RealTime IT News

Blog Archives

Twitter Rocks on Ruby on Rails

By Sean Kerner   |    May 30, 2008

From the 'it's what all the cool kids use' files:

Like everyone else, I've been a fan of Twitter (but don't call me a Twit) since it debuted over a year ago. In the last week or so Twitter has had a bunch of problems with service disruption and the like - in response Twitter developers are opening up about what makes Twitter run.  A lot of what makes Twitter run is Ruby on Rails (RoR).

We've got a ton of code in Ruby, and we'll continue to develop in Ruby
with Rails for our front-end work for some time.  There's plenty to do
in our system that Ruby is a great fit for, and other places where
different languages and technologies are a better fit.  Our key
problems have been primarily architectural and growing our
infrastructure to keep up with our growth.

Twitter developers believe in RoR and they've noted that it is the a great tool for development and rapid prototyping.

The problems of scaling are not unique to RoR (or Twitter) and it's a problem that I hope they figure out sooner rather than later. Twitter is a customer of Rails performance management vendor New Relic, so they do have a bit of external help too.

The RoR ecosystem continues to grow, this week at Railsconf there were a few interesting announcements and it will be interesting see how Twitter continues with its RoR usage and evolution.

Apple Updates Mac OS 10.5.3 for Security, Stability

By Sean Kerner   |    May 29, 2008

Apple's Mac OS X 10.5 'Leopard' users should download the latest update to their OS, version 10.5.3 as soon as they can. The latest update includes a long list of updates (addressing no less than 35 security issues). Apple patching OS X 10.4 "Tiger" as well.

Some of the high-level fixes in 10.5.3 include updated Flash player, Apache Web server, CUPS (printer server), iCal calendar, Ruby, single sign-on and Wiki Server components.

There are also a pair of critical fixes for OS X kernel that could potentially have allowed an attacker to trigger an unintended system shutdown.

On the stability side and compatibility side, Apple has detailed a long list of enhancements for 10.5.3. On the general side of things there are fixes such as:

  • Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
  • Addresses an issue with stuttering video and audio playback in certain USB devices.
  • Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
  • Fixes an issue in which certain attached hard drives may not show up in the Finder.

There are also stability and compatibility fixes for address book, AirPort (Wi-Fi), iCal, iChat, Mail, Parental Controls, TimeMachine and VoiceOver.

All told it's a lot of "stuff" that Apple is including in its latest update. 10.5.3 is the first major update from Apple since 10.5.2 came out in February of this year.

Mozilla's Guaranteed World Record Attempt

By Sean Kerner   |    May 28, 2008

The hype machine is certainly in full gear at Mozilla with the launch of its next generation Firefox 3 browser just a few weeks away. The latest 'stunt' that Mozilla is building to generate hype and interest is nothing short of breaking a world record.


That's right, the Mozilla people want to set an official Guinness Book of World Records record with the all time download record for software on a single day.

Mozilla has set up a portal page on its SpreadFireFox community marketing site to help drive the effort and track pledged downloads. As of this blog posting they've got 189 pledged downloads for whenever Firefox 3 comes out. Considering that there are over 170 million users of Firefox, I'd expect the number of pledged downloads to grow.

Whether or not it will be a World Record or not is another question - which leads to the bigger question of:

What is current world record for software downloads on a single day anyways?

The Guinness site does not list a result - for good reason. There isn't such a record.

According to Mozilla's FAQ on the World Record:

This is the first record attempt of its kind so there is no set
number. We'd really like to outdo the number of Firefox 2
downloads on its launch day, which was 1.6 million. Let's shoot for 5
million--the sky is the limit!

Neat idea. Set a world record for a record that has never been recorded.

Though Mozilla had a bunch of launch events around the release of Firefox 2 - it was the big New York Times Ad push for Firefox 1 that I remember as the biggest Firefox launch. With a seemingly guaranteed world record, Firefox 3 is likely to top that event as being the most memorable.

Mozilla Firefox 3 RC 2 - Coming June 5th

By Sean Kerner   |    May 28, 2008

From the 'not far now' files:

As I had predicted when Mozilla Firefox 3 Release Candidate 1 (RC1) came out,  RC2 is now officially in the works. Considering that code quality and stability should always be Job #1 this is the right decision - no need to rush and then upset users with a sub-optimal experience.

In a mailing list posting, Mozilla Developer Mike Beltzner noted that RC2 is not expected to impact a final delivery of Firefox 3 for mid-June. In order to make sure that happens Mozilla is being quite strict with the patches it is accepting into the RC2 stream. Beltzner wrote:

Many of the issues to be fixed in RC2 have already been patched, reviewed, approved and landed, thanks to work done last week to identify and drive the bugs into the product. Several localization  
updates have also been accepted. Please note that just because we've decided to produce another release candidate does *not* mean that we are accepting new patches - only those which fix issues that have been identified as required fixes for RC2 will be accepted, and even then your patch must come with a risk assessment and tests.

Sounds kinda tough to me - but it's a good kind of tough. Without some kind of strict control over patch inputs the release process could easily spiral out of control.

Officially the code freeze for Firefox 3 RC 2 is Noon PT today with final QA by Thursday June 5th.

