RealTime IT News

Blog Archives

SCO Reveals Darl McBride's 2007 Compensation

By Sean Kerner   |    February 29, 2008

SCO did not have a particularly great year in 2007. They lost in a major summary judgment decision. They lost cash. Oh and they filed for bankruptcy.

Amidst all that turmoil, SCO CEO Darl McBride still managed to pull in a very decent amount of money from his employer.

According to a SEC Schedule 14A filing made by SCO, McBride in 2007 pulled in a base salary, bonus and options totalling $571,220.

The actual mix of base salary, options and bonuses is an interesting study in compensation.

The Company did not adjust the base salary for the Chief Executive Officer as a result of our cash constraints. Consequently, the base salary for Darl McBride, our Chief Executive Officer, remained unchanged at $265,000 for the fiscal year ended October 31, 2007.

In addition to the base salary, SCO somehow decided that even though their firm lost money,  McBride was 'bonus' material too.

Mr. McBride received bonus payments of $144,691 for the year ended October 31, 2007 as a result of the attainment of personal management performance objectives, which included, but were not limited to establishing new business channels and partnerships for mobile technologies, launching new digital mobile services, and leading our operations to preserve and maximize cash resources.

So for all you kids out there,maybe there is a lesson here. Perhaps you too can grow up to earn a very respectable living leading a company down the path of destruction into bankruptcy. 

Hey Google, What's Going on with Jotspot?

By Sean Kerner   |    February 28, 2008


As my colleague David Needle reported over on the main site today, Google has now launched Google Sites.

Google Sites was built with Jotspot technology that Google acquired with the Jotspot acquisition in October 2006.

Google Sites is interesting news.

The only problem is - What about existing Jotspot users?

Today, nearly a year and a half after Google acquired Jotpsot, the same temporary page (shown left) is up at

I asked Google about their plans for Jotspot back in December, at that time they said to wait and see.

Well we've waited (and unless I've missed something) we still don't see. Sure we see Google Sites, but Jotspot itself remains untouched.

To add further insult to injury Google has not publicly responded to its own Jotspot users about what is going on in terms of a migration path. There is an unanswered thread in Google's own public Jotspot help forums where one user asks:

what's migration path? Help, please. Anyone out there at Google

reading this? Might be good time to chime in.

To be perfectly fair I have not directly contacted Google today to ask about plans for Jotspot migration - but hey  while I think it's great if they'd give an answer to the press, it's probably in Google's best interests to answer its users first.
**UPDATE FEB 29** It looks like Google still hasn't responded in the Jotspot forums - but they have blogged on Jotspot migrations (just a little)

We're just finishing up the code to migrate existing JotSpot customer
wikis to Google sites, so if you're already a JotSpot customer, you'll
be hearing from us soon on how to make the switch.

Fedora in Space

By Sean Kerner   |    February 28, 2008

Looks like even big budget operations like NASA use free and open source software for their operations.

In a really entertaining blog post Red Hat staffer Jack Aboutboul provides alot of really neat detail about a recent trip to the Kennedy Space Center.

Aboutboul's mission? Well he wasn't going there to see if he was astronaut material, he was there to discover if NASA uses Red Hat and Fedora. As it turns out they do.

Okay, so as it turns out, NASA is using Fedora and RHEL. A Lot! I was
taken into the data center of the Telescience Lab, and got to see some

It is kind of neat that NASA uses Free Software in its operations and it just goes to show you that sometimes you can get more than you pay if they could only find a cheaper way to launch a Space Shuttle.....

Google Gmail's CAPTCHA Busted?

By Sean Kerner   |    February 27, 2008

I'm usually a little pessimistic when it comes to security researcher claims about security vulnerabilities in big mainstream sites and services. That said, sometimes they do have a point.

Case in point is a report from security vendor Websense. In a blog post they alleged that "Google's popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to created bots that are capable of
signing up and creating random Gmail accounts for spamming purposes."

Sounds pretty serious to me.

Websense also alleged that the spammers had somehow managed to beat Gmail's CAPTCHA system as well which is supposed to weed out automated bots.

So I checked in with Google to see if this is legit and this is what I got.

"We are aware of the issue," a Google spokesperson wrote in an email to

The spokesperson's email added that using Gmail to send spam is a violation of the Program Policies in Google's Terms of

"We disable these accounts immediately and will continue to do so
if they spread."

So what does that mean? In my opinion it means that yes there might be a problem, but Google is on it.

Service Provider Router Sales Hit All Time High

By Sean Kerner   |    February 27, 2008


According to Infonetics Research, 2007 was a banner year for networking. Service provider router and switch sales hit an all time high of $11.2 billion in 2007 which is an increase of 16 percent over the 2006 sales figures.

2007 was also a big year for Juniper Networks, pulling ahead of Alcatel-Lucent, to take the number two spot globally for service providers routers and switches.  Networking goliath Cisco (as always) holds down the top spot overall though.

Infonetics reported that on a year over year basis, Cisco's router and switch sales were up by 20 percent while Juniper's were up by 25 percent. 

In my opinion, it's important to note that Juniper did not have a switch business in 2007, their new EX line of switches just debuted this year so it will be interesting to see what impact they might have on Juniper's overall share.

"The common drivers pushing the carrier router and switch market upward
are 1) the ongoing migration to next generation networks based on IP, MPLS, and
Ethernet, and 2) growth in consumer broadband, corporate, IP video, and mobile
data traffic," said Michael Howard, principal analyst and co-founder of
Infonetics in a statement.

Google Summer of Code 2008 - Already?

By Sean Kerner   |    February 25, 2008


February isn't yet done and depending on where you are there is still a definite winter chill in the air.  The fact that it's still winter isn't stopping Google though from helping us to think of warmer days ahead. Today Google officially launched the kick off for their Google Summer of Code 2008 initiative.

I've been covering Summer of Code (SoC) since its inception in 2005 and I've seen it grow by leaps and bounds every year. In 2007 SoC had 900 students helping out over 130 open
source groups
. The 2007 number was more than double the 410 projects spread across 41 different sponsoring organizations that Google helped out in 2005. In 2006 Google funded over 630 students.

Basically the way the program works is Google provides funding ($4500) to students to work on a given project for an open source group. Google also provides funding ($500) to the open source groups to help mentor the students. Across the numbers that Google has helped out over the last three years that's a whole lot of green.

It's also allot of help for the open source ecosystem both in terms of getting people interested in development as well as actual hands on help with needed areas of project development.

Applications for organizations open March 3 and
close March 12; for students, applications open March 24 and close March 31. 
Coding will run from May 26 through August 18. For more information, see
the Google Summer of Code FAQ .

Microsoft's Open Strategy : Good For Open Source?

By Sean Kerner   |    February 22, 2008


So Microsoft now has a 'new' open strategy to open its applications up wider for interoperability.

Is it a good thing for Open Source developers and users?

In my humble opinion it all depends on how you look at the massive pie that is the Microsoft product ecosystem.

It's great news for Microsoft and Microsoft users because it will allow a wider degree of choice for them. Once the new open technology becomes more pervasive Microsoft users will be able to more easily inter-operate with other solutions and technology. Choice is almost always a good thing.

On the other hand, if the choice and open interoperability does not end up being standards based and patent risk free, that choice could well just be the carrot that precedes the stick.

