RealTime IT News

Blog Archives

Mozilla Fennec Alpha 2 out for mobile browsing

By Sean Kerner   |    December 23, 2008

fennec.jpg
From the 'it's all about performance' files:

Mozilla is continuing its development of a mobile browser with the Fennec Alpha 2 release today. The Alpha 2 release follows the first Fennec Alpha by just a little over two months. The big difference with Alpha 2 according to Mozilla is speed.

"While we focused much of the previous alpha on getting the user experience how we wanted, we've spent much of the time since focused on improving performance.Fennec Engineering Manager Stuart Parmenter blogged."We've made major strides improving startup performance, panning and zooming performance, and responsiveness while pages are loading."

For a mobile browser - moreso than even a desktop user arguably responsiveness is absolutely key. How long do you wait for email to load on your Blackberry? That same kind of instant responce must also be what browsers offer.

Lots more to be done by the Mozilla Fennec devs to be sure, and Alpha 2 is definitely a solid step in the right direction.

Free users WILL pay for Linux (ask Red Hat)

By Sean Kerner   |    December 23, 2008

tux.jpg
From the 'even Free has a price' files:

Red Hat is reporting an increase in revenues and income for the third quarter of its fiscal 2009 year.

The most interesting part of the Red Hat numbers (for me at least) was the disclosure by CEO Jim Whitehurst that one of the top 25 deals closed by Red Hat during the quarter was one where the user moved from a Free version of Linux to a paid Red Hat Enterprise Linux subscription. Whitehurst pegged the deal at "6 figures" for a single year - so that means $100,000 plus.

"This was not a compliance-related initiative," Whitehurst said. "This
was purely a getting the customer to understand the value of a paid
subscription."

Certainly there are more Free users of Linux than there are paying users of Linux - for example Red Hat claims 2.5 million subscriptions for RHEL, while Fedora claims 9.5 million or so users. The fact that Red Hat was able to convert an enterprise from using Free Linux to Paid Linux at a cost of $100,000 or more is an amazing proof point for Red Hat.

I've commonly heard of people saying to me - 'Why would you pay for it when you can get it for free?' - The argument is of course flawed in that even as a Paid user of Linux, Linux itself is still Free. The user isn't paying for the bits, the user is paying for the support and service.

The opportunity for Red Hat and other enterprise Linux players is enormous. If in fact the vendors can convert the masses of unpaid users to paid subscription users there is a lot of money to be made. Certainly not everyone needs to pay for support, it really only makes sense when an enterprise is at a certain scale and the cost efficiencies make sense. Still, Red Hat has proven (yet again) that you can give away an operating system for Free and still make money.

I'm Linux video - Better than I'm a Mac, you're a PC?

By Sean Kerner   |    December 22, 2008

tux.jpg
From the "what would John Hodgman say" files:
For the most part, Linux has always lacked good marketing (except perhaps for some great stuff from IBM a few years ago..). The gold standard in operating system ads now seems to be the I'm a MAC you're a PC ads - and so the Linux Foundation is now kicking off an effort to 'mimic them' for Linux.
According to a blog post from the Linux Foundation:

While the Linux Foundation would love to spend millions promoting Linux on TV, it's simply not our style (or in our budget). Even more importantly, Linux isn't a top-down, commercially controlled operating system. It's a grassroots product of mass collaboration. That's why we're sponsoring a community contest to create a Linux video that showcases just what Linux means to those who use it, and hopefully inspires many to try it.


Certainly this is a good idea for Linux and one that could unleash a torrent of creativity. Creating a copycat I'm a Linux campaign is both good and bad - bad in that it's a copy (as opposed to being unique), good in that it's a copy of a campaign that's well known.


The open source community itself has other examples of community driven video campaigns - my favorite to this day remains the Mozilla Firefox effort of a few years back to get Firefox. Just for a good Monday laugh I've embedded my fav spot from that effort below. Let's hope the new Linux effort produces something as memorable.