Adobe's Flash Hit by Zero Day Exploit (nope)

By Sean Kerner   |    May 27, 2008


From the 'be afraid be very afraid' files:

*UPDATED** There is a security exploit in the wild for Adobe's Flash player for which there is currently no patch - yes folks it's a bona fide zero day exploit. (*see update at end of post - this report has now been revoked by the security reporting agencies**)

According to a report on Security Focus (they run the Bugtraq mailing list):

An attacker may exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts will
likely result in denial-of-service conditions.

Wait it gets better.

The Internet Storm Center (ISC) is now reporting malicious sites in the wild that are actively exploiting the issue. ISC handler
Adrien de Beaupre provides gory detail on how one particular site is using the flaw by way of a jpg image.

The latest update from Security Focus alleges that the issue is widespread with malicious code being injected into approximately 20,000 web pages.

Malicious code is being injected into other third-party
domains (approximately 20,000 web pages), most likely through
SQL-injection attacks. The code then redirects users to sites hosting
malicious Flash files exploiting this issue

This is no trivial exploit -  let's hope that Adobe does the right thing and gets this issue resolved ASAP.

**UPDATE MAY 29 ** Looks like this wasn't a zero day after all. Secunia and ISC SANS are now revoking earlier claims and noting that the issue was already known. According to Adobe :

This exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player (CVE-2007-0071). We strongly encourage everyone to download and install the latest Flash Player update,

While initial reports seemed to indicate that was at risk ISC handler Jim Clausing notes that is not the case:

We have yet to see one of these that succeeds against the current
version (, if you find one that does, please let us know via
the contact page.

Facebook Going Open Source? Not Quite.

By Sean Kerner   |    May 27, 2008


**UPDATED** From the 'read the fine print' files:

If the rumor (and TechCrunch) are to be believed - Facebook is going Open Source. Kinda/sorta.

The root of the leaked news is that the Facebook Platform which allows third-party developers to build applications for the social utility's users will move to an Open Source license. The open sourcing of the Facebook Platform is not (unless I'm missing something) an Open Sourcing of Facebook itself - which though it is built on open source components is not open source itself. That is - don't expect to be able to simply download a tar ball and build your own Facebook next week.

The open sourcing of the Facebook Platform fundamentally means that the developers will be able to freely extend and integrate with Facebook in an unobstructed manner.

IMHO I think all developer tools that extend platforms should be open source - it's good for developers and it's great for the platforms as it removes barriers to entry.

The Platform release won't be Facebook's first official foray in releasing open source code either - last year Facebook open sourced Thrift which Facebook defines as,"a software framework for scalable cross-language services development".

*UPDATE* just got an email from Facebook clarifying their plan:

working on an open-source initiative that is meant to help application
developers better understand Facebook Platform and more easily build
applications, whether it's by running their own test servers, building tools, or
optimizing their applications. As Facebook Platform continues to mature,
open-sourcing the infrastructure behind it is a natural step so developers can
build richer social applications and share what they've learned with the
ecosystem. Additional details will be released soon.

Who Is The Most Exciting Networking Vendor?

By Sean Kerner   |    May 23, 2008

From the 'everybody loves popularity contests' file:

Research firm The InfoPro has an interesting study out on who enterprise IT buyers consider to be the most exciting networking vendor.

The winner?  Cisco by a wide margin.

The study involved over 130 one-on-one hour-long interviews with Fortune 1000 companies. Over 50 percent of whom ranked Cisco as the most exciting vendor.

Though Cisco was the dominant choice, the study showed that Cisco should be looking over its shoulder at Juniper Networks who came in second at almost 20 percent. According to the InfoPro, Juniper saw the largest jump in the percentage of organizations considering it an Exciting Vendor, nearly doubling from 10 percent in the previous study which was published in the summer of 2007.

Application acceleration vendor Riverbed placed third at just over 10 percent, while HP and Foundry round out the top five.

"Though Cisco still leads the pack, Networking pros feel
that innovation in the Networking market seems to have temporarily halted.
This is having an effect on where they are looking to obtain the Networking
solutions they need," said Bill Trussell, Managing Director of Networking research for
TheInfoPro  in a statement.

How Much is a (knock-off) Web Browser Worth?

By Sean Kerner   |    May 22, 2008


Answer: At least $30 million.

Flock - which is a pimped version of Firefox for social networking - has just raised another $15 million in financing. This is a Series D financing that was led by Fidelity Ventures (Bessemer
Venture Partners, Catamount Ventures and Shasta Ventures, also
participated). Total financing to date for Flock is now hovering at around $30 million.

According to a release issued by Flock - "Since January 2008, Flock's user base has
increased by more than 250 percent while its revenue has risen by more
than 400 percent."

Without the proper context of knowing how much their revenue was prior to January of 2008 the growth doesn't mean much to me (though on the surface it sounds impressive). Mozilla makes its millions primarily through Google. I'd suspect that Flock makes its money in much the same way with a variety of affiliate and search driven models for revenue generation.

Personally I don't use Flock (though I've tried it). The problem for me in a basic sense is that Firefox is the base, and for me I customize Firefox my own way (yeaaaah I'm my own pimp) to meet my social networking needs.

I'm running Firefox 3 RC 1 now (and yes I've got IE 8 Beta running on my Windows test box) which is the bleeding edge of browser innovation. Is Flock based on Firefox 3?

According to the Flock FAQ - not yet.

Flock will be moving to the Firefox3 engine when it is completed,
and we've already pushed some bug fixes and enhancements for Firefox3
to the Firefox team.