If being open is just a way to further guarantee a monopoly where Microsoft's dominant status continues to be assured than choice is really just a facade. After all Microsoft could easily argue that they're not monopolists if they're open right?

On the positive side being open can and likely will help to feed a broader ecosystem of solutions (open source and otherwise) that will be able to interoperate with key Microsoft technologies including Vista, Server 2008, SQL Server
2008, Office 2007, Exchange Server 2007 and Office SharePoint Server

In my view it has always been in Microsoft's best interest to be open.

In the open world technologies talk to each other and end users benefit from the benefits of choice. In the ideal open world it is the better technology that wins since users are not locked in.

It is harder to succeed in the open world because of choice. Yet the paradox is that choice and interoperability are also the keys to wider use and success.

I understand the skepticism that exists in the open source community about Microsoft's new open strategy.

Microsoft's new strategy is not about ceding its market share so that others can take its revenues. Microsoft is a public company and it has a responsibility to its shareholders to increase its revenues.  Make no mistake about it, while open is good, this new plan is not a plan to help open source companies grow their own respective revenues.

In this case Microsoft's openness is a cunning strategy that could potentially expand the size of the pie for all, or it could ensure that Microsoft keeps the pie for itself. Time will tell.

Black Hat DC 2008 Roundup

By Sean Kerner   |    February 22, 2008

Alright I promise this will be my last post about the Black Hat DC 2008 event (honest!).  Sure it was a smaller event than the big Vegas event but I found no shortage of really interesting topics and speakers at the DC event (many of which I wrote/blogged on).

As every good geek should when visiting DC, I found a slice of time during my stay to make a pilgrimage to the Smithsonian National Air and Space Museum. It was there that I saw some of the most secure pieces of technology on earth, stuff that no Black or White Hat can touch.

Take the Apollo 11 module for example (yes the real module that Armstrong and crew were in). It's sitting there in the front lobby of the museum encased in a transparent plastic shell. Its on board electronics untouchable by human hands.

You see the problem of modern technology is that it must exist outside of the bubble. Modern technology is all about being connected. When you're not connected (inside the bubble like Apollo 11) no one can touch you, but vice versa you can't touch anyone else either.

So what should we do? Stick our heads in the ground? Not connect? No of course not. The key is awareness and eternal vigilance. Every connection is a possible attack vector that needs to be properly secured by credentials and purpose.

That's my little 'rant', without any futher ado here's a listing of stories I had over on the main site and posts made here on The Blog (all in one simple location - enjoy!).

Black Hat : Beware of Cylons at the Back Door

Black Hat : Honor Among Thieves?

Black Hat : The Google Teabag (and other URI tricks)

Black Hat : Hillary Beats Obama

Black Hat : Netflix CSRF Vulnerability

Black Hat: Dtrace a Rootkit?

Why You Shouldn't Trust (Some) IRS E-mail

Black Hat Descends on Washington

Black Hat : Beware of Cylons at the Back Door

By Sean Kerner   |    February 22, 2008

Application back doors aren't just the stuff of Hollywood films, they're real and they could be a threat if undetected.

In a presentation at the Black Hat security conference in Washington DC, security researcher Chris Wysopal from Veracode discussed in gory detail where back doors have been in applications in the past and where they continue to come up.

Essentially a back door is some kind of hidden user name, password, credential or function that someone has put into a program to do something 'unexpected'.

In his presentation Wysopal had a picture of the Cylon, Caprica Six
(actress Tricia Helfer) from the new Battlestar Galactica. His purpose
was to talk about back doors on TV, though Wysopal didn't seem to know all that much about Battlestar Galactica (which makes me wonder if someone else who is a fan helped him to make the presentation). Anyways the point (and yes I am a fan) is that Caprica Six (as fans of
Battlestar Galactica know) inserted a back door into Dr. Gaius Baltar's
Colonial Defence Network program. The Cylon's back door enabled them to
overrun the Colonial defenses and nearly exterminate humanity.

Wysopal showed how some back doors could be relatively trivial to insert into an application, yet difficult to detect. In one example just by virtue of the fact that a function was missing an '=' in its statement, a back door was inserted.

In another case Wysopal described a case where a bank he was working with found a back door in one of their applications. After some analysis it was determined that the back door had been inserted by people who had knowledge of the bank's code auditing processes. As such they were able to avoid detection by putting the back door in a part of the code that wasn't subject to audit.

The lesson? Don't trust anyone and audit everything. You might end up saving humanity.

Black Hat : Honor Among Thieves?

By Sean Kerner   |    February 21, 2008


  While there may well be some very smart
people that are profiting from phishing, a pair of security researchers at
Black Hat have argued that most aren't all that bright.

In a presentation titled, "Bad Sushi Beating Phishers
at Their Own Game" researchers Nitesh Dhanjani and Billy Rios demonstrated (sometimes with hilarious
detail) how many phishing attempts are basic and not the work of sophisticated
ninja hackers.

 The researchers' argued that many
phishers use readily available phishing kits. Dhanjani noted that though there
are many different phishing kits that he could find online for the most part
they're all quite similar since a lot of the functionality is stolen from each
other (so one kit steals from another and vice versa).

To add further insult, Dhanjani
argued that many of the kits are using basic PHP scripts that aren't exactly
rocket science either. 

In Dhanjani's view what the code
reuse in phishing kits means is that 1) Phishers are lazy 2) The phisher didn't
know how to create the kit themselves and 3) They just want to
get up and running ASAP.

Even better Rios explained that he found further evidence of
phishers ripping off other phishers. Rios told the capacity audience that he
was able to find a blacklist for blacklisters.  That is a list of phishers that other phishers
didn't want to do business with because they had been wronged in some way. Rios
commented that one list he found had 3500 people on it.

Talk about honor among thieves. Apparently there isn't any
when it comes to phishers.

"Phishers are not always one
step ahead of us the reality is that they rely on infrastructure that is
already in place to help them to do what they need to do," Rios said.
"It's good that these people are not as technically savvy as ninja hackers
but it's bad because basically anyone can do this."

Black Hat : The Google Teabag (and other URI tricks)

By Sean Kerner   |    February 20, 2008


.  There are alot of
different ways to trick browsers into letting hackers do things that they
should not be allowed to do. Some of them have to do with URIs.

 In a presentation at
Black Hat, security researchers Nathan McFeters and Rob Carter argued that URI
exploitation is an area that is still ripe for further analysis and

 URI's allow browsers to load applications and protocols for
example http:// for web and ftp:// for FTP. Other common URI's are AIM:// for
instant messaging and firefoxurl:// for loading a Firefox browser.

 McFeters noted that every URI
registered on your system can be interacted with by a browser. Application
developers commonly create URI hooks into their apps. Sometimes those URI hooks
can be used by an attacker to do 'bad' things.

One such application with a URI
hook is Google's Picassa photo application. That's where the T-bAG (trust based
applet attack) comes in. The attack involves a user clicking on a Picassa URI
(Picassa://) that causes a button to be loaded inside of a user's Picassa
application. In a nutshell, when the button is clicked the users images can be
stolen by the attacker.

Carter and McFeters were quick to
note that Google has now mostly fixed the URI issue by doing additional URI
bound and validation checks.

McFeters also demonstrated what he
called 'Stupid IM Tricks' where by taking advantage of IM URIs he could trigger
a message to be sent from a victim's machine.

Scary stuff actually that looks
dead easy to do, in my opinion.