Missing Mozilla Firefox flaw revealed in 2.0.0.20 release

By Sean Kerner   |    December 19, 2008

sr-firefox3.jpg
From the "did you guess that?" files:
Mozilla has revealed the 'mysterious' clerical error missing flaw that it omitted from the Firefox 2.0.0.19 release earlier this week. It's the Cross-domain data theft via script redirect error message dealt with in Mozilla Foundation Security Advisory 2008-65
This is a "High" impact vulnerability that if exploited could potentially have been used by a malicious website to steal private data from users who are authenticated on the redirected website.  The attack would have needed a same-domain JavaScript URL that would have redirects victims to a different domain that contain non-parsable JavaScript.
I personally to date have not seen a weaponized version of this attack (though it doesn't on the surface sound to be to difficult to build). Kudos to Mozilla for admitting they made an error here though - and more importantly for fixing it so quickly.
Now Firefox 2.x can finally be put to rest. 

I am however curious as to whether or not this same attack is possible in Firefox 3.1 Beta 2 which was not updated for this fix (Firefox 3.0.0.5 was). Firefox 3.1 however uses the Tracemonkey JavaScript engine and has many security enhancements in it over the regular Firefox 3.x browsers.

Red Hat introduces Extended Update Support

By Sean Kerner   |    December 18, 2008

redhat.png
From the "it's all about support" files:

Red Hat is offering its users another approach to support with the Extended Update Support program announced today. 

Red Hat already supports its enterprise releases for 7 years, but that doesn't mean that any given release is static for 7 years. Red Hat issues incremental updates (like the recent Red Hat Enterprise Linux 5.3 update) for hardware, feature and security updates which makes sense to me but apparently it can cause problems for some users.

"We had a set of customers who asked us to come up with a way
for them to standardize on one version of Enterprise Linux for the
longest period possible while preserving maximum stability and data
security," Red Hat states in a blog posting. "These customers want to synchronize new hardware roll out,
application stack updates and operating-system upgrades at the same
time instead of having to do them independently."

The
optional Extended Update Support offering means that Red Hat customers will be able to standardize on one
Enterprise Linux environment for 18 months.

"Extended Update Support reduces risk and increases a customer's service levels by allowing them to run their critical systems undisturbed for longer periods of time."

It's an interesting idea - and one that certainly makes sense for certain environments. It's also another way Red Hat can make more money and further differentiate its Enterprise offerings from its community offerings. Fedora Linux releases are supported for a relatively shorter period of time (current release +1) and the Red Hat Enterprise Linux Clone CentOS only mimicks what Red Hat makes publicly available.

I suspect that Extended Update Support will help to further relieve any doubts from enterprise buyers minds that Linux (in particular here Red Hat) is ready to meet the demands of large enterprise buyers.

Mozilla misses a flaw. Firefox 2.0.0.20 coming Friday

By Sean Kerner   |    December 18, 2008

sr-firefox3.jpg
From the "no one is perfect" files:

As it turns out Firefox 2.0.0.19 IS NOT the final Firefox 2.x release. Mozilla has admitted that it missed patching a flaw in Firefox 2.0.0.19 and is now in the process of pushing out a patched version in Firefox 2.0.0.20.

The exact flaw that was missed by Mozilla is not being publicly reported at this time. At first Mozilla meeting notes on the issue simply stated:

The Firefox 2.0.0.19 build we shipped was incomplete
* Going to ship a Firefox 2.0.0.20 (sad face) as soon as possible

In a mailing list posting Mozilla developer Mike Beltzner provided just a little bit more detail.

We missed a fix due to an innocent clerical error in the build  process, and will now be including it. No big deal.

Beltnzer added that it was a Windows-only omission, and happened at the point where Mozilla packages and signs builds.

Seems innocent enough. But in my opinion still a cause for concern. Reverse engineering flaws is not an easy process, but its not impossible. With simple tools like Metasploit out there that 'weaponize' vulnerabilities for point and click execution there is an obvious need for a quick patch here. That said, Mozilla has updated Firefox 3.x properly and it is encouraging all 2.x users to move to 3.x. So hey you Firefox 2.x users - here's another wakeup call for you!

Goodbye Novell Brainshare

By Sean Kerner   |    December 17, 2008

novell.jpg
From the "it's not MacWorld" files:

After 20 years, Novell is throwing in the towel on its annual Brainshare conference - a victim of the current economic downturn.