It's not necessarily a contest between Flock and Firefox, since both are open source and do collaborate to a certain extent and choice is always a good thing. But it is interesting to see how an open source product, based on another open source product can generate $30 million in financing.

Coverity Makes its First Acquisition

By Sean Kerner   |    May 22, 2008


I just got an early heads up that code analysis vendor Coverity will announce on Tuesday May 27th that it is acquiring software build management vendor Codefast.

Coverity and Codefast are both privately held and financial details are not being disclosed.

According the unreleased press release that I obtained, Codefast's products will be integrated into Coverity's DNA MAP analysis system, " further expanding the
company's platform of products that enable software development teams to ensure
the integrity of their code."

I'm always interested when deep technical firms like Coverity acquire code. Fundamentally what it means is that the stuff they are acquiring is something they didn't want to build on their own (timing/cost or other reasons), and that makes it intriguing.

Coverity has been in business for five years now and just recently got a $22 million dollar round of financing from Foundation Capital and Benchmark Capital. The acquisition of Codefast is the first company acquisition made by Coverity.

Earlier this week, Coverity announced the details of a report on open source code quality - an effort that is being financed in part by a grant from the Department of Homeland Security.

Mozilla Firefox 3.1 Coming This Year

By Sean Kerner   |    May 21, 2008


From the 'don't count your chickens till they hatch' files:

Firefox 3.0 is not yet officially out the door but Mozilla developers already have a plan -- and a timeline - for Firefox 3.1. The draft plan -- as it is currently being floated on the Mozilla developer lists -- is for Firefox 3.1 to be released within six months of the release of Firefox 3. Considering that the final Firefox 3 is likely within a matter of weeks that would mean we'll see Firefox 3.1 in 2008.

The release of Firefox 3.1 will also mark the likely end of life for support of the current Firefox 2.x browsers. The plan (as it has been since the release of Firefox 1.5) is to have security/stability updates once every two months or so, until the next 'feature' release -- which is Firefox 3.1

"There were a number of features that we held back from Firefox 3 because they weren't quite ready - but they were nearly complete,"  Mike Shroepfer  VP engineering at Mozilla wrote in a mailing list entry

The features that Shroepfer includes are some additional interface integrations, performance tuning and JSON DOM binding to name a few. Certainly these are things that will improve Firefox, but in my simple view none of the things that got left out of Firefox 3 are as dramatic as what got left out of Firefox 2.  The omission of the Places (new bookmark/history engine) was a major feature drop in my view , and I'm thrilled that it's fully and properly implemented in Firefox 3.

So sure Firefox 3.1 will be interesting...but the bigger jump won't come till 2009 (or beyond) with Firefox 4, which will be based on the new Mozilla2 platform that Mozilla CTO Brendan Eich has been talking about for some time. Firefox 4 will likely be the first browser to herald the most important evolution of JavaScript since Eich created it over a decade ago.

Wii Fit - I Got One and Yes I Had to Line Up

By Sean Kerner   |    May 21, 2008


From the 'standing in line for new tech' files:

I woke up a little earlier than normal this morning and headed over to my local Wal-Mart to get a Nintendo Wii Fit. It was 7:30 AM when I got there (the store didn't open till 8 AM) and there was already a line out front.

What kind of technology inspires people to line up? 

It's a rare breed to be sure. Certainly people lined up for the Apple iPhone ahead of its big release and Nintendo's Wii shortages overall have been legendary.  Seeing people line up for a chance to exercise with their Wii in a new way is something that got me thinking. Why am I doing this?

Well in my case, I've got the Wii (which I had to line up for to get initially too) and like every techno geek I always want the bleeding edge of innovation.  The way that Nintendo has managed to restrict supplies and market its message are second perhaps only to Apple so that certainly helps too.

While I was standing in line, I tried to think about any other technologies that I'd line up for and then it hit me. The media 'frenzy' surrounding the latest Firefox 3 release is kinda/sorta in the same vein. We in the media hang on every little tidbit of info from Mozilla, writing/blogging about every alpha,beta and release candidate. The early indications of download numbers for the development version of Firefox 3 also seem to indicate large uptake. Certainly there are no physical lineups and there is no shortage of supply, but i suspect that if Firefox were a physical retail product I'd likely line up for it just like I lined up for the WiiFit.

As for the Wii Fit as it turns out I was the 25th person in line and my local Wal-Mart got 35 units. I haven't actually opened the box yet. I got enough exercise this morning standing in line.

Linux Soon to be in your Car

By Sean Kerner   |    May 20, 2008


From the 'I got Linux in my Bimmer' files:

Thanks to a new joint effort between Intel and Wind River, you may soon be running Linux in your car.

The effort will run under the auspices of the Intel led effort   and will deal specifically with the in-vehicle infotainment marketplace. The idea is to create a Linux based Open Infotainment Platform that will run on Intel's Atom processor. According to a release issued by Wind River, BMW, Bosch and Delphi are among the companies that are already supporting the effort.

The actual open source code specification is not yet on the Moblin site though Wind River expects to make it available by August of 2008.

In my opinion, this is clearly another victory for embedded Linux which is an incredibly important area for the Open Source operating system. Linux is making inroads in the embedded mobile space thanks in large part to the leadership of Motorola and others. In the consumer space MontaVista Linux has done well thanks to numerous partnership including a very strategic one with Texas Instruments.

