RealTime IT News

Blog Archives

Open Source enters the mainstream (in Europe)

By Sean Kerner   |    September 29, 2008

tux.jpg
From the "how about that..." files:

A new study out from open source BIRT vendor Actuate indicates that open source adoption in Europe seem to be at a faster pace (percentage wise) than the US.

According to the study nearly 62 percent of respondants in France noted that open source is the preferred option or
explicitly considered as an option when procuring software. In Germany the number is slightly higher at nearly 64 percent.

In terms of those who are actually using open source software, Actuate's study reported that 51 percent of Germans respondents are actively using open source software in the UK the figure was reported at 43 percent, in France 42 percent and in North America it's 40 percent.

Of course Actuate has an open source bias - being an open source vendor - but still, it's interesting to note the (small) geographical differences in reported adoption of open source software.

InternetNews.com's Week in Preview podcast: Listen In!

By Sean Kerner   |    September 29, 2008

podcast.png

From the "shameless self promotion" files:

Every week, my fellow InternetNews.com editors and I get together to do a little podcast called InternetNews.com Week in Preview in which we talk about what we think will be the big stories of the coming week. It's a fun show to do and one that tends to produce some real insights too.

In this week's episode (week of Sep 29th) we talk about how Gov. Sarah Palin is affecting Internet security and also why Oracle is shaking up the storage market. Timely topics for sure - so be sure  to listen in to this week's edition of InternetNews.com Week in Preview to find out what the buzz is all about!

Firefox 3.0.3 coming next week

By Sean Kerner   |    September 26, 2008

sr-firefox3.jpg
From the "do you save your passwords in your browser?" files:

Firefox 3.0.2 just came out this week, but it's going to be replaced next week due to an unforeseen Password Manager bug.

The bug actually restricts users from accessing some of their passwords for IDN - international - domains and non ASCII characters.

"There is no permanent dataloss, the saved data is just inaccessible," Mozilla developer Mike Belztner wrote in a mailing list posting. "While this doesn't affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix for this issue."

The Password Manager in Firefox 3.x overall was a re-write from the one that was in Firefox 2.x that had experienced a few security issues. Though I know that Mozilla has gone to great lengths to secure Password Manager - I personally don't use it (I'm a little paranoid that way).

Passwords are often the weak link in security, either in terms of password length or the simple fact that they can be guessed or reset easily (look at Sarah Palin after all). I'd like to see the day when two-factor authentication is mainstream and passwords are only one line of defense and not the only one for most website based user authentication.

Will GNOME 2.24 improve the Linux desktop?

By Sean Kerner   |    September 25, 2008

gnome.png
From the "I still prefer KDE, but still..." files:

The
latest and greatest version of GNOME is now out adding a whole bunch of
new application and improving the Linux desktop experience for its
users - or does it?

Among the improvements in GNOME 2.24 that the GNOME foundation highlights on their new features
page is the integration of a new instant messaging client - Telepathy.
Frankly I don't know why they wouldn't just stick with Pidgin which is
GTK+ based anyways. There is however an improved SIP based audio/video
conferencing client (Ekiga 3.0), though again there are always other
choices (like Skype).

Then there are some file management
improvements (tabbed windows capability among them) and some new
desktop theme and sound options. No none of it is terribly exciting but
there is another component that likely is for alot of people.

GNOME 2.24 is the first release of the GNOME Mobile
development platform. GNOME Mobile brings standard desktop components
together to provide a core platform on which distributors and handheld
manufacturers can build rich programming environments.

GNOME
has become the defacto standard for many mobile Linux implementations,
though Qt (core tech behind GNOME rival KDE) is still fighting a good
fight there too.

No GNOME 2.24 is not the big shift that KDE
4.x represents but hey lots of people like and use GNOME (not me) and
the continuous process of its evolution is a good thing overall.

Google Moderator : Where's the source?

By Sean Kerner   |    September 25, 2008

googmod.gif

From the "free is great, but open is best" files:

If you ever wondered what type of application could be built on top of Google's AppEngine, Google now has given us another example. Google Moderator is a new free (as in Beer) tool that acts as an online moderator for an event in that it will take question submissions and allow for polling.

"I designed a tool in my 20% time that would allow anyone attending a
tech talk to submit a question, and then give other participants a way
to vote on whether or not that question should be asked. This way, the
most popular and relevant questions would rise to the top so that the
presenter or the moderator of an event could run the discussion more
efficiently and in a transparent manner."

It's a simple idea really, but as a free online hosted service at Google, it becomes a lot more than just a simple idea - it becomes (yet another) Google (Beta) service. A service that undoubtedly will have tremendous practical utility and one that could ultimately be part of broader collaboration offerings from Google.

So far as I can tell, Google has not released the source code for this (on Google Code at least - if I'm wrong please let me know). Polling kind of application aren't too hard to script but I suspect that there is some real Google goodness in Moderator, and I for one am keen to look under the hood to see it.

Firefox 3.0.2/2.0.0.17 fixes critical flaws

By Sean Kerner   |    September 24, 2008

sr-firefox3.jpg
From the "time to update" files:

Mozilla has issued four security advisories as part of its Firefox 3.0.2 and 2.0.0.17 updates, two of which are labelled as critical.

MFSA
2008-41
details a privilege escalation issue by way of the XPCnativeWrapper. The flaw could potentially have allowed a maliciously crafted XSLT to create/run scripts that don't get validated.

MFSA
2008-42
is an advisory that is seemingly
common with Mozilla, it's a "Crashes with evidence of memory corruption" issue. The interesting part this time around (for me at least) is that some of these crashes were reported by Apple to Mozilla. The Mozilla advisory notes that, "Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code."  Good to hear the Apple is sharing security information with Mozilla (and vice versa).