"As many of you know, Novell has held BrainShare for more than 20 years, and it is a tradition we are proud of. I also know that our customers and partners always look forward to this conference," Novell's Senior Vice President and Chief Market Officer, John Dragoon said in a statement. "Despite this, many of you have indicated that because of the current economic climate, you are under increasing pressure to reduce travel and other controllable expenses and are hesitant to commit to attending our BrainShare 2009 conference."

I'm going to be honest here - I've never been to a BrainShare and never had plans to do so. Novell has always done an above average job of keeping journalists like me in the loop on BrainShare related news either with pre-briefs or with press conferences that were webcast.

So no I won't miss BrainShare personally. However I was kinda/sorta expecting that Novell would roll out Novell SUSE Linux Enterprise Server 11 at BrainShare this year. Without the BrainShare hook, Novell won't have that same milestone event to hail the arrival of their latest release. Then again there is always LinuxWorld - oh wait there is no LinuxWorld anymore either is there?

Google Chrome Dev-channel finally hits 1.x

By Sean Kerner   |    December 17, 2008

googlechromologo.jpg

From the "as promised" files:

 A week after putting its Google Chrome stable out of beta with the 1.0.154.36 stable release, Google has now updated its dev-channel version to 1.0.154.39.  This is the first 1.x Google Chrome dev-channel release and now once again represents the leading edge of Google Chrome development (at least in terms of publicly available numbered releases).

There are a number of what I personally would consider to be 'important' fixes in Chrome 1.0.154.39. Among them is a fix for the Hotmail issue that was partially addressed in the last dev-channel release 0.4.154.33.

For those migrating from Microsoft Internet Explorer there is also a key fix that corrects an issue that previously trigged a crash (so yes that would mean a crash in the non-beta  'stable' release that came out last week). A PDF fix in the new dev-channel release is supposed to make in browser PDF viewing faster.

The bookmark search function also gets a really important fix correcting an issue that limited Chrome's Bookmark manager ability to search on URL. As a search company, this was an item that Google had to fix quickly (and it has). This particular flaw was first reported on November 3rd.
 
No word yet as to when Google Chrome stable will be updated to include the 1.0.154.39 dev-channel fixes - but if past releases are an indication it's likely not until late next week (or later).

Mozilla releases Firefox 3.0.5, kills Firefox 2.x

By Sean Kerner   |    December 17, 2008

sr-firefox3.jpg
From the "life is short" files:

After 26 months of life, Mozilla has issued the final update to its Firefox 2.x browser. The Firefox 2.0.0.19 browser out today is accompanied by its successor the Firefox 3.0.5 release.

Firefox 2.x came out on October 26, 2006 and was originally known as Bon Echo. I will always remember Firefox 2 as the first browser to ever really let me deal with the gazillion (actual number) of tabs that I have open. Tab overflow seems quaint now, but for me it was the defining feature of what made Firefox 2.x awesome.

While it's hard to complain about something that is free, when you compare the lifespan of Firefox 2.x to say Microsoft's Internet Explorer 7, 6 or even Internet Explorer 5 there is a big gap. IE 7 came out the same time as Firefox 2.x, IE 6 came out in 2001. Microsoft still supports IE 7,6 and 5.

Now the OBVIOUS item is the fact that Mozilla has end of life'd Firefox 2.x while IE 7 is still alive - so clearly Mozilla has an accelerated product lifecycle. But still, there are many people out there that will not (or some cases can not) update every two years (not me or you- but there are people like that out there).

Does the shorter lifespan of Mozilla Firefox affect adoption?

I don't know the answer to that. But one thing does seem likely here - Microsoft (for better or for worse) can claim that it supports its browsers (warts and all) longer than Mozilla.

Bon Voyage Bon Echo and thanks for the Tabs.

Debian developers vote on Linux release

By Sean Kerner   |    December 16, 2008

debianlogo.png
From the "Freedom is about more than just code" files:

Debian is on the verge of its next major release codenamed "Lenny" - but before it gets released, Debian developers will have to vote on it. Debian developers have until 23:59:59 UTC on Saturday, December 21st, 2008 to vote on six key issues collectively titled the Lenny Release General
Resolution.

In a nutshell, the resolutions deal with re-affirming Debian's Social Contract (which is Debian's guiding document) as well as allowing for Lenny to be released with violations of Debian's Free Software Guidelines (DFSG) which dictate the terms of whether or not a given piece of software may be included in Debian.