The involvement of Wind River is also very noteworthy. After all it wasn't all that long ago that Wind River was the 'competition' for embedded Linux, with the Wind River VxWorks embedded OS (and certainly VxWorks still does compete in many instances). But Wind River is now clearly active and aggressive with its Linux initiatives and that's a great thing for the embedded market.

Will IBM Buy Zend / PHP ?

By Sean Kerner   |    May 20, 2008

There is a report on the Washington Post that confirms that Zend (the lead commercial sponsor behind PHP) is laying off some of its workforce. The article speculates that the reason is due to Zend wanting to be cash flow positive in order to be a more attractive acquisition target.

Which begs the question - Who will acquire Zend?

In my view, there can only be one company and that company is IBM. Let me explain by first eliminating the other potential suitors.

Sun has already spent its cash on MySQL (the 'M' in the LAMP stack) shelling out $1 billion. Most MySQL databases that I've ever seen or touched were connected by PHP in some way so it might make sense for Sun, but for the fact that they have Java. Though Sun has said they're not out to replace the LAMP stack, considering the have Java and Solaris, I'm somewhat skeptical.

Oracle was at one time rumored to be in the hunt for PHP. Zend has a strategic relationship with Oracle producing a Zend Core (certified PHP) stack for Oracle databases. The way I see it now, Oracle might benefit from owning Zend as it would contribute to its overall end to end stack strategy, but it's certainly not a core advantage in that Oracle doesn't have its own deep PHP platform type of development.

Which leads us to Big Blue -- IBM.

QED Wiki, Project Zero (now a Websphere product) and some interesting mashup technologies at IBM all  utilize Zend developed or led technologies. IBM is a strong contributor to the Zend Framework (which might be considered an alternative to .NET and JavaEE). From my own limited experience at events where both IBM and Zend executives were speaking, there is a very cordial working relationship between the two firms.

Zend would give IBM its own  language play, something with which to counter Sun's Java, offer a complement for IBM's existing Websphere developments as well as providing IBM with a strategic services differentiator versus HP (and its EDS division). PHP is a competitive technology to Java and the simple logic that I have would seem to imply that Zend would be a strategic buy for IBM.

Considering that Zend is currently a privately held company it's difficult to guess what their cash flow might be and what they might be worth. The ridiculous price that Sun paid for MySQL has also no doubt inflated expectations which might make a deal difficult to achieve -- after all it's quite likely that there are at least as many PHP deployments as there are MySQL deployments.

I don't think that IBM will pay $1 billion for Zend, but I do think that eventually they will find the price that is right.

Firefox 3 Hits Release (Candidate)

By Sean Kerner   |    May 19, 2008


From the 'are we there yet?' files:

Firefox 3 Beta 5 is a solid browser, in fact I've been using it as my everyday browser (on Linux) for weeks without issue. That said there is always room for improvement and that's what the new Firefox 3 RC 1 (release candidate) which is now available claims to offer.

RC 1 fixes stability and feature bugs as well as improving performance by fixing even more memory leak issues.

Overall, sure Firefox 3 offers some neat feature improvement and usability upgrades but the bottom line for me (and why I moved to Firefox 3 as soon as I felt it ready) is that Firefox 2 was sucking up waaaaaaaaaaaaay too much memory over the course of my browsing day. If you're like me you keep your browser open all day, with multiple tabs,  among them more than a few sites that are heavy with Ajax. Firefox 2 over time would just eat up memory (and in many cases processor cycles). That just doesn't happen with Firefox 3 (at least in my experience thus far).

There was a time when Beta meant - software that isn't ready for prime time. But thanks to Google's abuse of the term 'Beta', that's not the case anymore. Sure Firefox 3 is officially at RC1 now and sure Mozilla developers (being a cautious bunch of perfectionists) are aiming to further improve stability and performance -- which is all good - but my reality is that Firefox 3 works for me now.

Mozilla will still likely have at least two more release candidates before finally taking Firefox 3 out of the oven. As opposed to the run up to the Firefox 2 in which Microsoft's IE 7 was in a neck and neck race, IE 8 is still an early release that will likely take many more months till it's close to being a viable competitor to Firefox 3.

AOL Hacked? I Don't Think So.

By Sean Kerner   |    May 16, 2008


From the 'look ma I just discovered Link Spam' files:

I see a good number of bogus security announcements and pronouncements in any given day. Today I got one forwarded to me from a number of peers about an AOL hack 'discovered' by Roger Thompson, Chief Research Officer of AVG Technologies.

The PR pitch that I got from the PR firm notes that Thompson,  has discovered that a rolling headline on this morning,
"Disgraced 'Oprah' Author Is Back,"is hosting a fake codec.

SURE that caught my eye.

But when you actually read Thompson's post and see the issue, it's really a different thing all together. Unless I'm a total idiot, it simply looks like some spammer has put a bad link in a comment on a post. If a user clicks on the link it takes them to a seperate page where the codec issue might exist.

Is this a hack? Is this AOL hosting 'bad codecs?  HA!!

No way! This is just link  spam and who among us, even with spam filters, CAPTCHA and other mechanisms doesn't get hit by spam?

Oh and the link? It's for the pervs who are looking for naked Paris Hilton videos (so  it's not like it's even close to being something that could be considered a legitimate link or trackback for this story in the first place).

Here's a copy of the image linked from the 'researchers' page:

Ubuntu's Pipe Dream : True Free Software Syncronicity

By Sean Kerner   |    May 15, 2008

Mark Shuttleworth, the founder of Ubuntu lead sponsor Canonical has an 'interesting' idea.