On the less critical but still interesting security side is a flaw titled "forced mouse drag." MFSA
2008-40
explained that:

Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.
The vulnerability allowed an attacker to move the content window while
the mouse was being clicked, causing an item to be dragged rather than
clicked-on. This issue could potentially be used to force a user to
download a file or perform other drag-and-drop actions.

CME taking an option on Linux

By Sean Kerner   |    September 23, 2008

tux.jpg
From the "bailout? what bailout?" files:

Though the financial services market in the US is in bailout mode this week - the CME (Chicago Mercantile Exchange) is hedging its bets -- with Linux.

CME trades in options and derivatives though I like to think of them mostly in the context of commodities. CME Group also includes NYMEX in its group and in 2007 they traded a total of $1.2 quadrillion worth of contracts - that's not small potatoes.

Seeing as this is a group used to dealing with commodities and looking into futures, they chose not place their bets on Unix and/or Windows but rather on Linux. CME is now officially joining the Linux Foundation as well.

"Our Linux Foundation membership allows us to move beyond just being users of Linux to being participants in the direction of this important technology," said Kevin Kometer, Managing Director and Chief Information Officer of CME Group in a statement. "Joining the Linux Foundation and being deeply involved in Linux will also help the exchange determine the future use of our own technology."

So if you're keeping score at home, that means that both CME and NYSE are Linux users. That's big business on a true mission critical scale. It is somewhat ironic to think of two of the biggest bastions of Western Capitalism using software born out of the ideals of Free Software.

Yet for CME and NYSE the use of Linux undoubtably has little to do with philosophy and everything to do with money. They figure they can insure their own future and save money in the present by running Linux. As well while Linux is available in Free community versions, there is little doubt that both CME and NYSE are paying vendors (in NYSE's case it's Red Hat) to support them as well. With Microsoft being a critical component of the NASDAQ, I'd be very surprised not to see Microsoft working hard to get Microsoft to be a poster child for Server 2008 and Microsoft. to show that Microsoft can compete.

Oops! Ubuntu IS gearing up for more kernel contribution

By Sean Kerner   |    September 22, 2008

ubuntulogo.png
From the "we're working on it..." files:

So Ubuntu is taking a little heat for not being the world's largest contributor to the Linux kernel.org community. BUT they are about to finally join a major effort to improve Linux kernel quality for all.
Ubuntu is on the verge of fully participating in the Kernel Oops project run by Intel's Arjan van de Ven (i've interviewed him before, great guy and an awesome project). Kernel Oops is an incredibly valuable effort that tracks 'oopses' on Linux and provides information so kernel developers can fix bugs. So far Kernel oops has been part of the default installation on Red Hat's Fedora and is available to Novell OpenSUSE users as well..it soon may beavailable by default to Ubuntu users too.

Ubuntu/Canonical CTO Matt Zimmerman noted in a blog post that he has done some work on integrating kerneloops

"The result is that kernel oopses can be captured as Apport problem reports with full detail, and semi-automatically filed as bugs, in addition to being counted on kerneloops.org's statistics," Zimmerman wrote. " I've put an initial version into Ubuntu and sent the patch to Arjan for merging upstream, and we're exploring the addition of kerneloops to our default installation to provide testing feedback to kernel developers from our users."

'What will be very interesting to see in say 6 months time, is how many reports Ubuntu users submit to Kernel Oops vs other distros. I wonder if the reports will be any different (are Ubuntu users using different configs?) and the value that those reports provide.

Without a doubt, more information is better and we should all commend Zimmerman for his efforts in trying to get Kernel Oops into Ubuntu as it will inevitably lead to a better Linux experience for all.

Ubuntu accused of not contributing enough to Linux

By Sean Kerner   |    September 22, 2008

ubuntu.png
From the "speak with action not words" files:

Leading kernel developer (and Novell employee) Greg Kroah-Hartman is not a particularly big fan of Ubuntu and its lead commercial sponsor Canonical. In fact Kroah-Hartman recently delivered a stinging keynote address (which he has now posted online) in which he layed out the contributions that Canonical has made, which in his view are much less than they should be.

"To place Canonical's contribution into perspective, that means they
did 00.10068% of all of the kernel development for the past 3 years," Kroah-Hartman claimed.

That means that Canonical ranks 79th on the list of companies that contributes to Linux and their contribution count ranks 195th over all. When ranked against other Linux distributions by contribution count Canonical came up 80th. Not quite a 'leading' voice when it comes to actual kernel.org Linux contributions.

In Kroah-Hartman's final analysis :

Canonical does not contribute to Linux plumbing.

Coming from a man as respected and as well versed in the intricacies of Linux kernel development as Kroah-Hartman, we cannot simply dismiss his accusations as being fueled by his employer (Novell). Certainly Canonical will argue different.

"There were, let's say, a few elements of it which I found objectionable," Canonical CTO Matt Zimmerman blogged.

While it is certainly true that animosity amongst Linux distribution is a proud tradition in Linux dev circles (that's why we have so many distros after all - everyone thinks they can do it better), taking specific aim at Canonical in such a public fashion has not been done before. No doubt Ubuntu has gotten more than its fair share of interest in recent years and no doubt they have built their distribution on "the shoulders of giants".

There are other avenues to contributions than just kernel.org itself and Ubuntu is definitely active in many. That said the numbers are the numbers - and if in fact Canonical is not contributing to the kernel in a robust way than I suppose it's a good thing that Kroah-Hartman has called them out publicly.

Apple's Safari faster with SquirrelFish Extreme

By Sean Kerner   |    September 19, 2008

safari.jpg
From the "how fast can you go?" files:

Google Chrome who??? Apple is upping the ante in the race for the fastest JavaScript engine with its new SquirrelFish Extreme engine. The new engine according to specs published by Apple WebKit developers show at least 2x faster than SquirrelFish (which already was lighting fast). The new SquirrelFish Extreme will compete in the new world order for JavaScript speed against Google's V8 and Mozilla's TraceMonkey.