The actual resolutions include some very 'interesting' language to that effect which tries to mitigate the tone of the conflict. Here's one example from Choice 5.4:

We give priority to the timely release of
Lenny over sorting every bit out; for this reason, we will treat removal of sourceless firmware as a best-effort process, and deliver firmware as part of Debian Lenny as long as we are legally allowed to do so, and the firmware is distributed upstream
under a license that complies with the DFSG.


It's an interesting conflict, in my opinion.

Affirm the core ideals
of the project while at the same time allowing for violation of one its
cornerstones.

Debian is an idealistic Linux distribution and that is one of its greatest strengths. Those ideals however can sometimes trigger delay. The Lenny Release General
Resolutions in my view are all about, trying to live up to the ideals while dealing with the realities of getting a release out in a timely fashion.

No other Linux distribution is as open or transparent in its approach to governance as Debian - and this latest exercise in Software Freedom is further proof of that point.

Apache Updates HTTP Server to 2.2.11

By Sean Kerner   |    December 15, 2008

apache.gif

From the "some technologies never die" files:

The open source Apache Foundation is updating the newest iteration of its HTTP Web server to Apache HTTP Server 2.2.11. The update is a bug and stability fix and (so far at least) does not include any reported vulnerabilities or vuln fixes. The actual changes list details what looks to me to be a whole lot of tweaks - the only thing that really stood out for me personally is an update to the LogFormat parameter.

Add new LogFormat parameter, %k, which logs the number of keepalive requests on this connection for this request.

This could help out in a number of ways for those that use Apache logs - specifically with open AJAX and XHR type of requests.

The Apache 2.2.x branch has been the leading edge of Apache Web Server development since December of 2005. Apache still maintains its legacy 2.x and 1.3.x branches as well. The latest releases for those versions are 2.0.63 and 1.3.41 which were both released on January 19th of this year.

Apache across all its versions remains the most widely deployed web server according to Netcraft. As of November 2008 , nearly 93 million websites globally were hosted on an Apache Web Server.

Windows needs a Linux package manager

By Sean Kerner   |    December 12, 2008

tux.jpg
From the "lessons Microsoft should learn from open source" files:

Windows users have a real problem when it comes to updates. Sure they have Microsoft Update and certainly many applications include their own update mechanisms. Yet despite that, there seems to be a problem with Windows users actually updating.

So allow me to make a suggestion. Microsoft (or a really smart ISV) should build a full application manager for Windows, similar to what most Linux distributions do today.

For the non-Linux users out there - what Linux distros typically do is have a package management utility of some sort that pulls updates from a package repository (or repositories). Those updates could be for the core operating system but also could include updates for any application package in a repository. So if for example Mozilla Firefox is updated, you don't necessary have to go to Mozilla to update. Instead if its in your Linux distro's repository when an update is issued you'll get an update as part of your existing unified update process.

Small caveat though - there can sometimes be a delay between the time an application has an update upstream and the time an update actually appears in a particular Linux repository.

Overall though, the general idea of one unified approach through a master application package updating tool is one that in my view keeps Linux users (relatively speaking) up to date (and no pun intended on the old Red Hat Up2date command). Wouldn't that type of system be a good one for Windows too? Wouldn't you rather have one update process instead of many?

Google Chrome jumps from 0.4.154.31 to 1.0.154.36

By Sean Kerner   |    December 11, 2008

chrome1.gif

From the "read Andy Patrizio's story first then come back" files:

So Google Chrome is finally out of beta. From a detailed point of view this means that my version of Chrome (stable) jumped from 0.4.154.31 all the way to non-beta 1.0.154.36 version. That's quite a jump.

But on the dev-channel version of Chrome, I'm still at version 0.4.154.33 (the one I wrote about earlier this week with the Hotmail fix). That's kind of strange isn't it?

Wouldn't you expect that the dev-channel would be first to be out of Beta? (Just as a reminder, Google offers two versions of Chrome, dev-channel and stable). The details of why Google hasn't officially moved its dev-channel users to version 1.x are detailed by Google Chrome Program Manager Matt Larson.

"Note to
Dev channel users: The Dev channel release will stay at 0.4.154.33," Larson wrote. "The
current stable release is the same as the current Dev channel release
without the Hotmail fix (which hasn't been tested enough to release to
all users). An update is coming next week."