In a blog post where he talks about the Ubuntu release cycle moving forward, he poses the surreal ideal of having synchronized Linux distribution releases across multiple Linux vendors.

 If two out of three of Red Hat (RHEL), Novell (SLES) and Debian are
willing to agree in advance on a date to the nearest month, and thereby
on a combination of kernel, compiler toolchain, GNOME/KDE, X and
OpenOffice versions, and agree to a six-month and 2-3 year long term
cycle, then I would happily realign Ubuntu's short and long-term cycles
around that. I think the benefits of this sort of alignment to users,
upstreams and the distributions themselves would be enormous. I'll
write more about this idea in due course, for now let's just call it my
dream of true free software syncronicity.

While I have a great deal of respect for Mr. Shuttleworth and what he has accomplished in his life, I don't think distribution syncronicity is something that will ever happen - nor should it.

Think about this for a sec. All distributions today get to pull from the same upstream Open Source projects like Linux, Firefox, GNOME, KDE and Which means that each distribution today has the same opportunity at pulling the same applications at the same time. Linux in that way is an equal opportunity for all distributions.

Yet equality and syncronicity stops there - as it should. Each distribution does different things with the Linux kernel (testing, patching etc) and each tries a slightly different tact at package integration since the application package landscape is a moving target. A Linux distribution is a snapshot of the broader Open Source development community at a point in time. If all Linux distributions took the same snapshot that wouldn't be terribly diverse and would serve to further commoditize Linux.

My idea of true Free Software syncronicity is a lot more basic than Shuttleworth's. I'd like to see common packaging across distributions (sure the Fedora PackageKit thing is a good idea) such that users aren't stuck choosing a distribution based simply on whether or not there is a deb or RPM file for the app they want. Sure you could always go the Gentoo Linux route and build everything from source tarballs (but that's a bit painful sometimes).

From a selfish journalist point of view - Shuttleworth's version of syncronicity would also be terribly boring. I mean instead of being able to write about Ubuntu, Fedora and OpenSUSE releases on their own specific release dates and give each their due - I'd have one release day for all and lump them all together. As it is, Fedora, Ubuntu and OpenSUSE release tend to occur within a nice 10 week span, just as a function of circumstance.

Moonlight (Open Source Silverlight) Hits Public Release

By Sean Kerner   |    May 15, 2008


From the 'may require some assembly' files:

The first 'public' release of Moonlight - which is the Novell led open source effort to replicate Microsoft's Silverlight on Linux - is now available, (though I'm not quite sure that it's production quality yet).

You see the first public Moonlight build doesn't include media codecs by default. Sure you can compile stuff in yourself after the fact - but then again I could also just virtualize Windows and run Silverlight natively too.

Too add further salt - it doesn't currently work on Firefox 3 either. Moonlight developer lead Miguel de Icaza blogged:

Although Moonlight works on Firefox 2 and Firefox 3, recent
changes in Firefox 3 prevent Silverlight and Moonlight from working (For
see #432371,
There is
a user
contributed Greasemonkey script
that will work around this
bug for some sites (requires Greasemonkey).

So yes Moonlight is out, but it's got a few rough edges and isn't a 100 percent apples to apples comparable technology to Microsoft's Silverlight (yet).

As de Icaza and his team continue  moving towards the Silverlight 2.0 profiles I'd suspect that Moonlight will improve and soon enough become a viable option. It kinda reminds of Mono in the early days, which also didn't quite work as it should in its first few releases but lately seems to be quite solid.

Google Gets IPv6 Religion - But Do You?

By Sean Kerner   |    May 14, 2008

From the 'we're running out of addresses' file:

Google has announced that it is now available over IPv6. Specifically you can access Google search with the next generation Internet protocol. To hit Google on IPv6 you must first be running IPv6 though (

While this is 'good' news I suppose it also exposes the fundamental flaw and issue with IPv6 as it currently stands.

Why aren't more sites available on IPv6? (and why is Google doing this now?).

The problem is simple and complex at the same time. While the US Government itself is moving to IPv6, US based enterprises are not. (It's a problem that I've been researching for the last few weeks in fact).

And why should they?

Sure the 'chicken littles' of the world are saying the sky is falling and we're running out of IPv4 address space (which is true). But the reality in this part of the world is that we've got enough IPv4 to keep us from feeling any shortage. The reality is every organization in this part of the world has already figured out the IP address issues by using NAT and port forwarding scenarios that provide an abundance of addressing options.

So YES, great to see Google jump publicly on the IPv6 bandwagon, but it would be better to see you (yes you dear reader!) jump on the IPv6 bandwagon too.

Beware of Calendar SPAM

By Sean Kerner   |    May 13, 2008

From the 'I don't remember making an appointment with a spammer' files:

I get a lot of email over the course of any given day/week/month. I also tend to book many appointments for briefings and such (often driven by email calendar event requests). For the most part the only reason why my calendar is full is my own doing -- but there is a new risk that I've recently become aware of.

Calendar SPAM.

Yuup. Spam has evolved from just jamming your inbox to also polluting your Calendar too.  The Calendar spam technique targets both Microsoft Outlook and Google Calendar users. Security vendor McAfee recently blogged that they've now seen Calendar Spam too.

According to McAfee it's still a low volume threat. Apparently the way it works is by taking advantage of users who automatically accept incoming meetings (so just disable that if you're got it enabled) and then including the spam message in the event meeting details.