Apple developer Maciej Stachowiak blogged that:

SquirrelFish Extreme uses more advanced techniques, including fast native code generation, to deliver even more JavaScript performance....SquirrelFish Extreme uses four different technologies to deliver much better performance than the original SquirrelFish: bytecode
optimizations, polymorphic inline caching, a lightweight "context threaded" JIT compiler, and a new regular expression engine that uses our JIT infrastructure.

From where I sit, the SquirrelFish Extreme approach sounds different than what either Google or Mozilla are doing - though perhaps they can be complementary (moreso for Google). Bottom line is a massive spead increase that will make WebKit (and Safari) particularly fast and that means a faster iPhone too (which uses Safari).

It's a marvelous thing to see such a race for the fastest JavaScript engine, it's something that has been a long time coming. I'm not entirely certain that JavaScript is to blame for every browser's speed issues - but no doubt faster engines are a good thing for all.

Cisco buys open source messaging firm Jabber

By Sean Kerner   |    September 19, 2008

cisco.gif
From the "AYBABTU" files:

Cisco is buying Jabber, the lead commercial vendor behind the popular open source XMPP (aka Jabber) protocol. Jabber is used by millions worldwide (including me) and XMPP is the basis of Google's Chat as well.�� Financial terms of the deal have not yet been publicly disclosed.

"Enterprise organizations want an extensible presence and messaging
platform that can integrate with business process applications and
easily adapt to their changing needs," said Doug Dennerline, Cisco
senior vice president, Collaboration Software Group in a statement. "With the
acquisition of Jabber, we will be able to extend the reach of our
current instant messaging service and expand the capabilities of our
collaboration platform. Our intention is to be the interoperability
benchmark in the collaboration space."

With WebEx, PostPath, the world's largest networking footprint and a 65,000 member strong employee base Cisco will undoubtabely make Jabber even more popular that it is today in my opinion. Cisco is no stranger to open source either, being a strong contributer to Linux, so there is no reason whatsoever to suspect that Jabber Inc's relationship and interoperability with the Jabber open source codebase will in any way be negatively impacted by Cisco either.

Hacking Sarah Palin: Lessons for the naive

By Sean Kerner   |    September 19, 2008

palin.jpg
From the "use common sense" files:

So as we all know Alaska Gov and VP candidate Sarah Palin's Yahoo! email was hacked. The attack vector used by the hacker (allegedly the son of a Tennessee state rep) was the password reset feature on Yahoo. It could have happened to any Yahoo user - or could it?

Technically speaking this is not a software vulnerability, but rather a logic flaw - but who is to blame and what can you do to protect yourself from similarly being compromised?

The basis of password resets is that you've lost your password and need to reset, which is a valid concern. First off there should always be a primary email address that needs to get the password reset (but what if Yahoo mail is primary then right?). For the cases where a primary doesn't exist and the challenge/responce method is used here's a simple rule of thumb.

USE QUESTIONS THAT NO ONE ELSE ON EARTH KNOWS.

Palin's account was allegedly breached because the challenge/responce asked questions for which the answers were all public knowledge. Surely this is a bit of naivete on the part of Palin. As a public figure with potentially confidential government information she should not be using a public email system that doesn't have some form of strong two-factor authentication either.

So did Palin - deserve - to be hacked? Of course not, no one does (except if you're at Defcon), but Palin and all web users should employ common sense for their challenge/response answers for password - and if you're a public figure - just don't do it at all since your life is bound to be an open book.

Interop: Why CEOs should be more like hackers

By Sean Kerner   |    September 18, 2008

NEW YORK. In a session on compliance at Interop i just heard something that really resonated with me - CEOs should be more like hackers (in terms of security awareness).

In a session on security compliance software

Jim
Routh
, Chief Information Security Officer, Depository Trust Clearing
Corporation noted that CEO's and hackers have a lot in common because they both should ask the
same questions.

1) What are the most important assets in a company.
2) Where are those assets?
3) What are the value of those assets?
4) Where are the vulnerabilities in the system to get at those assets?

Makes good sense to me...

Interop: Is anti-malware endpoint security?

By Sean Kerner   |    September 17, 2008

NEW YORK. Gotta love the New York IT crowd. In a session at Interop on Endpoint security a member of the audience accosted the panel made up of experts from McAfee, Sophos and Symantec arguing that none of them actually do endpoint security.

"I don't understand why you are all on this panel," the audience member asked. "A lot of the stuff you're talking about strikes me as not being end point security. You're just talking about anti-malware."

To be fair McAfee, Sophos and Symantec all do more than just anti-malware now but still, it's always interesting to see what people think and where perceptions are at.

Interop: Novell CEO the future of IT is open source

By Sean Kerner   |    September 17, 2008

NEW YORK. Novell CEO Ron Hovsepian took the stage at Interop this morning and boldly told the capacity crowd that open source is for them. The gist of Hovsepian's talk was about making IT work as one, whether
virtual, physical, Linux or Windows. It was a very high level talk
sparse on details but he did take the time to promote his vision of
open source and standards.

"To us the future of IT is based on open source and open standards
and it will be a mix of those pieces," Hovsepian said.

He added that for Novell both open source and standards are important with standards being critical because they allow for tfor software to interact on a set of
rules that are agreed to ahead of time.

"The best solutions will be a
combination of open source and open standards, "Hovsepian said.
"We're going to be a big proponent of community based innovation and we invite all of you to think about it for
your organization."

Interop: Cisco VP on the reality of virtualization

By Sean Kerner   |    September 17, 2008

cisco.gif
From the "so that's what virtualization does.." files

NEW YORK. Cisco VP Marie Hattar came to Interop this morning preaching the benefits of Virtualization, But first she started with a discussion of what Virtualization actually is and as it turns out it means alot of different things.

"Virtualization is a chameleon concept one common denominator
it's about breaking the bond with physical reality so you can do more," Hattar said.