So what does that mean? It means that Google Chrome 1.x non-beta doesn't work with Hotmail as it should.

It also means that Google has done a little magic with its numbering system for Chrome in my opinion. Unless I'm totally wrong Google Chrome dev 0.4.154.33 actually has more fixes in it than Google Chrome stable 1.0.154.36. It also means that Google has taken a product out of Beta without first making sure it had a Linux version available.

Don't get me wrong Google Chrome is one awesome browser. But just don't forget that even though Google has declared it out of beta and now has a 1.x release there are still a lot of bugs to fix.

Slackware Linux 12.2 release is no slacker

By Sean Kerner   |    December 11, 2008

slackware.png
From the "yes they're still alive and kicking" files:

Slackware Linux - yes that Slackware, the original Linux distro itself is out now with Slackware version 12.2. And the big top line item - it's now exclusively using the Linux 2.6 kernel!

Yes I know that seem almost anachronistic considering that the 2.6 kernel has been in  usage in other distros since 2003.

"Since we've moved to supporting the 2.6 kernel series exclusively (and
fine-tuned the system to get the most out of it), we feel that Slackware
12.2 has many improvements over our last release (Slackware 12.1) and is
a must-have upgrade for any Slackware user," Slackware founder Patrick Volkerding said in the release announcement.

There are a lot of reasons why 2.4 kernel support was still needed (and is still needed by some), not the least of which is its smaller footprint and overall system requirements. However after five years of wide use and some 27 point releases, the 2.6 kernel is quite stable and it's now the only one that Slackware supports.

Beyond that, Slackware 12.2 updates the usual suspects of a LInux distro including KDE (though they stick with the 3.5.x branch), Firefox, GIMP, Pidgin, Apache and the like.

Volkerding also noted that the Slackware package management tools get a boost which is interesting for me personally. Among the reasons why Debian and Red Hat (in my simplistic viewpoint) picked up users in the late 90's was their solid packaging systems - .deb for for Debian and RPM at Red Hat.

Still, it's absolutely amazing to see Slackware still in active development after all these years - and without ever becoming an 'enterprise' distro like SUSE or Red Hat.

Mozilla losing its Chief Security Officer Window Snyder

By Sean Kerner   |    December 10, 2008

sr-firefox3.jpg

From the 'and she really is so nice" files:

Mozilla's Chief Security Officer Window Snyder announced today that she is leaving her post at Mozilla by the end of the year.

I've had the good fortune of speaking with Window many times by phone and met her several times as well. Her grasp of the incredible issues that face browser developers made her an excellent spokesperson for Mozilla over the two years she was there.

"I am sad to be leaving, but I am excited to go work on something I have
always been passionate about," Snyder blogged. "I wish I could tell you about it now,
but that will have to wait for a while."

The last time I interviewed Snyder in person was at Black Hat in Las Vegas,
she was accompanied by Johnathan Nightingale (a local Toronto boy).
Nightingale is also named by Snyder as being part of the group that
will help to fill the gap when she leaves. Mozilla has a deep bench when it comes to security and Nightingale and others within Mozilla are more than capable to take the security lead.

Still, I for one will miss speaking with Window Synder as a Mozilla person. So good luck to you Window, wherever you end up!

Mozilla releases Thunderbird 3 Beta 1

By Sean Kerner   |    December 10, 2008

thunderbird.jpg
From the "Mozilla does email? really?" files:

At long last, Mozilla Messaging has put out the first Beta release for the Thunderbird 3 open source email client. Lots of new stuff here that users will notice. According to Mozilla among the new features are a tab interface for mail, improved message reader view, better address
book interface and improved import of mail from other Mail clients.

Beta 1 is not however a feature freeze for Thunderbird 3 and Mozilla Messaging chief Dan Ascher hints that much more is to come before Thunderbird 3 hits its final release.

"Unlike the traditional definition of a beta release, we're definitely not done making feature changes, including some pretty significant feature work that we expect will be integrated in Thunderbird 3 in later beta releases, some features that will live as optional add-ons, and some experiments which may end up in later releases of Thunderbird or not, depending on the result of the experiments," Ascher blogged.