Sure it's something that can be easily avoided with some filters and proper configuration, but still it's something that's annoying. After all who want to get a Reminder popup letting them know they've got an appointment with Spam (unless it's the lunch meat and you put that into your calendar as a reminder of what you're going to eat...).

Mozilla Data Project Is Not a Good Idea

By Sean Kerner   |    May 13, 2008


I'm a fan of Michael Arrington and his work at TechCrunch, though I disagree with his assessment of Mozilla's new secret 'Data' effort.

The plan is basically to collect data from Firefox users (who opt in) in order to provide a data set on site popularity and user trends. It's an interesting idea and one that might help Mozilla, but IMHO it's not a good one for the broader marketplace for a few reasons.

1) The data will always be biased because it will only be for Firefox users
2) 'Hackers' will try to do 'bad things' with the data which could well provide personally identifiable information (sure Mozilla would do its best to secure users, but the point is they would be providing a new potential attack vector).
3) More data isn't always better. Every web server in existence has some form of log system which accurately measures real traffic. Adding yet another new statistics system only confuses an already confused marketplace.
4) A users 'History' file already tracks the data (though it doesn't  publish it publicly...).

I personally like what Red Hat's Fedora project is doing with users statistics. Fedora (by way of its Smolt technology) tracks how many IP addresses actually connect to Fedora Update servers. With that data Fedora know how many 'active' Fedora installations it has.

How many active Firefox installations are there? Sure we know how many downloads, but wouldn't it be great to have real number on users too?
**UPDATE 5:41 PM EDT - I'm wrong on the Firefox installations issue. Mozilla's Asa Dotzler commented below (thanks Asa!!) that Mozilla does have stats on this now and that current users number about 170 million **

So YES, getting stats is a good thing. And YES Mozilla Data will be a solid effort at understanding what Firefox users may be doing. But NO I will not personally participate myself and while I'll comment on their Data (when it's available) I'll always take it with a grain of salt. 

Cisco Getting New 'Cool' Leadership for Switching Biz

By Sean Kerner   |    May 12, 2008

From the 'what happens after keynotes go bad' file:

After 15 years, Cisco's Jayshree Ullal, SVP, Data Center, Switching & Services  is leaving. Ullal managed a $10 billion business at Cisco.

"Yes, I can confirm that after 15 years at Cisco, Jayshree has decided to leave the company to pursue other opportunities," a Cisco spokesperson wrote in an email to "At this time, Jayshree is in the process of exploring other opportunities and has not made any commitments."

Ullal also wrote a blog post on the Cisco data center blog in which she provided some highlights of her career, though not much in the way of reasons as to why she is leaving now.

Ullal will be replaced by John McCool who will assume Ullal's post alongside maintaining his current role of leading  Cisco's Campus Switching Systems Technology Group. McCool will be  reporting directly to Cisco CEO John Chambers.

Without reading too much into this executive shift, I think McCool's new responsibilities tie in nicely with Cisco's overall business consolidation effort. Frankly I don't understand why Campus Switching should sit under different leadership anyways so this move makes great sense.

Let's just hope for McCool's sake that if he ever takes the stage at a big IT conference, his presentation goes better than the one that Ullal recently did at Interop.

.ORG Domain Prices Set to Rise

By Sean Kerner   |    May 12, 2008
From the 'everything is getting more expensive' files:

The .org top level domain (TLD)is soon to become more expensive for those that want a domain. The Public Interest Registry (PIR) which manages the .org TLD has informed ICANN that they're hiking fees later this year.
The wholesale price for a .org domain will rise to $6.75 effective November 9, 2008. Currently PIR charges $6.15 for a .org domain name registration (0.15 cents of whcih goes directly to ICANN as a transaction fee).

The increase in .org pricing will come a month after .com and .net pricing (managed by VeriSign) get hiked. The wholesale price of a .com domain on October 1, 2008 will go from $6.42 to $6.86 while .net will rise from $3.85 to $4.23.

GPL 1 : Skype 0

By Sean Kerner   |    May 09, 2008


From the 'don't bet against the GPL ' files:

Guess what? The GPL is not in violation of any type of German anti-trust laws.  VoIP vendor Skype had argued in a German court that they didn't have to adhere to the letter of the open source GPL license, but the German court has now ruled against them.

Harald Welte (who has been on a seemingly one man crusade in Europe against Skype)  reported on his blog that:

In the end, the court hinted twice that if it was to judge about the case,
Skype would not have very high chances. After a short break, Skype decided to
revoke their appeals case and accept the previous judgement of the lower court
(Landgericht Muenchen I, the decision was in my favor) as the final judgement.
This means that the previous court decision is legally binding to Skype, and we
have successfully won what has probably been the most lengthy and time
consuming case so far.

So the lesson here is simple. Whether you're Verizon in the US or Skype in Germany, if you use GPL licensed code, then the terms of the GPL license apply to you.

Israel @60 : Tech Innovations that Changed the Industry

By Sean Kerner   |    May 08, 2008

The state of Israel turns 60 today and I've seen all kinds of coverage on TV/newspapers/web. From a technology point of view there are a bunch of things that have come from that tiny country, but for this short blog post I'm going to highlight three vendor/technologies in particular.

ICQ: I couldn't do my job without instant messaging today. If you're like me than you have ICQ to thank. Israeli based Mirabilis launched ICQ -- the first 'real' internet wide instant messaging app - in 1996. AOL bought them out in in 1998 for $407 million and to this day in the US, AOL is still arguably the largest IM network.