Hattar noted that Cisco itself has recognized real benefit from virtualizing its data center. For example they are now  getting 68 percent storage utilization up from only 20 percent in a purely physical environment..

"That's why virtualization is exciting because the benefits are so significant."

Firefox 3.0.2 coming next week fixing EULA

By Sean Kerner   |    September 17, 2008

sr-firefox3.jpg
From the "we hear you" files:

As I reported yesterday, Mozilla has admitted that the Firefox EULA was flawed so it will be taken out for the upcoming Firefox 3.0.2 and 2.0.0.17 releases. **UPDATED**

The Firefox 3.0.2 and 2.0.0.17 releases have been pushed back by a week according to Mozilla's Mike Beltzner, with the EULA issue being one of three additional bugs that have been fixed. The plan is to ship the new browsers next week. **UPDATED** Mike Beltzner just left me a comment on the EULA fix issue.

The EULA bug in the Firefox 3.0.2 respin is actually unrelated to the issue with Ubuntu; it's about ensuring that if someone compiles the unbranded version of the browser no EULA is shown.

So, it's not quite the EULA 'fix', I had thought at first but still... I know that Mozilla is working on EULA 'stuff' overall and that's a good thing right?.

Google Chrome for Linux?

By Sean Kerner   |    September 16, 2008

googlechromologo.jpg
From the "when, When, WHEN!?" files:

As a person that uses Linux as their primary desktop, I've been itching to get Google Chrome on my day-to-day Linux machine for the last two weeks.

Apparently there is now an option - though it's not from Google and it's the anti-thesis of how Linux apps should be built. CodeWeavers which is the lead commercial sponsor behind WINE (WINE is not a Windows Emulator) has created a Chrome for Linux using a combination of the open source code and the WINE libraries. They call it CrossOver Chromium.

In a nutshell - it's basically making a Windows app run on Linux. It's not a native app and it's not for everyday use. In CodeWeaver's FAQ on why they built CrossOver Chromium they state:

Q.
Why Did CodeWeavers Develop CrossOver Chromium?
A.
CrossOver Chromium is a technology proof of concept to demonstrate
Wine's capabilities for rapidly migrating Windows software to new
marketplaces,such as Linux and Mac.

For the record, I can also use WINE to run Microsoft's Internet Explorer on Linux too - does that mean it's an IE for Linux?

Let's be blunt here. Google should have built Chromium using GTK+, Qt or some other cross platform graphics library. I don't know what the performance impact might have been (maybe it would have made Chrome slower) but considering that Qt now fully supports WebKit (a Trolltech Qt engineer is the guy that started the KHTML project after all) I'm not sure why they didn't go that route.

Interop NYC 2008: Bright lights, big networking

By Sean Kerner   |    September 16, 2008

interop.jpg

From the "it's all about the network" files:

Interop NYC 2008 gets underway this week with vendors big and small showing off and talking up their networking wares. Today is NAC day where it'll be information overload on network access control and by extension network security. Wednesday is the big keynote day with IBM, Novell, RIM and Cisco headlining - each outling their vision of where the networking world is going.

Of the keynoters I've seen two of them before - Cisco's Marie Hattar whom I spoke with back at Interop Las Vegas in May. Hattar is an engaging person and I fully expect that her keynote will better than the last time a Cisco person delivered a keynote at an Interop show

Then there is Novell's CEO Ron Hovsepian - last time I saw him was at LinuxWorld in 2007. While I tend to cover Novell mostly for its Linux content, Novell of course has a broader business and recently rolled out new virtualization and network admission/policy solutions which will likely make up alot of Hovspian's address. Whether or not he decides to use the Interop platform as a vehicle to push Linux (and maybe even open source?) remains to be seen.

Then there are the panel sessions - for which Interop NYC is legendary. In my line of work I get to talk to competing vendors all the time, but it's at Interop NYC typically where I'll see vendors that sometimes really dislike each sharing a panel openly dis-agreeing about big networking trends and concepts. Of course, the New York audience has never been shy about voicing their objections to vendor claims either. All in all it should be a fine time for big networking in the big apple..

Firefox EULA causes Ubuntu Linux concerns

By Sean Kerner   |    September 15, 2008

ubuntulogo.png
From the "read the licences or go away" files:

While Mozilla's Firefox is an open source technology, the term Firefox itself is a trademarked term (by Mozilla).

As such for every version of Mozilla Firefox in binary form that is available to end-users (Windows, Mac, Linux) there is a EULA (end user license agreement) that outlines the terms. This is a seperate issue that open source code and unfortunately it's one that Ubuntu users (as opposed to every other Linux distribution) seem to be opposed too.

Mark Shuttleworth - leader of Ubuntu has publicly posted that the Mozilla EULA should stay though he's opposed to the idea of the EULA in general.

"I think it's perfectly reasonable for Mozilla to have requirements
and guidelines for the use of their trademark - we have the same for
Ubuntu, and many other free software projects do the same. I would in
fact consider it a best practice to have a good brand on a free
software project, which means having trademark guidelines," Shuttleworth wrote. "That said, I would not consider an EULA as a best practice. It's
unfortunate that Mozilla feels this is absolutely necessary, but they
do, and none of us are in a position to be experts about the legal
constraints which Mozilla feels apply to them"

Frankly I'm confused by Shuttleworth's statements. He considers EULA's best pracitice when it serves Ubuntu's needs but then when it comes to Mozilla (in the same statement too..) he no longer consider it a best practice.
**UPDATED** Readers have correctly pointed out that Ubuntu does not have a formal EULA in the way that Mozilla does for Firefox.

From a practical point of view as an end-user - it doesn't really matter. The user gets to use the browser. For licensing zealots, there is always a choice you can use an unbranded version of Firefox (IceWeasel).