For me personally the item that I'm most interested is something that actually isn't directly part of Thunderbird but rather is an add-on. Thunderbird on its own lacks a Calendar which means it can't directly compete against Microsoft Outlook.

The Mozilla Lightning add-on is an effort to add a calendar to Thunderbird (or Firefox too for that matter if you wanted too).  By Ascher's own admission the Lightning project isn't done yet with it's work, but so far in his view things are looking great.

Google Chrome fixes Hotmail by being Safari

By Sean Kerner   |    December 09, 2008

googlechromologo.jpg
From the "who do you want to be today" files:

Google is continuing its rapid development of its Chrome browser with the dev-channel release of Chrome version 0.4.154.33. Again this is mostly a bug fix, though two of the bugs are really interesting.

Bug #6482 fixes an issue with composing mail and switching folders in Hotmail. The really interesting part is that Google admits that Hotmail does not yet properly recognize the Chrome browser so users need to trick Hotmail into thinking that Chrome is actually Apple Safari (which is supported by Hotmail).

Here's the workaround from Google to make Chrome appear to be Safari for Hotmail use:

Add the following to the shortcut you use to launch Google Chrome:
--user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1 Safari/525.19"

Right-click the Google Chrome shortcut, click Properties, and paste the line above to the end of the Target field.

Another interesting bug is #6418 which lets Google Desktop call Google Chrome as a default browser. Seems straight forward enough - though it sure does seem odd that Google Desktop wouldn't have fully supported Chrome from day one.

Firefox 3.1 Beta 2 arrives a month late

By Sean Kerner   |    December 09, 2008

firefox31.jpg

From the "good things come to those who wait" files:

Mozilla developers have released Firefox 3.1 Beta 2 - nearly a month after it was expected. There are a number of reasons why this milestone release was delayed but in a nutshell from my third-party point of view, it's all about making sure a release is ready before making a release. Mozilla has a process of "blockers" which identify which items must be fixed prior to a release (milestone or otherwise), it's a process that tends to serve them well.
In terms of features, Firefox 3.1 Beta 2 includes the overhyped Private Mode feature (aka Porn Mode), which allows for a browsing session that is not retained locally after the session is closed out (that is history is not carried over to the main browser). This is a feature that other browsers have and previously was available to Firefox users by way of an extension.
Then there is the Tracemonkey JavaScript engine which is Mozilla's answer to Google Chrome's V8. Tracemonkey will in my opinion, get a real workout in this Beta 2 and I expect that it will improve by leaps and bounds from here as more users get to try it out.
Mozilla also claims that the 3.1 release includes, "improvements to the Gecko layout engine, including speculative parsing for faster content rendering."
While speed is also a key issue for browsers, especially for end users. Firefox 3.1 in general includes more developer focussed improvement than I can easily get a handle on. There are CSS, HTML 5 tags and DOM changes that could really be very interesting from a development point of view. The problem - as it was during the first browser war - is trying to figure out what is supported cross-browser since I doubt many developers really want to develop multiple implementations of their site just to cater to specific browsers. 
That said, mainstream web development in my view has always been about the lowest common denominator - and maybe with Firefox 3.1, IE8, Safari 4 and Chrome that lowest common denominator can get pushed forward yet again.

As for Firefox 3.1, Mozilla has planned for a Beta 3 release and I personally expect at least two Release Candidate (RC) versions as well. So don't expect a final Firefox 3.1 for Xmas this year, it's not likely to be finalized until 2009.

Google Chrome gets Microsoft Silverlight fix

By Sean Kerner   |    December 08, 2008

googlechromologo.jpg
From the "automatic updates are fun" files:

Google has updated its dev channel version of the Chrome browser to version 0.4.154.31. This is mostly a stability and bug fix release with no functionality updates according to Google Chrome Program Manager Mark Larson. BUT, if you look closely at the release notes,  there is an important bug fix for an issue with how Chrome deals with Microsoft Silverlight.

Issue #4691  is titled, "The context menu does not show up in a windowless Silverlight plugin."

What is the expected output? What do you see instead?
We expect to see the context menu show up. Instead nothing happens.

Yes, this is a small issue, but one that is important to note for a few reasons. For one, Google is taking Microsoft Silverlight support seriously - to the extent that it will fix bugs in Chrome to make Silverlight work properly. The flaw that Chrome had experienceed with Silverlight was not present in Firefox 3.x either.

