From the Speed Tweak dept.:
...The speed improvement is thanks to the introduction of â??smarter behind-the-scenes resource scheduling,â?? according to Google. At first, Web content appearing on the screen 5 percent faster on average may not seem like a huge difference, but when you realize how quickly pages load on Chrome already, itâ??s a big jump. Starting with this release, the scheduler more aggressively uses an idle connection and demotes the priority of preloaded resources so that they donâ??t interfere with critical assets.

From the Upgrade dept.:
The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements.

Please note that all fixes in the prior security/bugfix updates (NetBSD 6.0.1 and 6.0.2) are also in 6.1.

From the Firefoxy dept.:
Mozilla on Tuesday officially launched Firefox 21 for Windows, Mac, Linux, and Android. Improvements include the addition of multiple social providers on the desktop as well as open source fonts on Android.

From the Duck & Cover dept.:
Research from Microsoft shows that there has been a huge spike in malware targeting Java vulnerabilities since the third quarter of 2011, and much of the activity has centered on patched vulnerabilities in Java. Part of the reason for this phenomenon may be that attackers like vulnerabilities that are in multiple versions of Java, rather than just one specific version.

â??In Q3 and Q4 of 2012 two new vulnerabilities, CVE-2012-4681 and CVE-2012-5076, were found. But we didnâ??t observe any prevalence of Java malware abusing these newer vulnerabilities above malware abusing the older Java vulnerabilities, CVE-2012-0507 and CVE-2012-1723. The reason behind this might be that only Java 7 installations were vulnerable to CVE-2012-4681 and CVE-2012-5076, whereas CVE-2012-0507 and CVE-2012-1723 also target Java 6. As there are still many users that use Java 6, the malware writers might have tried to target Java 6 installations by including older vulnerabilities in the exploit package. We can assume that, for this reason, they didnâ??t do away with the older vulnerabilities,â?? Jeong Wook Oh of Microsoft said.

From the Mother of Ubuntu dept.:
After many months of constant development, the Debian project is proud to present its new stable version 7.0 (code name Wheezy).

This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories.

From the Here, Kitty Kitty! dept.:
The Fedora 19 "Schrödinger's Cat" alpha release has arrived with a preview of the latest fantastic, free, and open source technology currently under development.

...The Alpha release contains all the exciting features of Fedora 19 in a form that anyone can help test. This testing, guided by the Fedora QA team, helps us target and identify bugs. When these bugs are fixed, we make a Beta release available. A Beta release is code-complete and bears a very strong resemblance to the third and final release. The final release of Fedora 19 is expected in early July.

From the At Least They're Patched dept.:
Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible.

From the Wheezy dept.:
We now have a target date of the weekend of 4th/5th May for the release. We have checked with core teams, and this seems to be acceptable for everyone. This means we are able to begin the final preparations for a release of Debian 7.0 - "Wheezy".

The intention is only to lift the date if something really critical pops up that is not possible to handle as an errata, or if we end up technically unable to release that weekend (e.g. a required machine crashes or d-i explodes in a giant ball of fire). Every other RC fix that does not make it in time will be r1 material. Please be sure to contact us about the RC fixes you would like included in the point release!

From the MoreOpenStack dept.:
Red Hat OpenStack RDO is being officially launched today by the Linux leader as a way to enable easier adoption of OpenStack. Red Hat is also in the process of building a commercially supported, subscription-based enterprise release of OpenStack that is set to officially debut by the summer.

"While we work on the run-up to build our subscription offering, we want to have a community offering of OpenStack that tracks really closely what's happening upstream and gets that technology into developers' and end users' hands really quickly," Brian Stevens, CTO of Red Hat, told ServerWatch.

From the Name Dropping dept.:
OpenStack is calling shenanigans on companies that call their services OpenStack but aren't truly interoperable. (HP, Rackspace, we're looking at you.) Josh McKenty, CTO of Piston and an OpenStack Foundation board member said that the board has 're-fired up' the interoperability working group, and though he admits it will take some time before the hammer falls, he called out HP and Rackspace as two offenders