Overall McFeters sees URIs as a
target rich environments that affect Windows, Linux and Mac. To make matters
even worse McFeters argued that in many cases there is no need for the URI
(which could lead to an exploit) to exist in the first place.

"I don't think there is a
real reason why we need protocol handlers most aren't really useful,"
McFeters said.

Black Hat : Hillary Beats Obama

By Sean Kerner   |    February 20, 2008

WASHINGTON, DC.  While Barack Obama may be leading Hillary Clinton in some measures, he's actually fallen behind Clinton in at least one interesting computer security related metric.

According to Oliver Friedrichs Director of emerging technologies

at Symantec, typo squatting on Hillary Clinton related domain names has outpaced typo squatting on Barack Obama domain names over the last six months.

Speaking at the Black Hat security conference in Washington DC in a session on Threats to the 2008 Election, Friedrichs explained that there are at least five different types of typos that are common in domains. Among them are domains that are missing the first period delimiter, domains that use a surrounding character, missing characters, additional characters and reversing characters.

Friedrichs did his first study in August and found that for the Barack Obama campaign 33 percent of possible typos for his principal domain had been registered by people other than the Obama campaign. Hillary Clinton only had 30 percent in August.

In February the number flip flopped with Clinton having 41 percent of possible typos for her domain registered by others whereas Obama slipped to 29 percent.

Typo squatting is something that Friedrichs alleged is a potential threat to the 2008 US Federal election. He argued that if used maliciously the typo squatting  domains could  be a source for misinformation, misdirected campaign donations as well as misdirected emails. A potential visitor could mistakenly have a typo in an email message as easily as a web address.

Friedrichs didn't just watch others that were typo squatting as part of his research. He actually went a step further and registered 124 typo squatting domains of his own on 2008 presidential candidate name typos. He was quick to note that he was trying to protect the campaigns and not profit from them and is giving the domains to the respective campaigns.

He did however track traffic on the typo squatting domains that he owned, which provides an interesting glimpse into how much traffic a candidate typo URL could potentially yield. From January 25th to February 15th Friedrichs reported that his 124 typo squatting candidate URL had 3,290 unique visitors. The biggest day was Super Tuesday and the domain with the most traffic was (typo on the extra 'a').

Though the traffic that Friedrichs himself saw wasn't all that much he argued even a little could do a harm. On a lighter note Friedrichs  showed at least one example where the typo squatter site is all about making a mockery of a candidate. The site go see for yourself...Hillary as a Klingon!).

Beyond typo squatting Friedrichs also sees potential risks from phishing and other sorts of common online scams. Far from being a FUD monger, overall Friedrichs admitted that so far the campaigns are reasonably secure.

"Clearly campaigns need to do
things to protect themselves," Friedrichs said. "But in general theyr'e reasonably secure and no worse
off than organization are generally around the world."

Black Hat : Netflix CSRF Vulnerability

By Sean Kerner   |    February 20, 2008


WASHINGTON, DC. You never know what kind of vulnerabilities you'll see at Black Hat.

I'm sitting in a session now where security researcher Chuck Willis of security research firm Mandiant has just demonstrated a live cross site request forgery attack on popular video site Netflix.

According to Willis the issue was first reported to Netflix 17 months ago. In a nutshell CSRF is an exploitation of the HTTP protocols feature that a web page can include HTML elements that will cause the browser to make a request to any other web site. There are alot of different ways to trigger a CSRF including a simple image file or even just a CSS (cascading style sheet).

In the Netflix live case study, Willis showed how he could add a movie to a user's queue without a user's knowledge.

Willis alleged that Netflix used to have even more problems related to CSRF that could have allowed an attacker to change a mailing address for a user. Which means that before Netflix partially fixed their CSRF issue an attacker could have added a movie and then had it sent to them.

As it is an attacker can only add a movie, which Willis admitted isn't terribly exciting. Though he did say that it could be used as some kind of scam to promote a movie. Where an attacker gets a particular movie added to alot of users lists so that Netflix would have to buy more copies.

Overall Willis alleges that CSRF is a problem that is becoming increasingly prevalent and is also difficult (though not impossible) to detect.

Mozilla Thunderbird Messaging - Is It Worth The Wait?

By Sean Kerner   |    February 20, 2008

Five months after being first announced, Mozilla is now announcing the official formation of Mozilla Messaging. Back in September of 2007, Mozilla anecdotally referred to the new mail spin off effort as MailCo but now they've given it a name,,hurray.

The new announcement follows what was another 'new' Mozilla Thunderbird announcement just last month when Mozilla Messaging leader David Ascher posted a long diatribe on what Thunderbird 3 needs to do directionally to get on track.

So five months after they first announce the effort, Mozilla now announces a name and that they are ready to rock. Frankly I don't understand why the effort didn't start in full five months ago so that this week they could announce progress instead of just announcing a name and what they plan to do.

In a post from Mozilla Chief Wrangler Mitchell Baker, there might well be a hint of the same kind of action that I am talking about.

I am exceedingly eager to stop thinking so much about how to organize the Thunderbird mail effort and to start seeing all that energy go to improving our product. That day has come. We have the tools to make email much, much better. I hope you'll join me in celebrating. And then join the Mozilla Messaging effort and help make interesting things happen.

I have a suggestion for you Mozilla : Less talk and more action. Instead of telling us what you are going to do to get in gear, just do it. Let's see some nightly builds, finite timetables and milestones, you know the stuff we can sink our teeth into. Announcements about strategy and direction are all fine and nice, but there comes a point when actions speak far louder than words.

As it is, I am personally somewhat skeptical, but then again I am a bit biased here too. I was a Netscape Mail user for many many years. Then I shifted to the Mozilla Suite still using the same basic mail system (just under the Mozilla banner). In fact while other early adopters were switching to Firefox, I stuck with Mozilla just for mail.

Times do change though. Firefox became dramatically better than the Mozilla suite ever was. At the same time Thunderbird did not keep pace.

While there is nothing in the open source world that can hold a candle to Firefox, on the email side there is another. I speak of Zimbra (and yes I know it's a Yahoo open source license, but it is basically Mozilla public with attribution). Zimbra on both the server and now the desktop offers one of the best email experiences around. If Thunderbird achieved the level of technical prowess of Zimbra then we'd be talking.

As it is the evolution of Thunderbird into something more is too much talk at this point, whether or not it amounts to more than that over time remains to be seen. Considering Mozilla's track record to date with Firefox though, if the same energy and dedication is thrown behind messaging, we may yet see some really great things.


SCO's Restructuring Tightrope

By Sean Kerner   |    February 19, 2008

sco.gif Yes, I was quick to jump on the SCO gets $100 million lifeline story. And yes there is always more story to tell.

As we reported last week, embattled, bankrupt Unix vendor SCO may yet live to fight another day thanks to $100 million in financing that it may be getting from SNCP.  A Memorandum of Understanding (MOU) on the deal is now available that sheds a whole lot more light.

SCO will only get $5 million upfront from SNCP. The other $95 million in financing will be made available to SCO as needed - and at a hefty premium too. SNCP's 'premium' is an interest rate that is LIBOR (London InterBank Offered Rate) plus 1700 basis points.  What that means at today's rates is that SCO will be charged nearly 20 percent on the funds that SNCP makes available.

