."

The GNU project is turning 25 this year, and the Free Software Foundation (FSF) has kicked off its month-long celebration of the anniversary by releasing "Happy Birthday to GNU," a short film featuring the English humorist, actor, novelist and filmmaker Stephen Fry.

The Direct Rendering Infrastructure project has long been working toward improved 3D graphics support in free operating systems. It is a crucial part of the desktop Linux experience, but, thus far, DRI development has been done in a relatively isolated manner. Development process changes which have the potential to make life better for Linux users are in the works, but, sometimes, that's not the only thing that matters. Click below (subscribers only) for the full story.