Check Point : A number of different individuals 'claim' to have invented/pioneered the firewall, but it was Check Point that deserves a lot of credit and is the vendor that really took it main stream. Remember the mid 90's ? If you wanted a firewall you got Check Point, there really was no other viable choice.

Zend : While Zend did not invent PHP (and certainly PHP was popular without Zend), it is Zend that has become the leading voice commercially for PHP on a global basis. Tens of millions of websites (including use Zend developed PHP code in some way shape or form.

So if you use instant messaging, PHP or have a firewall, give thanks to the state of Israel today.

Don't Run Mozilla Firefox in Hanoi !

By Sean Kerner   |    May 08, 2008


From the 'many eyes don't necessarily mean better security' files:

Open Source thrives on the idea that contributions help to grow development. Open Source thrives on the idea that many eyes looking at open code can provide better security than proprietary closed models.

Unfortunately on the security side, it's not always the case. Mozilla's Chief Security person Window Snyder has publicly admitted that Mozilla was inadvertently allowing a virus infected Vietnamese language pack for Firefox to be distributed. Snyder noted that the infected code could result in users seeing unwanted ads and could be used as a launching point for other malicious actions.

Mozilla is not aware of precisely how many users may be at risk,  though they do know that there have been 16,667 downloads of the language pack since November of 2007.

So how did this happen? Doesn't Mozilla do some kind of security scanning before they distribute code?  Snyder explains:

Mozilla does virus scans at upload time but the virus scanner did not
catch this issue until several months after the upload.  We are also
adding after-the-fact scans of everything to address this sort of case
in the future.

IMHO, while it's NOT GOOD that this happened in the first place, it is good that Mozilla is being relatively open about this now and is taking the appropriate steps to make sure it doesn't happen again. 3 Hits Beta Testing

By Sean Kerner   |    May 07, 2008

From the 'newer, better, faster' files:

After what seemed like an eternity (to me at least) 3.0 (OOo) is now finally in full Beta testing. Hurray!

There are a lot of things to like about OOo 3, but on the surface it just 'looks better' with new icons. It also supports importing Microsoft's Office 2007 XML formats as well as OpenDocument Format (ODF) 1.2 standard. OOo's solid marketing team has listed a full list of new features in a nice high level document.

OOo will also be the first OOo release to be distributed under the LGPLv3 open source license.

OOo overall though has made some significant strides lately in smaller point releases. The OOo 2.4 release last month added a nice bunch of new charting improvements.

Does OpenSolaris Matter?

By Sean Kerner   |    May 06, 2008


I'm not sure.

Sun first announced OpenSolaris in 2005 but they keep finding ways to announce 'first releases'. Yesterday was one such release.

I've written about a number of OpenSolaris releases over the years, often though under the guise of the Solaris Express Developer edition mantle as well as OpenSolaris based distributions like Nexanta (which uses Debian)

Apparently though after three years of development, Sun is now finally ready to make an OpenSolaris branded release stand on its own.

Why didn't OpenSolaris have a full release in the beginning
just like any other normal open source operating system distribution?

Well I suppose you could argue that their new Project Indiana
package system (now called the OpenSolaris Image Packaging System - IPS)) is one reason.

 But hey wait a minute, open source packaging system...sounds vaguely familiar...

About 10 years ago I was really excited when RPM came
out. Isn't IPS just an RPM-type system for Solaris? And if so, isn't this 10
years late?

Don't get me wrong on a personal level I think Sun is doing a
lot of things right. I'm actually writing this post on a LiveCD version of
OpenSolaris now.

I also think Sun is moving in the right
direction with OpenSolaris -- an open community approach to developing an OS is
the right way to drive innovation. What I question is how long it is taking to
get there and how they may lag behind Linux development in terms of adoption.

What I question is how open OpenSolaris actually is in terms
of reciprocity.

After all OpenSolaris is licensed under CDDL and not GPL
like Linux. Smarter minds than mine have noted that the GPL is the magic
sauce that helped to make Linux more successful than the BSDs
.  CDDL does not require reciprocity so in
practice a company could extend OpenSolaris code and not be required to
contribute back.

While some might want to compare OpenSolaris against Linux,
I think the closer comparison is with FreeBSD. 
They both share a common Unix heritage and they both have BSD type
non-reciprocal licenses. FreeBSD also may yet benefit from Dtrace and ZFS as
well whereas it is unlikely that those technologies (in the form that Sun
licenses them) will be integrated in any significant way in any mainstream
Linux distribution.

OpenSolaris also may prove to have a commercial
competitive edge over FreeBSD as well in that Sun with offers full commercial support. FreeBSD does have many people supporting it
but it doesn't have the strength of a Sun behind it.

So where does that leave OpenSolaris? 

Well I think OpenSolaris matters to those
that would consider BSD. For Linux users, OpenSolaris is still playing a bit of
catchup and it will be interesting to see over time if it does in fact catch up
in terms of community and broad participation. 
When and if Sun will ever be able to claim (like the Linux Foundation) that it has thousands of contributors from a wide spectrum of vendors remains to be seen. Participation alone does not dictate if an open source effort matters, but it sure does affect adoption. 

SCO Novell Trial - The Verdict is...

By Sean Kerner   |    May 05, 2008

I wish I knew! But as of this posting, Judge Kimball has not made his decision in the SCO versus Novell trial that occurred last week.