While that sounds like alot (because it is), it also makes some sense. The 20 percent premium is really just SNCP's way of ensuring a built-in return on their financing of SCO.  When you take into consideration the fact that there is a significant and non-trivial risk to the money that SNCP is sinking into SCO, 20 percent isn't too crazy. After all most pundits think that SCO doesn't have a leg to stand on legally. SCO's sales are also somewhat paltry, so it's really not clear how SCO will be able to pay SNCP.

The SNCP deal also is not a done deal at this point either. In the MOU it is specifically stated that if the Bankruptcy court does not approve the deal by April 28, 2008 the deal will terminate.

The MOU also requires that once the deal becomes effective (pending approval of the bankruptcy court), existing SCO CEO Darl McBride will resign.

McBride has been the Linux boogeyman since SCO first made its accusations. He has been the voice and face of Linux public enemy number one. On a personal note he has also been the source for marvelous quotes over the years as his bravado has known few bounds.

The fact that McBride is on his way out could signify that SNCP and its backers think that McBride has mishandled SCO's actions to date. Whether or not McBride's departure will make any difference though is highly debatable. After all, SNCP is financing SCO to help continue the legal actions against Novell and IBM.

The Red Hat IBM Connection : Be Like Lou

By Sean Kerner   |    February 15, 2008

From the who do you want to be like files...

One of the greatest things about being a technology journalist is the opportunity to interview business leaders that are actually really interesting. One such leader is Red Hat's new CEO Jim Whitehurst who I interviewed over on the main site.

Whitehurst is a real 'business' person. For him it's about execution (which it always should be) and the fundamentals of business. I've found over the years that a key trait of the most successful business leaders is the ability to learn from others and perhaps most importantly have some kind of 'hero' to emulate.  I asked Whitehurst which CEO in the technology industry or otherwise was his  'hero', the one he would like to emulate in terms of action and/or legacy.

The answer I got speaks volumes about Whitehurst, where he is now and perhaps where he is going with Red Hat.

I'd have to say Lou Gerstner [former IBM CEO]. A lot of that is because his
background and mine are somewhat similar. He came out of McKinsey as a
consultant, I came out of BCG. He worked at a traditional old line of
business and then came into technology.

I've done a bit of the same so certainly understanding how he made that
transition - reading his book and understanding more there. I probably
spend more time focusing on him. It's hard to say ok, is he the guy I most
admire? I frankly haven't formed a lot of those opinions yet. But he's
certainly the guy I've focused on the most, very successful with a similar

Gerstner is an extremely important figure in the history of IBM. He arguably saved IBM from going out of business and in many ways is a primary architect of IBM's current success. His book Who Says Elephants Can't Dance? really is a classic for business readers.  Now is Red Hat an elephant? No not at all. But can his lessons apply broadly to someone like Whitehurst to turn Red Hat into larger entity? Only time will tell.

If you haven't read the full interview, there are lots of other great insights in it too, so go check it out for yourself.

SCO is BACK !?!?!

By Sean Kerner   |    February 14, 2008



Like everyone else, I figured SCO was gone, done for, KAPUT.   But that's not the case. They're BAAAACK!

Today they got $100 million in financing from a group called Stephen Norris Capital Partners ("SNCP") and get this ... "partners from the Middle East"

Who are these partners? We don't know. But hey with crude oil at an all time high, I guess there is more money then ever in the Middle East that needs investing. Somehow SCO managed to convince these oil rich 'partners' that their business was viable and that their legal claims had legs. Talk about having money to burn (oil/money/burn i know I'm not great with puns).

This dramatic turn of events means that SCO may well be back both as a going concern for its customers in terms of Unix products - but also as a going concern for Linux users as well as IBM and Novell. In its release on the financing SCO specifically stated that : This reorganization plan will also enable the company to see SCO's legal claims through to their full conclusion.

It also means that SCO will come out of bankruptcy and it means that the company will now be taken private too.

So now instead of just fading away as a historical footnote, the SCO saga will continue for the foreseeable future. SCO will go to court with Novell and possibly IBM. Even more importantly their continued existence could provide a source of doubt and possibly risk for those that don't take the appropriate steps to make sure they have right legal indemnification.

Then again this could be a non-issue - since at this point SCO has tried to sell off its Unix business before and it has been making its IP claims for years - with little effect.

Whatever the case - the lesson here is quite simple. As the great Yogi Berra once said, " It ain't over till it's over."

' Linux Next ' Begins To Take Shape

By Sean Kerner   |    February 14, 2008


Make no mistake about, the Linux 2.6.x kernel is a *large* undertaking that just keeps getting bigger and bigger. Apparently it's also getting harder to maintain as well in terms of ensuring that regressions don't occur and that new code is fully tested.

That's where the new 'Linux Next' effort comes in.

Linux next started off as a 'dream' of kernel maintainer Andrew Morton who has noted that few kernel developers are testing other kernel developers' development code which is leading to some problems.

Morton has proposed a "linux-next" tree that once per day would merge various Linux subsystem trees and then run compilation tests after applying each tree. While that may sound simple enough, in practice it's no small task.

Kernel developer Stephen Rothwell has stepped up to the plate and has announced that he will help to run part of the Linux next tree. While the effort could well serve to make the Linux development process more complicated, its goal clearly is to ensure a higher overall code quality by making sure code merges actually work before Linus Torvalds actually pushes out a RC (release candidate). 

The way i see it from my simple laypersons point of view, Linux next forces code to be a whole lot cleaner before it gets submitted and forces more testing, earlier and more often - which ultimately is a great thing.

There has been some very 'healthy' discussion on the Linux Kernel Mailing List (LKML) about Linux next with perhaps the most colorful language coming from non-other than Linus Torvalds himself.

If you're not confident enough about your work, don't push it out! It's
that simple. Pushing out to a public branch is a small "release".

Have the [EXPLETIVE DELETED]back-bone to be able to stand behind what you did!

It sure will be interesting to see how Linux-next plays out over time, I for one am very optimistic.

Red Hat Accelerates JBoss

By Sean Kerner   |    February 13, 2008


Linux vendor Red Hat is on a mission to dramatically expand the market share for its JBoss middleware platform.  In a press conference today during the JBoss World event in Orlando Craig Muzilla, vice president, Middleware
Business at Red Hat declared that Red Hat was setting a strategy in motion to capture 50 percent of enterprise middleware workloads by 2015.

During the course of the press conference Muzilla was repeated asked to qualify the 50 percent statement in various terms including financial. Muzilla for the most part stuck with his talking points noting that Red Hat is talking about workloads as opposed to dollars. The reason why he wouldn't give a figure for revenues is because JBoss is sold as a subscription basis whereas other middleware solutions are sold as licenses.

In terms of how Red Hat plans on growing its share, Muzilla outlined in very general terms an "Enterprise Acceleration Program" for JBoss.  Muzilla was repeatedly asked during the press conference to elaborate on the Acceleration program in terms of any potential new products. Muzilla instead provided the broad strokes of the overall strategy.  In a nutshell, Red Hat is going to push forward enterprise JBoss adoption with acceleration centers that help to facilitate migrations and performance tuning for both customers and ISVs.

Muzilla was also asked about key personnel departures from JBoss since the Red Hat acquisition.  Muzilla did admit that they have had some departures but he quickly noted that they've also added new sales and pre-sales people. He also noted that the core JBoss development team was still intact and working on the platform.

