An open-source security audit program funded by the US Department of Homeland Security has flagged a critical vulnerability in the X Window System which is used in Unix and Linux systems. Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the "biggest security vulnerability" found in the X Window System code since 2000.

Mozilla Firefox 1.5.0.3 has been released. This update fixes a publicly disclosed denial of service weakness. All users are encouraged to upgrade to this version. The bugfixes previously planned for Firefox 1.5.0.3 were shifted to 1.5.0.4, and a quick update was released shortly after the recent 1.5.0.2 release to address the publicly reported issue.

The recent ruckus about the claimed growing vulnerability of Mac OSX from certain sources has caused an indignant outcry from Mac advocates who claim the stories are mostly media hype. According to an expert in Unix and Linux systems, the outcry is not without justification. Con Zymaris has been working with Unix systems for nearly three decades and for the past 15 years has been running a consultancy on open source software implementation. Zymaris says that, while it is true that a Mac can get infected with a virus, it is not easy and it is not likely to cause much damage. What's more, Mac users don't need to install firewalls and anti-virus software.

Developers of the popular Debian Linux distribution are ramping up coding efforts as they plan to release the next version of their operating system in December this year. The schedule was today outlined in an e-mail to the Debian community from developer Andreas Barth, a member of the team which coordinates the process by which Debian is formally handed over to the public. "We expect to release Etch as planned in the beginning of December 2006," Barth wrote.

The six month voting window for ISO/IEC adoption of the OASIS OpenDocument Format standard closed on May 1, and at midnight (Geneva time ) last night it was announced internally that ODF had been approved by the ISO members eligible and interested in casting a vote. And on a related note, an article on smart formatting for better compatibility between OpenOffice.org and Microsoft Office.

Microsoft has shelved plans to include built-in support for RSA Security's tokens in Windows Vista, even though the company has been testing out the authentication technology for almost two years. In February 2004, Microsoft Chairman Bill Gates said that Windows would be able to support easy integration with RSA's popular SecurID tokens. That meant businesses would find it far easier to deploy a two-factor authentication system for logging on to networks and applications. However, almost two years after the SecurID beta-testing program kicked off, RSA's chief executive, Art Coviello, disclosed that Windows Vista will not natively support the technology.

Opera Software today announced a new version of its micro-browser for non-smartphones, Opera Mini 2.0. New features included content download to the phone, the ability to change the browser's visual skin, multisearch to allow users to select extra search engines for the homepage, speed dial for bookmarks similar to the phones speed dial, and quick horizontal and vertical panning when browsing backwards or forwards. There is the ability to use a simulator to try it out on your desktop browser.

Microsoft's long-awaited release of the upgrade to its flagship Windows operating system will likely be delayed again by at least three months, research group Gartner said on Tuesday. The research note, released to clients on Monday, said the new Windows Vista operating system is too complex to be able to meet Microsoft's targeted November release for volume licence customers and January launch for retail consumers. A Microsoft spokeswoman said the company disagreed with the Gartner report and it was still on track to meet its launch dates.

"In this latest interview, Theo examines the past five years of OpenBSD development. He also discusses the OpenBSD 3.9 theme song, 'Blob!', detailing what blobs are, why OpenBSD avoids them, and how OpenBSD developers work to reverse engineer them. Looking to the development process, Theo talks about recent and future 'mini-hackathons', small and focused OpenBSD development gatherings. Finally, Theo also discusses the OpenBSD project's funding issues, and the response to requests for funding from users of the project's OpenSSH software."

Google has made informal complaints to competition authorities in Europe and the US about default settings in Microsoft's IE7. The latest Microsoft browser includes a small window so users can search without opening up a specific page. The default setting sends users to MSN for searches - just as equivalent features in Opera and Firefox send browsers to Google. A spokesman for the search giant told the New York Times it was concerned Microsoft was limiting choice. My take: ...

PCMag reviews the first Origami PC by Samsung, and concludes: "Samsung plans on avoiding retail shelves with the pricey Q1 and selling at BestBuy online and CDW only. I appreciate the design, and the technologies that can be had in such a small unit, but the practicality of this device escapes me. For $1099, you're better off with a more capable - and keyboard-equipped-convertible tablet."

The day when WiFi cards 'just work' under Linux may be fast approaching. WiFi software stack specialist Devicescape has released its 'Advanced Datapath' 802.11 driver stack to the open source community under the GPL, and the Linux kernel developer community appears to be working to adapt it for mainline inclusion.

Following a holiday quarter in which worldwide shipments of handheld devices topped two million units, the worldwide market for (non-phone) handheld devices began 2006 with its ninth consecutive quarter of year-over-year decline. According to IDC's Worldwide Handheld QView report, worldwide shipments of handheld devices totaled 1.5 million units, down 22.3% from the same quarter a year ago. At the same time, PDA/smart-phones sales are skyrocketing. Also, I posted a review of the QTek 9100 PDA phone.

As a Macbook Pro owner myself, I'm somewhat reluctant to admit that the first generation of Macbooks suffer from an annoying and constant whine and an unaccpetable amount of heat output. Therefore, I will be one of the many calling Apple Support on May 20. May 20th, it's been reported, is "the day the whining ends." OSX86Project has more.