**UPDATED** I spoke with Mitchell Baker of Mozilla last night - read the full story on the main site.

Firefox 3.1 private mode following IE, Safari & Chrome

By Sean Kerner   |    September 12, 2008

sr-firefox3.jpg
From the "privacy is an illusion" files:

Firefox 3.1 will be getting the so-called private mode (aka Porn mode). Mozilla competitors, Microsoft IE 8, Apple Safari and even Google Chrome already all have private mode - which is a browser window that will not store history or cookie beyond the session in which the window is open.

Private Browsing mode was originally part of the design spec for Firefox 3. While it may seem like Firefox in some way is playing catch-up to its competitors (because it is) - frankly Private Browsing mode altogether really is a misnomer in my opinion.

The reality is that no private browsing mode on any of the major browsers can actually stop a gateway or network admin from tracking visited URLs from users within a network. Web sites will still know who you are (via IP and cookie though they are temporary). All it really does is give the user an illusion of privacy because the session information isn't retained locally.

Of course you could always just delete cookies and history after every session - but I suppose suspicious spouses could have asked their partners -' Why did you delete the history?'

Firefox 3.1 is still in its Alpha 2 release with a Beta expected within the next few weeks.

Ubuntu's Shuttleworth ramps up to take on Apple

By Sean Kerner   |    September 11, 2008

ubuntulogo.png
From the "we're not leaches" files:

For years there have been those that have accused Ubuntu of not contributing enough to the upstream development of Linux. Mark Shuttleworth founder and leader of Ubuntu is tired of the criticism and is now putting more of his money and resources into upstream development - in the process he's aiming to fulfill the promise he made in August of making the Linux desktop more 'beautiful' than Apple.

"Increasingly, though, Canonical is in a position to drive real change in the software that is part of Ubuntu," Shuttleworth wrote in a blog post. "So we are also hiring a team who will work on X, OpenGL, Gtk, Qt, GNOME
and KDE, with a view to doing some of the heavy lifting required to
turn those desktop experience ideas into reality."

This is a good thing. Open Source needs more upstream contributions and it needs the resources that Shuttleworth can throw against it. The idea that simply being users and working on integration and the rough edges as Ubuntu has done so well to date - isn't enough. Innovation can be driven top down too and not always bottom up.

The Linux desktop is not a 'mad crusade' as Shuttleworth noted back at OSCON and its the stroke of sane genius to hire, influence and develop upstream.

OSCON leaving Oregon and moving to the Bay

By Sean Kerner   |    September 11, 2008

oscon10.jpg

After 10 years in Portland, Oregon, OSCON - O'Reilly's Open Source Conference is moving in 2009 to the San Franciso Bay area. I was just at OSCON this past August in Portland and it's somewhat sad to think that it was the last OSCON to be held in Portland.

Then again San Franciso is a bigger market and though it hasn't yet been publicly announced there is widespread speculation among the people that I talk too that IDG's LinuxWorld Conference is not coming back in 2009. So it makes sense for OSCON - which is not a dead show and is extremely vibrant - should come into SF and try and take up the mantle that LinuxWorld will likely be abandoning.

In an interview on the Oregonian an O'Reilly spokesperson notes that travel and the bigger SF market are some of the other reasons for moving.

The creator of Linux - Linus Torvalds lives and works in the Portland area, though Torvalds has not been seen at an OSCON event in years.

Large Hadron Collider - powered by Linux

By Sean Kerner   |    September 10, 2008

cernlogo.jpg
From the "tearing the fabric of space-time" files:

The most powerful physics project in the history of the known universe - The $10 Billion Large Hadron Collider (LHC)- shot its first light speed beam this morning around its 27 km circuit. Beyond the 20 years it took to build and half of all the world's astrophysicists, it also takes another key ingredient to make LHC work -- Linux.

CERN which is the organization that runs the LHC project is using something called CernVM which is is custom Linux distribution. According to VMware, CernVM runs inside of VMware virtual machines that include PC and Macs across a grid that encompases the power of approximately 40,000 CPUs and some 15 petabytes of data a year.

CERN itself is no stranger to Linux and is one of the lead backers of the Scientific Linux distribution, which is a recompiled version of Red Hat Enterprise Linux.

**UPDATED** Got a comment (listed below) from a commenter with an IP within CERN that writes,".. the primary configuration for machines in the LHC computing grid (http://lcg.web.cern.ch/LCG/) is based on Scientific Linux distribution running directly on the hardware. This grid is used to receive and distribute the 15PB of data across the 100,000s of CPUs across the world" **

Considering that the LHC, according to some, could be powerful enough to destroy the Earth, create a blackhole or rip a hole in the fabric of space itself, it is somewhat re-assuring that at least some of the key software behind it is not at risk from the blue screen of death.

Ubuntu 9.04: Jaunty Jackalope

By Sean Kerner   |    September 09, 2008

ubuntulogo.png
From the "where do they come up with those names" files:

Ever heard of a Jaunty Jackalope? Well now you have and you'll be hearing more in the months to come as Jaunty Jackalope is the code name for Ubuntu Linux 9.04 set for release in April of 2009.

"The Warrior Rabbit is our talisman as we move into a year where we can reasonably expect Ubuntu to ship on several million devices, to consumers who can reasonably expect the software experience to be comparable to those of the traditional big OSV's - Microsoft and Apple," Ubuntu head honcho Mark Shuttleworth said in a mailing list posting.

Shuttleworth is already laying out his vision for what the Jackalope will be all about and speed, particularly boot times is a big part of it. He's also trying to continue to do his part to blur the lines between web and desktop services. Perhaps more interesting from a development point of view is the fact that Shuttleworth is aiming to have all Jackalope development done in Ubuntu's Bazaar (BZR) code versioning system which might finally actually mean that Ubuntu development will truly be open to a wide audience.

Though Shuttleworth is keen on the Jackalope - he's got another major release first coming next month.  Ubuntu 8.10, codenamed Intrepid Ibex should be out in October.