So not a whole lot of meat to the Day One announcements at JBoss World in terms of product or technology, but Red Hat is certainly setting an aggressive target by aiming for 50 percent of all middleware workloads. It will be interesting to see how the actual product components of Red Hat's acceleration strategy for JBoss roll out in the weeks ahead. In fact we may not have to wait too long, as Day Two of JBoss World is tomorrow and no doubt they'll be a few more announcements.

Mozilla's New Look Firefox 3 Beta 3

By Sean Kerner   |    February 13, 2008


Mozilla is now out with its latest Firefox 3 milestone release - Beta 3. With most of the Firefox 3 Betas and Alphas to date there have been changes that you would notice if you looked for them and actually started to use the browser.

With Firefox 3 Beta 3 (FFb3) you get hit with a big change right away. The UI itself is 'refreshed' with new forward,back and refresh buttons. Though the UI change is among the most obvious in FFb3, Mozilla actually claims that the release includes some 1300 changes over the Beta 2 release which came out nearly two months ago.

Among the changes in FFb3 are more than 50 new memory usage improvements in the browser. The continuing memory improvements in each Beta release of Firefox 3 are coming in part from the XPCOM (Cross Platform Component Object Mode) cycle collector that identifies objects that aren't being used and releases them from
memory. XPCOM was first deployed as part of the Firefox 3 Beta 1 release in November.

Beyond just improving performance by fixing memory leaks, Mozilla also claims that Beta 3 has an additional 90 changes over Beta 2 that increase the browser's page rendering speed. Firefox 3 uses the Cairo 2-D graphics library which is a departure from Firefox 2.0's gfx graphics infrastructure.

Mozilla has also continued to make improvements in its' Places engine which provides History and Bookmarking capabilities. In Beta 3 they've added additional search functionality when searching History and Bookmarks to include frequency of visits to help improve the search results.

The Beta 3 release is the eleventh milestone release from Mozilla in the Firefox 3 browser development process which has been publicly ongoing since at least October of 2006. A Beta 4 release of Firefox 3 has already been announced and is expected to follow sometime in the next few weeks. Mozilla developer Asa Dotzler has blogged that Firefox 3 will be out 'when it's ready' instead of focusing on a hard deadline or date for delivery.

In stark contrast with the big race between Microsoft and Mozilla ahead of the Firefox 2 and Internet Explorer 7 releases, Microsoft has not yet released a single public milestone of IE 8. Microsoft has however stated as long ago as October of 2006 that IE 8 is in fact in development

US -CERT Warns of Adobe Acrobat Vulnerabilities

By Sean Kerner   |    February 12, 2008

Technical Cyber Security Alert TA08-043A has just been issued by US-CERT warning of multiple vulnerabilities affecting Adobe Reader and Acrobat.

The vulnerabilities affect Adobe Reader version 8.1.1 and earlier as well as Adobe  Acrobat  Professional,  3D, and Standard versions 8.1.1 and earlier. The worst of the vulnerabilities could potentially allow an attacker to execute arbitrary code on a user's PC.

According to US-CERT's advisory (which is based in part on Adobe Security advisory  APSA08-01) :

An  attacker  could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat  integrates with popular web browsers, and visiting a web site is usually sufficient to cause Acrobat to load PDF content.

US-CERT also notes that currently they are aware of exploits in the wild for the Adobe vulnerabilities and that at least one of the vulnerabilities is being actively exploited.

The Internet Storm Center (ISC) at SANS has actually been aware of exploits in the wild since at least Feb 9th. At least one of the actual vulnerabilities was reported to Adobe as early as October of 2007 according to SANS, with iDefense advisory #464641 titled 'Adobe Reader Buffer Overflow Vulnerability'.

ISC handler Raul Siles also notes that even users with anti-virus are at risk:

No anti-virus vendors currently detect the malicious PDF files though we have provided samples to all.  This type of exploit works for both web browser and email attack vectors.  Exploitation affects all 7.x versions of Adobe Acrobat Reader and versions prior to 8.1.2.  Complete mitigation requires upgrading to Adobe Acrobat 8.1.2.

So if you're running Acrobat (and you probably are) make sure that you're running 8.1.2 and if you're not..go and get it!

IBM : Browsers are Under Attack

By Sean Kerner   |    February 12, 2008

Surprise. Surprise.

In a new study from IBM's Internet Security Systems (ISS) X-Force, IBM reports that Web browsers are under siege from organized crime. The X-Force report claims that the cybercriminals are making increasing use of 'camouflaging' techniques. According to X-Force, in 2006 camouflaging was only used by a small percentage of attackers while by the end of 2007 nearly 100 percent of attacks were camouflaged.

"Never before have such aggressive measures been sustained by Internet
attackers towards infection, propagation and security evasion. While
computer security professionals can claim some victories, attackers are
adapting their approaches and continuing to have an impact on users' experiences," said Kris Lamb, operations manager, X-Force Research and
Development for IBM Internet Security Systems in a statement.

That aside, the X-Force report does show some trends that could be considered to be positive. Among them is the fact that the study found that spam email was on the decline, dipping to levels not seen since before 2005. The X-Force report also disclosed that the overall number of vulnerabilities reported during 2007 actually declined for the first time in a decade.

From my own personal point of view, considering that browsers are the gateway to the web and applications in the modern Web 2.0 era, there is no surprise that Web browsers are under attack. In fact as far as I know in the last several years there hasn't been a time when web browsers weren't under attack.  Microsoft has been reasonably vigilant about fixing their browser as has Mozilla, though of course there is always the zero day stuff that inevitably occurs.

When it comes to 'camouflaging' of attacks that's also something that makes sense. Remember (notorious convicted now reformed) hacker Kevin Mitnick? His key technique was all about evasion (call it camouflage if you really want too). I have no idea why any attacker wouldn't camouflage their attack (unless of course they're trying to get caught!).

Trolltech Expands Qtopia Mobile Linux Offering

By Sean Kerner   |    February 11, 2008


Mobile Linux vendor Trolltech announced today its new Qtopia Phone Edition 4.3. Among the new enhancements that Trolltech  claims are faster boot times, Microsoft Outlook synchronization and a 'Finger-touch user interface'.

The finger touch interface capabilities sound interesting and could lead to a new generation of easily developed touch screen products.

On a broader basis, Trolltech also announced today that WebKit was being integrated into Qt. WebKit is an open source web browser engine used by Apple in its Safari web browser.

"The Qt WebKit Integration helps developers to combine live
web content with mobile and desktop applications," Lars Knoll VP of Engineering at Trolltech wrote in a statement. "This erodes the boundaries
between the desktop, mobile phones and the Web. It also enables graphics and
Web designers to join developers in making user interfaces more advanced than
ever, no matter which device or desktop application you are using.

What's interesting about WebKit is that it's essentially a fork of KDE's KHTML rendering engine. It's not yet clear whether or not this new Trolltech Qt and WebKit integration will trickle back down to KDE or not.

When I spoke with Knoll back at the time of the KDE 4 release (which is based on Qt 4), I asked Knoll about WebKit. His responces didn't make the final published story, (but as always I keep all my notes). Knoll noted that WebKit was not integrated into KDE4 for several
reasons. The main one being the fact that WebKit was not part of any released version of Qt.

