"OpenBSD is widely touted as being 'secure by default', something often mentioned by OpenBSD advocates as an example of the security focused approach the OpenBSD project takes. Secure by default refers to the fact that the base system has been audited and considered to be free of vulnerabilities, and that only the minimal services are running by default. This approach has worked well; indeed, leading to 'Only two remote holes in the default install, in a heck of a long time!'. This is a common sense approach, and a secure default configuration should be expected of all operating systems upon an initial install. An argument often made by proponents of OpenBSD is the extensive code auditing performed on the base system to make sure no vulnerabilities are present. The goal is to produce quality code as most vulnerabilities are caused by errors in the source code. This a noble approach, and it has worked well for the OpenBSD project, with the base system having considerably less vulnerabilities than many other operating systems. Used as an indicator to gauge the security of OpenBSD however, it is worthless."

"It's official: the European Commission has granted regulatory approval for Oracle to acquire Sun Microsystems for approximately USD 7.4 billion, without further conditions. In a statement released moments ago, Oracle says it expects unconditional approval from China and Russia as well and intends to close the transaction shortly."

Every now and then, you have these items which make you check the thermostat in hell. Today, we have a classic case: BusinessWeek is reporting that Apple and Microsoft are reportedly in talks about replacing Google with Bing as the default search engine on the iPhone.

I guess it's Windows-flaw-week or something. First, we had the Internet Explorer vulnerability used in the Google attack, and now we have a bug that's been sitting undetected in Windows NT for 17 years. The bug can be used to escalate privileges, but from what I understand, it only works locally (although that isn't made clear).

"It's been a long time coming but Apple has finally updated its Boot Camp utility to allow owners of Intel-based Macs to run Windows 7 on their machines. Although this was already possible with some easy workarounds, and somewhat spotty driver compatibility, the newly-released version 3.1 adds native support for both 32-bit and 64-bit versions of Microsoft's latest operating system in its Home Premium, Professional and Ultimate editions."

"Firefox has just turned five, and it's doubtful anybody outside of Redmond begrudges Mozilla's celebrations. The open-source browser now accounts for 25% of the global market, according to figures from Net Applications, and has brought a radical rethink in what we expect from a browser. However, as Mozilla blows out the birthday cake candles, it might also be reflecting on the curse of getting what you wish for. Its success has forced rivals to raise their game, and the past two years have seen Microsoft, Apple and Opera close the features gap significantly."

Now this is material that piques my interest more than anything: insights from one of the bigger names in the industry. Jean-Louis Gassee debunks the "Apple-must-license-its-software-or-die" myth by looking back upon the past - and if you don't know who JLG is, then please take that dunce hat and stand in the corner for three hours, contemplating your existence. Note: OSNews has a bug with using diacritic marks on the front page, so JLG's name is misspelled. It is correctly spelled in the article body.

Despite sticking to its guns that the Google attack flaw in Internet Explorer 6 is limited in scope, Microsoft has promised to release an out-of-band security update to close the vulnerability in Internet Explorer 6. Out of band means that it will be released outside of the usual patch cycle.

"The Google/China story has enough legs to qualify as a 'centipede' at this point. After saying that it would no longer censor Chinese search results and that it was ready to pull out of China, Google also admitted to being the victim of a sophisticated cyberattack that went after more than 30 companies. The immediate aftermath of the announcement was a media feeding frenzy - and that was before the Chinese government's various departments even began reacting to the news. Now that they have, it's clear that Google and China are on a collision course, and that the US government is ready to get involved on Google's side. If you've had difficulty keeping up with the story, have no fear: here's a roundup of the news you need to know."

"On Jan. 13, 2010 Xorg version 7.5 has landed to Debian unstable; one of the most notable additions to it was the XInput2 system, which incorporates the MPX efforts. So I hooked up a second USB mouse to my machine and started playing with it."

"CRUX PPC 2.6 is now available. It works on Apple 32bit 'NewWorld' G3/G4 and Apple 64bit G5, Genesi PegasosII and Efika, Acube Sam440ep, IBM RS/6000 CHRP (604e), YDL Powerstation, IBM Intellistation POWER, and IBM pSeries RS64/POWERn. CRUX PPC 2.6 is, as usual, released via two different installation ISO: 32bit and 64bit. The 32bit version is based on a single lib toolchain instead the 64bit one comes with a multilib toolchain."

Phoronix has covered some details on the progress of Fedora 13 development before and now has more details on the recently approved features. Features are approved by the Fedora Engineering Steering Committee, a fully elected community of members in the Fedora community. The full list of Fedora 13 features is here and it is planned to be released on May 11, 2010

Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.

I've been investigating switching my desktop distribution from Kubuntu to something more... Seriously maintained. I love debian, and consider it one of the best distros out there, but Ubuntu's KDE variant is downright pathetic.