Google updates Chrome

By Sean Kerner   |    September 08, 2008

google.chrome.update.gif

The first official Chrome update is out, but don't look for release notes from Google - there aren't any.

Though Google Chrome has generated plenty of buzz, millions of downloads and has been an internal work in progress for at least the past two years, apparently Google doesn't yet have its release engineering process up to snuff.

"We're working on the change list for the current version of Google 
Chrome -- 149.29," Mark Larson Google Chrome Program Manager wrote in a mailing list posting. "The delay is not really excusable, and I hope we'll 
fix our release process so this doesn't happen again."

To be fair though, Google had to release the 149.29 release faster than they likely would have wanted. Since last Tuesday a number of researchers have alleged vulnerabilities in Google Chrome that potentially could have left users at risk. Google is making the right decision and moving to protect users first.

"149.29 is a security update and we released it as fast as we could. We would've liked more time to prepare things, but some of the vulnerabilities were made public without giving us a chance to respond, update, and protect our users first," Larson wrote in a mailing list posting. "Thanks for being patient as we work out the kinks in all of our processes."

The harder issue though at this early stage - for me personally at least - is the versioning of Chrome. Instead of calling it a 1.0 alpha (or beta) we've got long version numbers like 2.149.X which will undoubtedly be confusing in the long term.

Mozilla rolls out Firefox 3.1 Alpha 2

By Sean Kerner   |    September 08, 2008

sr-firefox3.jpg
From the "under construction" files:

Mozilla developers have pushed out their latest milestone build for Firefox 3.1 with the alpha 2 release. Surprisingly though, this latest build does not yet include the faster Tracemonkey JavaScript engine which Mozilla developers are claiming is faster than Google Chrome's V8.  Tracemonkey is however in the nightly builds of Firefox 3.1 and there are instructions for those that want to play around with it.

For me in my narrow world view - Tracemonkey is a defining feature of Firefox 3.1 and will be criticial to Mozilla's positioning versus Google Chrome (and other browsers) in the newly re-invigorated browser wars.

That said, Firefox 3.1 Alpha 2 has made some other interesting improvements, among them is the ability to drag and drop tabs between browser windows (and yes I know - Chrome does this too). There is also support for the HTML 5 <video> tag which one day will make embedding video a whole lot easier than it is now.

The other interesting item is somthing called Web Worker threads - which is supposed to be an approach to moving compute intensive threads to a background process. It's an interesting idea and offers the intriguing prospect of limiting the impact of JavaScript on page performance.

Clearly there is alot more work for Firefox 3.1 to come, but the latest alpha is still the next step over Alpha 1 which came out back in July.

As to when Firefox 3.1 will actually be ready for prime time - that's an open question that Mozilla's schedule is still leaving open.

Big quarter for IP router vendors

By Sean Kerner   |    September 05, 2008

cisco.gif
From the "big $$$" files:

The continued growth of the Internet and demand for more access and speed are fueling big numbers in IP routers. The latest Infonetics Research report on Service Provider Routers and Switches is reporting that Worldwide service provider core and edge IP router revenue hit $2.6 billion in 2Q08.

According to Infonetics, manufacturer revenues are up by 40 percent on a year over basis over 2Q07 and 17 percent on a  sequential quarter-over-quarter basis.

Infonetics specifically pointed out Cisco's gains clocking in at, "...a 15 percent  gain in combined IP edge and core
router revenue, giving them over half the worldwide market, a position
they've maintained since 2005, despite growing competition
."

Cisco rivals Juniper and Alcatel-Lucent also posted what Infonetics referred to as respectable single digit revenue gains. All in all the outlook offered by Infonetics seems to point to continued growth for the remainder of the year though economic concerns could put a damper on things.

"Since the upturn in 2003 from the great telecom downturn, IP router
revenue has grown 20 percent to over 30 percent each year, and we expect the trend to
continue in 2008," Michael Howard,
principal analyst and co-founder of Infonetics.
said in a statement. "The 2 big drivers for continued growth are expanding
traffic and IP transformation projects, with traffic the stronger factor."

Google Chrome Internets Easter egg

By Sean Kerner   |    September 04, 2008

about.internets.gif
From the "someone was having fun" files:

The first Google Chrome Easter Egg has been discovered. Type in about:internets into the omnibox and you'll get your own view of the tubes themselves...

I still like Firefox 3's Easter Egg too (type about:robots).

On a more serious not, there are a bunch of about: commands in Chrome that (like Firefox) provide additional details for technical users.

Among them is the  about:histograms, stats, crash, memory and version options. Try 'em out for yourself no doubt there are a few other 'goodies' under the hood that have yet to be discovered.

Red Hat's $107 million virtualization gambit

By Sean Kerner   |    September 04, 2008

redhat.quamranet.gif
From the 'we love Xen - sorta' files:

Red Hat is buying KVM vendor Qumranet for $107 million. It's a big move but I'm not surprised and neither should anyone else.

I've been following and using the open source virtualization Xen project for years. Red Hat of course has been supporting Xen for years too.

But now Red Hat is taking aim at every other virtualization vendor - be it Citrix, VMware or Microsoft - with this buy. The argument is simple: The OS is critical and the OS is what Red Hat is all about.

"You may not know this
but most virtualization solutions today use components developed by Red Hat for
their critical functions," Red Hat CTO Brian Stevens said on a conference call. "These competitors are highly dependent on Red Hat for feature development
and hardware enablement  - no one is better equipped to carry open source
leadership forward."

It's all about being a bare metal hypervisor - which is what KVM (developed by Qumranet) is all about. Bare metal means it is part of Linux as opposed to running on top of Linux and the promise is that of greater control, speed and security.

Red Hat argues that neither Citrix nor VMware can compete at the same level. The only one that can compete is Microsoft, since they too control their own OS. It's an interesting technical argument and one that no doubt Citrix and VMware will retort with public statements and bravado. Stevens however holds the higher technical ground and ultimately the market itself will prove whose message and technology will reign supreme.