Knoll also noted that:

Apart from that there are some reservations from parts of the KDE
community against WebKit (preferring KHTML which WebKit originated from), while
other parts love the idea. So it's an open question that will most probably
be solved in the usual open source way: The best technology will win. I personally believe that WebKit is superior to KHTML, and that
adopting it would be a very good move for KDE.

If this news does in fact lead to a reconciliation between WebKit and KDE's KHTML developers that could be very good news for KDE overall.

It's also important to note that this set of releases is the first since Nokia announced their intention to acquire Trolltech for $150 million. Interesting times are certainly ahead for Trolltech.

Open Source Enters Decade One

By Sean Kerner   |    February 11, 2008


The end of 'Decade Zero' for Open Source is now over. Decade One begins now.

This past Saturday the Open Source world celebrated the 10th anniversary of Bruce Perens' defining document of the Open Source revolution, the aptly titled The Open Source Definition.

I spoke with Perens about the anniversary last week over on the main site . I've spoken with Perens a few times over the years and he's always got something interesting to say, this most recent time was no exception. 
The Open Source Definition in his view has stood the test of time - proof positive of that view is the fact that Open Source is now widely adopted by enterprises big and small and even by financial institutions.

One particular quote that I got from the conversation which was particularly enlightening was his comment on what he might do differently now having the benefit of hindsight.

"Had I known we would have this embarrassment of riches of so many open
source licenses, I would have thought more about how to keep that from
happening," Perens remarked. "When you promote something this radical
to business you don't really expect that they'll all jump in."

On a personal note, I remember well trying to explain in 1997 to managers above me that Linux was Free Software - and not freeware. It was a tough conversation to have. Once the term Open Source came around and became popularized thanks to Perens and of course Netscape - the conversations about Linux became a whole lot easier.

Free Software makes a lot of sense as no one wants to be locked in. Freedom is a fundamental tenant of Western society after all. That said, Open is an easier term to 'sell' than "Free" in my honest opinion. By being Open (and sometimes Free) software users around the globe now have choices to prevent vendor lock-in that simply did not exist in the same quantity and quality as they did a decade ago.

Happy Birthday Open Source (and thanks for all the code)!

Launch Day!

By Sean Kerner   |    February 08, 2008


Today is the official launch day for the new, the blog and this blog.

We've been working hard behind the scenes pulling things together for some time. So if you notice that there are some 17 other posts that I've already made on this blog-- don't worry you didn't miss them - I've just been busy gearing up.

But now that you're here - welcome!

The new is all about giving readers MORE.

That's where this blog will fit in. I plan on providing more insight into the areas that I cover by looking at items that might not normally fit into a regular news story for any number of different reasons.

As opposed to my news stories - my blog posts will typically also express my opinion as well. That's an important distinction to make and it's a fine line that I'll try hard to stay on the right side of.

So thanks for stopping by and reading this post. Come back regularly and often!

SugarCRM Rolls In More $$ But Is There An Exit?

By Sean Kerner   |    February 07, 2008


SugarCRM continues to roll in the dough, the most recent dough rolling coming not from new customers but from a new round of venture capital investment. A nice sum of $20 million in new investment to be precise.

The latest round of financing was led by New Enterprise Associates. SugarCRM has existing investors including Draper Fisher Jurvetson and Walden International
that also joined the latest round. In total SugarCRM has raised $46
million in funding to date.

SugarCRM's most recent release is Sugar 5.0 brought the open source CRM vendor to a new license - GPLv3 - and also added a long list of new features bringing the application up to the level of proprietary CRM vendors.

This additional funding will allow SugarCRM to
accelerate its goal of moving the CRM market from a proprietary lock-in model to
an open, value-based model by delivering the most modern, open, flexible CRM
platform in the industry, said John Roberts, CEO and co-founder, SugarCRM in a statement.

The big question now of course is -- What is the exit strategy for the venture cap investors? Will SugarCRM go IPO or will it be acquired?

Should Yahoo Zimbra Users Fear a Microsoft Takeover?

By Sean Kerner   |    February 05, 2008

Yahoo! has a number of different Open Source efforts and initiatives under its umbrella. One of the biggest is Zimbra, which Yahoo acquired for $350 million last year. Zimbra is also a direct competitor to Microsoft Exchange (and Outlook).

Zimbra this week officially released ZCS 5.0 which is the latest edition of their AJAX email/calendaring/collaboration suite.

Whether or not Microsoft buys Yahoo! or not, Zimbra users need not necessarily worry. The reason for that is very very simple - it's the Open Source promise.

If Microsoft were to somehow dissolve the Zimbra unit after acquiring Yahoo, the existing community could try and fork Zimbra and maintain it on their own.

I use the word 'maintain' very specifically in this context. While Zimbra's community is certainly a strong point, I suspect that is it the core Zimbra team with Zimbra staffers that continue to do most (if not all) of the key development. As such if a project fork were to emerge for it to evolve, the fork would really need the efforts of some of those Zimbra staffers.

Sure they could just leave the new Microsoft' owned Yahoo, but somehow I suspect that there could be legal implications. That said, the Open Source promise is that you're never locked in. So while there could be some impact from a Microsoft takeover - Zimbra users really don't have too worry all that much.


By Sean Kerner   |    February 05, 2008


Today is the day that the community 'flips the switch' on PHP 5 development and ends all active
ongoing development in PHP 4. I wrote about the PHP 5 org effort over on the main site last week in a story that I personally was very excited to write, after all I cut my teeth on PHP 4 years ago building websites with it when there really were no other reasonable alternatives.

The general idea behind makes a whole lot of sense too - why would anyone choose to go through the effort of migrating to PHP 5 when they still can use PHP 4 since their open source project of choice still supports PHP 4?

There are alot of benefits to moving to PHP 5, but the reality is that most developers are just trying to do their job and make a living.  The shift by the key open source projects that make up hopefully will provide some impetus for people to move.

Then again it has been years since Apache 2.x was released and there are still a good number of Apache 1.3x HTTP Web Server users out there. With Apache 2.x there wasn't necessarily a GoApache2 effort  but in recent years the major Linux distributions have simply chosen to package Apache 2.x by default as opposed to Apache 1.3x. I suppose that over time as older servers (with older Linux versions) die off, so too will Apache 1.3x. I suspect the same scenario will play out over time with PHP 4.x as well.

Changing of the Guard at Fedora

By Sean Kerner   |    February 04, 2008

Some interesting leadership shifts in the Linux distro space. Over at Fedora Max Spevack whom i've spoken with numerous times since he became the Fedora Project Leader is stepping down at the end of the month.Paul Frields who is no stranger to the Fedora Community will be taking over.

It's a big change for Red Hat..but not as big I suppose as Matthew Szulik leaving. Just like Szulik though Spevack will be staying on with Red Hat just in a different capacity.

While Paul will be taking over for me as the Fedora Project Leader
in February, I will still be involved in Fedora. I am going to be
spending a lot of time over the next month or two helping Paul
transition into the job, especially during the several-week period that
we are in right now when Paul is still finishing up his old job and
before he joins Red Hat.

So I am not going anywhere -- I will
still be answering emails that I get related to Fedora, following the
general Fedora happenings, and working (as always) behind the scenes in
Red Hat to make sure that Fedora is getting the support it needs. In
fact, there are a couple of things that I want to work on (especially
related to the way Fedora's budget is determined and managed) that will
be done entirely behind the closed doors of Red Hat, but the results of
which will hopefully make Paul's life a little bit easier down the road.