The ever vigilant Groklaw site has posted pdf/html transcripts of each day of the trial, which make for interesting reading if you've got the time. If you don't I'll save you the grief and make it easy. SCO, under the direction of CEO Darl McBride stuck to its guns claiming that Linux is a copy of Unix. Novell stuck with its argument that SCO never acquired all the rights to Unix.

So where does that leave things?

In my simple layperson, I'm-not-a-lawyer-and-don't-pretend-to-be-one-either view it leaves things in pretty much the same spot they were before the trial started -- with one major exception. Instead of Novell and SCO just making their respective cases, this time around the Judge will make a ruling based on the arguments and facts presented.

Regardless of the outcome, I expect the losing side (Novell or SCO) to appeal. An appellate judge (if the appeal is granted) will be the final arbiter here.

That said,  it will be very interesting to see what Judge Kimball actually rules. He's already made a summary judgment against SCO that favored Novell's view of who owns what in terms of Unix. The key issue at this point is how much (if anything) will he award to Novell or will he somehow change his view based on the testimony?

Frankly I'm still amazed that SCO has hung in this long.Though it is easy to paint SCO as the villain in this drama, it's also possible to see this as a Tragedy (Greek or Shakespearean) in many ways. McBride (the tragic hero?)really does believe in his view and he is sticking with it to the (bitter?) end.

Interop Las Vegas 2008 Roundup

By Sean Kerner   |    May 02, 2008
That was fun.

Well Interop Las Vegas 2008 has come and gone and I'm still somewhat sane.  With the addition of the Software 2008 conference into Interop this year, the volume of sessions was more overwhelming than past Interop events.

Perhaps the biggest challenge I heard from many people was the challenge of deciding what session to go to, since so many overlapped. In fact the conference organizers even overlapped sessions with Keynotes -- which I personally think was a very bad idea.

That said, there was lots to see and hear.

On the show floor, there was the mix of everything that is networking (and at least one that wasn't with the Happy Feet booth...since networking pros have feet issues apparently) with big network vendors, acceleration, testing, power, security, wireless and connectivity booths.

I always personally get a real kick out of the Interop Labs area where you can get hands on with stuff, this year I went hands on (again) with NAC and some Unified Communications stuff.

On the news and trends side, sure 10GbE is there as is virtualization. The biggest thing though (and this may seem quaint) is the broader and continuing realization of what networking is all about. That is, networking exists to enable applications. Being application aware is incredibly important and is something that vendors of all sizes are now claiming to do.

As always I wrote 'a few'  stories from the show (18 in total), so for your reading enjoyment, and as one last look at Interop LV 2008, here you go...


Interop: Applications And Networks Need to Unite
[May 01, 2008] Future of application delivery discussed at Vegas conference.

Meeting The Challenge of 10GbE
[April 30, 2008] What is the key to 10 gigabit Ethernet? And is there one?

Is It Time to Rethink IT's Priorities?
[April 30, 2008] At Interop, Citrix's CEO explains why the industry needs major change before it can grow.

Interop: How Comcast, Verizon Fight Spam
[April 30, 2008] Major networking players address e-mail's never-ending nuisance.

Interop: The Problem With NAC
29, 2008] While interest swells in Network Access Control and vendors
converge around standards, would-be adopters still need to weigh some
serious decisions.

Ethernet: Getting Faster, Getting Greener
[April 29, 2008] As the race toward faster speeds continues, so too does the search for reducing power consumption.

Nortel Pitches Networks Revamp For Virtualization
[April 28, 2008] Linux-based hardware appliance aims to optimize virtualization for datacenter deployment.

'NAC 2.0' Takes Shape Under Networking Giants
[April 28, 2008] Microsoft, Cisco and TCG converge on standards as broader network access control standards emerge.

Riding Out The Slowdown, Speeding Up Networks
[April 25, 2008] Can networking gear help to recession proof your network?

Laying The Groundwork For 10GbE Networks
[April 25, 2008] As the networking world moves to 10GbE networks, it's not just speed that

On this Blog:

PHP 5.2.6 Updates for Security

By Sean Kerner   |    May 02, 2008

PHP users -- time to update!

Ilia Alshanetsky PHP 5.2 Release Master has officially announced the availability of PHP 5.2.6.  In his release announcement Alshanetsky noted:

This release focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

On the security side there are at least five issues that are addressed in the 5.2.6 update which security vendor Secunia has rated as being 'moderately critical'.  The issues if left unpatched could potentially lead to a denial of service (DoS)  or unauthorized system access.

One of the flaws was credited to security researcher Stefan Esser, who has been an outspoken critic of PHP security for years and was responsible for the month of PHP bugs effort in 2007.

Interop : What Users Want

By Sean Kerner   |    May 01, 2008
LAS VEGAS. At a show as big as Interop there are always a lot of different technologies on display, some of them being more interesting than others.

But what are users/attendees actually interested in?

Instruments and NetQoS did an on-site survey
of 117 network engineers and IT executives the other day which sheds some light.

As you might expect, virtualization is an area of interest. Survey respondents reported that 50 percent of their apps will run virtualized now increasing to 82 percent within the next two years.

In terms of WAN optimization, which is often something I hear alot of buzz on at an Interop show, respondents were split.  44 percent reported that they had no plans to implement while, 42 percent indicated that they did have plans to implement some form of WAN optimization technology.