So why am I not surprised?

Well Red Hat always wants to leverage its core assets - namely it's Linux operating system. Red Hat also always wants to be in a leadership role. Ever since Citrix acquired XenSource, I don't think that Red Hat had the control they wanted. But even more fundamentally it's always about being faster and trying to innovate. KVM is innovative and represents a new direction for virtualization.

Google Chrome NOT at risk from Carpet Bombing flaw

By Sean Kerner   |    September 03, 2008

googlechromologo.jpg
From the "if you click on a bad link bad things happen" files:

I just got contacted by a PR firm that wanted to talk to me about the new Google Chrome carpet bombing flaw. Only problem is, the flaw isn't what I would call a flaw (but that's not stopping other pubs from reporting on this flaw).

Long story short is that security researcher Aviv Raff blogged that Chrome is at risk from the Carpet bombing flaw he first reported on Apple Safari. Raff has posted a Proof of Concept (nice move dude) which looks to my naked eye to prove conclusively that Chrome users don't need to uninstall their shiny new browser.

I've posted a screen shot from my own test below. Notice how Raff even has some Google AdSense ads at the top of his exploit page (isn't that a definition of Chutzpah?).

Yes the page can trigger a dialog box to open, but notice two important things. First is that the Google Chrome user still actually has to save the file. Secondly the file is clearly identified as an executable (and yes I know file types can be spoofed...).

google.carpetbomb.gif

So the flaw - is that if you click on a bad link and then get a pop up window asking you to download something and you actually click 'Save' - well you might have a problem.

Same can be said for any other web browser or email program though can't it? Click on bad links, save bad stuff and bad things will happen.

Yes - it's great that Raff and others are looking at security on Google Chrome and I really do applaud him for trying, he does try to make a real solid case for issues in Chrome.

 No doubt there are security issues that will be found that will need to be fixed. That said the common sense of safe browsing should still be common practice, regardless of what browser the user is running.

Mozilla Firefox strikes back at Google Chrome claims

By Sean Kerner   |    September 03, 2008

googlechromologo.jpg
From the 'we're faster than you' files:

One of the big claims for Google's Chrome browser is speed, particularly JavaScript speed. Mozilla however is now putting up its own test numbers comparing Chrome and its V8 JavaScript engine against the new Firefox Tracemonkey engine. Guess who Mozilla says is faster?

Brendan Eich, Mozilla CTO and the dude that invented JavaScript itself has posted a set of benchmarks that shows Tracemonkey to be between 1.28x and 1.19x faster that Google V8 running the overall SunSpider JavaScript benchmarking test.

Digging deeper Eich notes in his post that:

We win on the bit-banging, string, and regular expression benchmarks.
We are around 4x faster at the SunSpider micro-benchmarks than V8...This graph does show V8 cleaning our clock on a couple of
recursion-heavy tests. We have a plan, to trace recursion (not just
tail recursion). We simply haven't had enough hours in the day to get
to it, but it's "next". 

Mozilla develloper John Resig expands on Eich's benchmarks and argues that the tests that Google Chrome developers are using to prove its speed do not simulate real world performance issues.

"We can see Chrome decimating that other browsers on these tests," Resig wrote. "It's debatable as to how representative these tests are of real browser performance, considering the hyper-specific focus on minute features within JavaScript."

Though pundits may have been quick to proclaim Mozilla the loser, thanks to Google Chrome and its V8 engine, Eich retorted that Mozilla is far from dead.

What spectators have to realize is that this contest is not a playoff
where each contending VM is eliminated at any given hype-event point...Anyway, we're very much in the game and moving fast -- "reports of our death are greatly exaggerated."

Game on!

Debian Lenny to be followed by Squeeze

By Sean Kerner   |    September 03, 2008

debianlogo.png
From the "at least the names aren't as strange as Ubuntu's" files:

The Debian GNU/Linux distribution is nearly the final release of its Debian Lenny distribution. Debian Lenny is the replacement for Etch which came out in April of 2007.

Where does Debian gets its names from? It's all about the Toys - Toy Story toys that is.

Debian names its distros after toys from the Pixar film (previous releases include Sarge, Woody, Potato, slink, hamm, bo, rex and buzz). So who is still left?


How bout Squeeze?

Don't remember Squeeze? That's the three eyed aliens from inside the Pizza Planet game (with the claw that grabs them).

With a new found momentum coming from the upcoming Lenny release it will be interesting to see if Debian can keep it up for Squeeze.

My first 2 hours with Google Chrome

By Sean Kerner   |    September 02, 2008

google.chrome.master.gif
I've been a Google Chrome user for nearly two hours now and am likely to be a user for many more hours to come.
There are a few problems though. First off there is no Linux version of Chrome currently (so it's either Windows or VMware on LInux...). There is also no obvious ability in the version that I downloaded to import bookmarks and preferences from Mozilla Firefox, all I saw was a dialog box for Internet Explorer. **UPDATED** For whatever reason on my install I wasn't prompted for the Firefox migration, but it is there**
But the thing that matters most to me, that is a browser that just works, is a promise that Chrome delivers. As my first and obvious test case i loaded up the InternetNews.com site which has more than it's fair share of JavaScript on it. As opposed to IE 8 which had difficulty with the page, Chrome worked flawlessly. In fact, the whole download and install process took less than 4 minutes for me on a test WindowsXP SP3 PC. This blog post is actually being written inside of a Chrome tab too.
It is somewhat disconcerting at first glance to have such a minimalist interface. But then again Google Search itself seemed minimalist in comparison to the bloat that was (and still is) the Yahoo! portal that Google originally powered.
incognito.gif
The 'Incongnito' Window (aka private browsing or Porn mode) by default opens up as a new browser window, as opposed to a new tab inside of the current window.
The ability to hide history/cookies is a neat one but it doesn't obscure your history/cookie or your IP from the web sites that you visit. So it's not quite as Incognito as say running Tor (or Vidalia) and then clearly your cache but hey it's a start.
taskman.gif
The built-in Task manager feature (left) is also kinda neat showing exactly how much memory/cpu each tab is taking. 
We've all seen our favorite browsers spinning endlessly at one point or another, but we've never actually been able to pinpoint (within the browser) the specific culprit.
This is one feature that I'm already totally addicted too (yes i'm a stats nerd).
Talking about 'interesting' features, Chrome also has an interesting 'View Source' function that opens up the source inside of a separate tab in the browser (instead of a seperate window).Unfortunately I have yet to find a Page Info button that provides the granular detail that Mozilla Firefox 3 provides showing Links/Media usage on any given page. It's a must have feature that I hope Google will include in future versions of Chrome. **UPDATED* Though Chrome doesn't have a Page Info button it does have something called 'Inspect Element' which is a lot more developer focused (but very useful).**
So my initial 120 minute impression of Google Chrome? Impressive, but there is still work that needs to be done.