It's not clear yet if Paul will have a different mandate than Max did - though change is inevitable especially when it comes to Linux leadership.

Fedora 9 - Sulphur

By Sean Kerner   |    February 04, 2008

From the wacky names we call products file..

Red Hat's Fedora Linux community has settled on a name for their next distribution release. Instead of it being an executive decision of some sort, Fedora opened up the process in a voting contest with the winner being - Sulphur.

Fedora 8 had the code name Werewolf  and Fedora 7 was codenamed Moonshine.

While Sulphur might seem like an odd name, the list that Fedora developers got to vote on had a few names that were definitely a whole lot weirder. Here's the final vote count:

 62 | Sulphur
          54 | Bathysphere
          43 | Chupacabra
          39 | Mayonnaise
          32 | Dragicorn
          29 | Woodwose
          23 | Tourette
          13 | Asperger
          13 | Barmanou
          10 | Chingachgook
           6 | Kingsport Town
           5 | Marfan

Firefox 3 Beta 4 ?

By Sean Kerner   |    February 04, 2008

From the how many Beta's makes a release file...

Mozilla is currently in the final stages of making their next generation Firefox 3 browser release. Beta 3 of Firefox 3 should be out in a week or so following testing which begins on Monday February 4th.

Even though full scale testing hasn't yet started, Mozilla developers already know they'll need at least one more Beta - Beta 4 - to iron out a long list outstanding bugs.

According to Mozilla Developer Mike Beltzner , Mozilla has  fixed over one thousand bugs between Firefox 3 Beta 2 and the most recent nightly build. 

In a Mozilla developer newsgroup posting Beltzner, notes that it's not yet known how long a Beta 4 will take to get out the door.

Our goal is to do a quick turnaround on Firefox 3 Beta 4, but we cannot
provide a good estimate until we know the size and scope of blockers
remaining after the Beta 3 codefreeze.

Before going into Beta, Mozilla went through no less than nine Alpha development releases of Firefox 3.

Gentoo's Founding Father Set to Return

By Sean Kerner   |    February 04, 2008

It looks like Daniel Robbins - the guy that founded the Gentoo Linux distribution - may soon be on his way back to Gentoo. Robbins left Gentoo a few years back, did a brief stint at Microsoft for a time and for the most part has remained at arm's length from Gentoo.

The Gentoo Foundation has had some 'legal' issues lately so Robbins has offered to step in and restore confidence and leadership for the Foundation.

If the current trustees accept this offer, they are basically
handing the leadership of the Foundation over to me and the trustees
that I will choose. If I return as President, I will preserve
the not-for-profit aspect of Gentoo. Beyond this, you can expect
everything to be very, very different than how things are today.

This could be a VERY good ting for Gentoo which has stumbled a bit lately. Overall Gentoo is a fantastic distribution that is very different from the  Red Hat, Novell or Debian in alot of ways. Lately Sabayon Linux which is based on Gentoo has picked up some momentum - so it looked for a time that it could be like the Ubuntu / Debian situation (where Ubuntu is based on Debian; Debian faltered a bit and Ubuntu picked up massive share). It will be interesting to see how Robbins offer is perceived in the community and if Gentoo will emerge (pun intended) a more successful distribution.

IBM Not Going to Open Source OS/2

By Sean Kerner   |    February 04, 2008

While IBM is huge Open Source backer, when it comes to a legacy piece of their own proprietary code, Open Source apparently isn't an option.

OS/2 backers have sent a petition to IBM (actually their second such petition in the last few years) to get OS/2 open sourced. IBM isn't biting.

As stated in our response to your September 2005 letter we have
considered the positioning of OS/2 and open source several times in the
past, and for a variety of business, technical, and legal reasons we
have decided to not pursue any OS/2 open source projects.

IBM has service offerings that continue to be available for customers
who need ongoing support for OS/2, although IBM has no plans for
product enhancements.

Though it may seems like a long time since OS/2 was a viable option, it really hasn't been that long.  It was only two years ago that IBM officially (and finally) pulled OS/2 from the market. At the time IBM noted that they would continue
standard support until December 31 2006 and, beyond
that as a separate Service Extension fee-based offering.

How much IBM still makes from those OS/2 service contracts is unknown.

IBM since 1999 however has puts its bets on Linux and on its own AIX Unix OS. If an open source OS/2 were to emerge who is to say that developers could improve it and make a third choice?

IPv6 Added To Root DNS Today

By Sean Kerner   |    February 04, 2008

Big day for IPv6 today.

IPv6 takes a major step forward towards reality today with AAAA records for IPv6 addresses added to four of the key root DNS servers that power the Internet. IPv6 AAAA records are a key resource record type for storing IPv6 address information on DNS servers.

What it means in laymans terms is that you can potentially have a pure IPv6 to IPv6 internet experience over the public internet infrastructure. As far as I know before this you could only do IPv6 though dual stack IPv4/6 gateways or if you were on a Tier 1 backbone end to end.

AAAA for IPv6 on root DNS servers is the first step toward having a worldwide IPv6-capable DNS system. There is still a lot more work to go and it will be interesting to see how this all scales. Nonetheless having IPv6 addressing available on these key root DNS servers is a major milestone for IPv6

Movable Type Open Source? Not quite

By Sean Kerner   |    February 04, 2008

There was allot of hype a month ago in the blog world surrounding the announcement of Movable Type going open source.

At the time Anil Dash wrote:

As of today, and forever forward, Movable Type is open source. This means you can freely modify, redistribute, and use Movable Type for any purpose you choose.

That was back on December 12 of 2007. It's now a month later and guess what?

There is still isn't a stable Open Source (that is licensed under an OSI approved license) version of Movable Type that is fit for public consumption.  Movable Type is still pushing users who want 'free' to use their personal version - which is not Open Source.

The Truth is laid bare on Movable Type's own download page which states:

Movable Type Open Source Project

There is not yet a stable release of the Open Source version of
Movable Type. MTOS is currently under going testing with the community
to collect feedback and ensure the quality of the product as a whole.
In the meantime, unstable and untested nightly builds are available for download.

So either Movable Type's download page verbiage is inaccurate - or Anil was a little ahead of himself.

Mozilla Thunderbird 3 Starts to Take Shape

By Sean Kerner   |    February 04, 2008

Unlike Firefox, Mozilla Thunderbird has never been a particularly successfully project.

Both Firefox and Thunderbird were split out from the Mozilla Suite (which was based on the monolithic Netscape Navigator codebase) at the same time. Firefox picked up momentum, Thunderbird didn't.

The reasons why one project has flourished and the other floundered are many and varied.

In September of 2007, Mozilla tried to kick start Thunderbird by spinning it off into its own division. Some four months later they apparently now have some direction and plan. David Ascher who leads the Mozilla Thunderbird group now posted a lengthy discussion on what Thunderbird needs to do to prosper. Ascher is  proposing a]public milestone build of Thunderbird 3 in 2008 to get the ball moving.

The reasons why people don't choose to use Thunderbird are varied,
but two primary reasons appear to be: the lack of a built-in calendar
integration (compared to Outlook for example), or a search experience
that doesn't match that offered by competitors (gmail and for

From my point of view the Calendar issue is long standing, well known and a major issue. Mozilla's Sunbird effort is supposed to be a stand alone open source calendar that could be used. There is a Mozilla Lightning effort that was originally intended to be Sunbird implementation for Thunderbird - but it has been under development for so long it makes you wonder how actively it's actually being developed. It will be interesting to see if Ascher can overcome years of Netscape Mail baggage and Thunderbird mis-steps and get this project on track.

