Citrix announced today that they are giving away their Xen OSS based virtualization platform XenServer with all the goodies included for free. The big highlights are XenMotion, which lets you move VMs from box to box without downtime, and multi server management. The same stuff in VMware land is $5k. They plan to sell new products for XenServer and also the same stuff on Microsoft’s virtualization technology called Hyper-V.

Sourcefire security researcher Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks. Grenier posted the patch on Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees. Also, PhishLabs has created a batch file that resets a Windows registry key to de-fang the hack by disabling JavaScript in Adobe Reader 9.0, giving administrators a way to automate the process.

Gazelle relies on a ‘browser kernel’ that could offer far greater security than Google’s Chrome, Mozilla’s Firefox, or Microsoft’s own Internet Explorer

Gazelle also aims to limit the dangers posed by programming flaws in browser plug-ins. Plug-ins are small bits of code that enable other programs to run within a browser, but they’ve also been known to contain vulnerabilities that can allow a PC to be hacked.

Oracle White Paper - Nucleus Report: Who’s ready for SMB? - read this white paper.

In Gazelle, the plug-ins are sandboxed, or isolated from the rest of the system, so that a bad plug-in would only affect the particular Web page’s plug-in process and not the whole PC.

But one huge problem with Gazelle’s approach is that existing plug-in code would have to be rewritten or ported to interact with Gazelle’s browser kernel system calls. That’s difficult since plug-ins are written by a wide variety of software vendors whose development schedules don’t necessarily work in perfect sync with those of browser developers.

Other parts of Gazelle borrow from IE code not related to security. For example, the researchers said they didn’t want to write a new HTML parser, so they used IE7’s Trident renderer and JavaScript engine.

In compatibility tests, Gazelle correctly rendered 19 of the top 20 sites ranked by Web survey firm Alexa. The paper warns that the new security of Gazelle does introduce “performance overhead” — especially for sites such as the New York Times Web site — but further work should be able to make it faster.

Amazon.com Inc. says it is shipping the new version of its Kindle electronic reading device a day earlier than it initially planned.

The Seattle-based online retailer said it began shipping the $359 Kindle 2 on Monday to make sure it is going out to customers by Tuesday, which was the date it gave when Amazon announced the updated device on Feb. 9.

The new Kindle keeps the same price as the first version of the e-reader, but is thinner and includes upgraded features. It can store more 1,500 books - instead of 200 in the previous version - and can read text aloud from two small speakers on its back.