Google Chrome's Pinocchio feature

By Sean Kerner   |    September 02, 2008

googlechromologo.jpg
Why
did Google build Chrome? Call it the Pinocchio syndrome. You see Google
just wants its web apps to feel like web apps - just like Pinocchio
just wanted to be a 'real' boy.

That's what Google's goal is with Chrome. In a webcast session at the Googleplex
Ben Goodger (yes that Ben Goodger the former bigshot at Mozilla) noted
that Google thought long and hard about making a User Interface that
makes the browser better for applications - things like email and
calendar.

 "What we realized is some of the user interface not relevant," Goodger said.

Forward and back buttons as well as reload buttons
for example are things not needed for many web based applications. So
Google Chrome has an App view window which strip out the browser
elements not needed.

To me that seems like a replica (as a concept) of Mozilla's Prizm.

Google however isn't intent on making Chrome THE platform for running Google Apps, at least that the official responce from Google co-founder Sergey Brin.

"We think with Chrome they {Apps} will bridge that divide so you'll be able to do more online," Brin said. "Also expect that
Chrome - just an initial beta now  - but this is just step one - we think that we
and the open source community can evolve it to be even more robust and powerful for
the web."

Real boy indeed.

Alcatel-Lucent gets new Chairman and new CEO

By Sean Kerner   |    September 02, 2008

alcatel.jpg
From the "everyone is replaceable" files"

Barely a month after reporting poor results and announcing the departure of both its CEO and Chairman of the Board, Alcatel-Lucent today announced new executive leadership.

Philippe
Camus will become Chairman and Ben Verwaayen is being appointed as the company's chief executive
officer.

Verwaayen replaces current CEO Pat Russo who had announced at the end of July that she would step down as soon as a replacement was found. Russo noted  back in July that it was time for Alcatel-Lucent to move beyond the merger phase which is why she was moving on. Verwaayen is no stranger to Lucent and was once the vice-chairman of the management board of Lucent
Technologies in the US. Most recently Verwaayen was the CEO of BT from February 2002 to
June 1, 2008.

Camus  was formerly the Co-CEO at European Aeronautic Defense and Space
Company (EADS).

Alcatel-Lucent has struggled since its 2006 merger and in its most recent financial results reported a  Net Loss of $1.73 billion.

Google finally releases its own open source browser

By Sean Kerner   |    September 02, 2008

googlechromologo.jpg

From the "what took you so long?" files:

Google is taking the wraps off its Chrome open source web browser today in a new attempt to help redefine the web.  For years Google has backed the open source Mozilla Firefox effort and is (arguably) Mozilla's principal source of revenue.

The term 'Chrome' is not a new one in the browser world either - in fact 'Chrome' is the core UI layer in Mozilla. Chrome is the core of Mozilla and now Chrome is Google's Browser - go figure.

The general idea behind Chrome is a user friendly simplified/quick web browser and it will undoubtedly steal share from Mozilla as well as Apple Safari and Microsoft's Internet Explorer.

Mozilla CEO John Lilly however doesn't seem too worried (though he should be)

"It should come as no real surprise that Google has done something here - their business is
the web, and they've got clear opinions on how things should be, and
smart people thinking about how to make things better," Lilly blogged. "Chrome will be a
browser optimized for the things that they see as important, and it'll
be interesting to see how it evolves.
"

Interesting indeed.

Google Chrome from what I can tell at this early juncture focusses on the stuff that all sane and rational people should see as important - namely security and speed.

The new V8 JavaScript engine is Google's attempt to best Apple and Mozilla's efforts at making JavaScript faster and more efficient. The Sandboxing approach is also something that improves dramatically on what other vendors currently offer.

In the comic that Google is using to explain Chrome, Google notes that, "...with Sandboxing, our goal is to prevent malware from
installing itself on your computer or using what happens in one tab to affect
what happens in another...something bad could be running in one tab but as soon as
it's closed it's gone
."

That truly is an astounding feature if it works. Think about it, all Cross Site Scripting and Cross Site Request Forgery type attacks rely on pulling from one tab into another. With the fully sandboxed approach XSS and CSRF could be history.

Google admits that plugins could still be a risk - but meanwhile they have a huge surface area reduction in vulnerability.

The UI itself also take an approach that literally inverts that model that all modern browsers have for tabs, with tabs at the bottom of the nav bar. With Chrome the Tabs are on the top.

Then there is the OmniBox - which is Google's version of the Firefox Awesome bar (the main nav bar). But OmniBox promises to be more awesome and the segregation of tabs in the UI will make a mountain of difference.

Most of what Google Chrome is doing just makes a lot of sense and frankly I think that's the way it should have been all along. What Google is doing with Chrome is rethinking the browser and taking the best bits from others.

Though Mozilla's John Lilly currently claims he's not worried - he likely should be. Google's Chrome could well turn on to be the biggest threat to  Mozilla and Microsoft yet.