Mozilla Turns 10

By Sean Kerner   |    February 04, 2008

Time sure does fly. Today is the official 10th anniversary of the Mozilla Project.

MOUNTAIN VIEW, Calif. (January 22, 1998) -- Netscape Communications Corporation
(NASDAQ: NSCP) today announced bold plans to make the source code for the next
generation of its highly popular Netscape Communicator client software available
for free licensing on the Internet. The company plans to post the source code
beginning with the first Netscape Communicator 5.0 developer release, expected
by the end of the first quarter of 1998.

Ten years later Netscape no longer exists but its spawn Mozilla is thriving.

Ten years later Mozilla is on the upswing, sitting on the verge of new release in the form of Firefox 3 and is one again on the upswing challenging Microsoft's Internet Explorer.

Mozilla itself is still figuring out how to celebrate the milestone and according to Chief Lizard Wrangler (though no longer CEO) Mitchell Baker, the general idea is to have a year long celebration.

I really do mean a year to celebrate. Not one day,
not even the actual date the code was released. That's an important date and
we'll certainly celebrate it. But the code release was one part of what was a
much larger effort 10 years ago, and is a much larger story today. 1998 saw some
great accomplishments, and we'll celebrate them this year. The project has seen
great accomplishments all through this first decade, and we should celebrate
these as well.

Happy Birthday Mozilla! You've been kicked around a whole lot in your ten year lifespan but somehow you've managed to stick it out and survive.

Netscape Not Dead (Yet)

By Sean Kerner   |    February 04, 2008

netscape.gifFeb 1st was supposed to the end of Netscape Navigator support. In their infinite wisdom AOL has decided to stay Netscape's execution by one month to March 1st. AOL/Netscape development director Tom Drapeau made the announcement in a blog post.

Mozilla, Flock
and AOL are working together to provide tools to ease the migration of
existing Netscape browser users to our recommended Flock and Firefox
alternatives. Both Flock and Firefox are built on the same Mozilla
Firefox codebase.

There will be an update made available for
Netscape 9 users through the established Netscape browser update
feature that will streamline the process of choosing from these two
great browser alternatives.

Frankly, I don't really understand why AOL felt the need to extend the suffering of Netscape users. I suppose AOL got enough backlash for only providing 30 days notice, that they had to extend support. Additionally it really makes you wonder how many Netscape 9 users are actually still out there that need support.

Open Source Blogging Software Vendor Rolls in the $$

By Sean Kerner   |    February 04, 2008

Yes I know that this blog isn't powered by the open source blogging software Wordpress :( Though millions of other blogs are.  Apparently those millions of users are worth some money, a good sum of money in fact.

Automattic, the vendor behind Wordpress has just scored  $29.5 million in Series B venture funding. According to Wordpress founder Matt Mullenweg in 2007 alone (the free hosting platform for Wordpress blogs) attracted 1.8 million new users that created 25 million posts resulting in some 3.2 billion pageviews.

The New York Times, the flagship of media, is joining our existing investors Polaris, True,
and Radar in expanding their minority stake in the company. Automattic
is now positioned to execute on our vision of a better web not just in
blogging, but expanding our investment in anti-spam, identity, wikis,
forums, and more ��� small, open source pieces, loosely joined with the
same approach and philosophy that has brought us this far.

It's a big move for a company that isn't yet 3 years old but has grown up so incredibly fast.

Qt Goes For GPLv3

By Sean Kerner   |    February 04, 2008

In a big win for the GPLv3 license, Trolltech is now set make its Qt toolset available as GPLv3. Trolltech announced the move at the KDE 4 launch party which was recently held at the Googleplex. The general idea is that since Qt is now GPLv3, KDE (which is based on Qt) can now become a GPLv3 licensed Linux desktop.

It's a strange day indeed to see how far things have come in the last ten years. KDE was the first 'real' Linux Desktop in my opinion. The Free Software Foundation (FSF) opposed it in the beginning specifically because of Qt's licensing terms. The FSF then went on to back the GNOME Linux Desktop which has always been GPL compliant.

Fast forward to 2008 and FSF head Richard Stallman is singing the praises of Trolltech.

"I am very pleased that Trolltech has decided to make Qt available under
GPL v3," commented Richard Stallman, author of the GPL and president of
The Free Software Foundation. "This will allow parts of KDE to adopt GPL
v3, too. Even better, Trolltech has made provisions for a smooth
migration to future GPL versions if it approves of them."

Perhaps more importantly than the historical irony here is the fact that yet another key piece of open source infrastructure is now GPLv3. While initially it looked like there would be some hesitation towards GPLv3, it now would appear that there is significant forward momentum for GPLv3.

SimCity Goes Open Source

By Sean Kerner   |    February 04, 2008

I have to admit that I've never been much of a SimCity fan though of course I know plenty of people that were addicted to that game at one point or another. The latest twist in SimCity land isn't a new mod or expansion back but is the open sourcing of the SimCity source code itself..not the latest/greatest version mind you..but an older version.

Due to copyright issues the open source version of SimCity isn't called SimCity either - instead it's called Micropolis - and it's being released under the GPL.

The developer that is releasing the open source version of SimCity, Don Hopkins has also made it available as a game for the One Laptop Per Child (OLPC) effort.

"Micropolis" is the name of the current GPL open source code version of OLPC
SimCity. That was the original working title of Will Wright's city simulation
game. Since Micropolis is licensed under the GPL, anyone can do anything they
want with it that conforms with the GPL, except they can't call it "SimCity"
(and a few other limitations to protect EA's trademarks).

Micropolis is a dreadfully basic game and so far as i can tell it's based on something that i might have considered to be 'abandonware'. Then again it was and is a fun game and who knows maybe someone  will be able to expand it under the GPL into something more than it is.

Tom Brady's Low Tech Super Bowl playbook

By Sean Kerner   |    February 04, 2008

First off I have to admit that I don't care for Super Bowl commercials, I'm more interested in technology - real technology - the stuff that people use to improve their lives and enhance productivity.

While FOX had alot of high tech wizardry (overlay first down lines, amazing camera angles etc), and coaches on both sidelines had those big Motorola radio setups there was at least one notable instance of a very low tech solution to a very complex problem in the Super Bowl

Late in the fourth quarter on a critical fourth down play with the score NE 7 and NY 10 , the FOX camera shifted to a close up of NE QB Tom Brady in the huddle. Brady's left forearm sweatband was open revealing what appeared to be his playbook. This wasn't some kind of fancy LCD display (or was it?) or Bluetooth enabled unit that would enable him to shift through play scenarios. No this looked very much like a handwritten list of plays neatly put together on his wrist.

Brady's apparently low tech solution worked out well for him - NE made the conversion and ended up scoring on the drive (yeaah I know they still lost the game, but still).

With all the money at stake, I wouldn't be surprised if one day soon (if not already) QB's will in fact get some kind of flexible wireless wristbound playbook that they can use on field. Then again, though the technology isn't likely to be a hurdle, I suspect that QB's (and their coaches) in the clutch will continue to rely on their own experience and intuition to actually call plays.