Vyatta expanding Linux networking appliances

By Sean Kerner   |    December 05, 2008

vyatta_small.jpg
From the "Linux-everywhere" files:

Startup Linux networking vendor Vyatta is set to announce a new hardware appliance on December 9th. The new device will add more power to Vyatta's lineup of networking products that they are targetting competitively against Cisco and other proprietary vendors.

The Vyatta 2502 will be a step up from the existing 2501 appliance which only has 512 MB RAM and 80 GB Hard Disk storage.
The new 2502 in contrast will have two 250 GB SATA drives and 1 GB of RAM. Vyatta is powering the devices with a dual-core 2.2 GHz processor.

Vyatta has been offering a Linux based router software platform since 2006. Earlier this year they upgraded their platform to version 4 of their routing platform. Vyatta Community version 5 is currently in Beta.

Using Linux and open source technology for networking gear isn't a unique proposition. In fact networking giant Cisco is one of the leading contributors to Linux kernel development (at least according to a recent Linux Foundation report). Vyatta and its marketing man Dan Roberts however argue that Vyatta offers a better cost proposition.

Cisco is the world's largest networking vendor for a number of reasons including its large sales force. I suspect that though Vyatta will make some inroads, Cisco doesn't need to be too worried. Then again the networking equipment market is a massive one and there is certainly room for many players. As the economy continues to meltdown it sure will be interesting to see how this all plays out.

Sun releases OpenSolaris 2008.11

By Sean Kerner   |    December 04, 2008

opensolaris_small.gif
From the "it's not Linux, but it's got the same apps" files:

Sun has rolled opensolaris 2008.11, loaded with open source applications that are well known to Linux distribution users.  The 'What's New' page for opensolaris 2008.11, lists the new features which include GNOME 2.24, Firefox 3, Songbird and OpenOffice.org 3.

On the apps that are more opensolaris specific the Image Packaging System, IPS gets an update but to my naked eye it looks surprisingly like GNOME's Synaptic package manager. Fast boot times (something that Linux distros are working on too) is also a key new feature for the opensolaris release.

Where opensolaris 2008.11 may well differ most is with its Project COMSTAR (Common Multiprotocol SCSI Target) implementation for an open storage system.

The first phase of Project COMSTAR has
been included in OpenSolaris 2008.11, allowing you to turn any OpenSolaris host into a SCSI storage device
or target, accessible by any initiator hosts. Only Fibre Channel is supported at this time, however the iSCSI
port provider will be provided in the developer repository soon.

So, sure there are alot of open source applications in opensolaris 2008.11 that are common to other open source operating systems, but Sun has also made sure that it has several differentiators as well.

Python 3.0 slithers to GA, time for 2.x users to update?

By Sean Kerner   |    December 04, 2008

python-logo.gif

From the "Guido must be happy" files:

Python 3.0 is now officially out - breaking compatability (in many respects) with currently deployed Python 2.x series. Don't worry it's not all lost for existing Python users, though the official Python release does sound dire.

Python 3.0 (a.k.a. "Python 3000" or "Py3k") is a new
version of the language that is incompatible with the 2.x line of
releases. The language is mostly the same, but many details,
especially how built-in objects like dictionaries and strings work,
have changed considerably, and a lot of deprecated features have
finally been removed. Also, the standard library has been reorganized
in a few prominent places.

You see in October Python 2.6 was released, and it is an effort to bridge the gap between the 2.x and 3.x versions of Python. When I spoke with Python developers back in October the expectation was that many developers would stick with the 2.x line for awhile and not immediately jump to 3.x when available.

"We are not expecting or encouraging developers to migrate to Python 3
immediately, and the Python 2.x line will continue to be supported and
improved for years to come," David Goodger, an officer of the Python Software Foundation, told InternetNews.com ."Python 2.6 is an upgrade intended for most
developers of production systems. Python 3.0 is for those who like to
live on the bleeding edge."

Maybe Apple Macs don't need antivirus after all

By Sean Kerner   |    December 03, 2008


**UPDATED 1 PM ET with Apple comment **

Yesterday there was a lot of buzz about an Apple support page that recommended Mac users to use antivirus software. Today that same Apple support page has been deleted.

Does that mean that Mac's don't need antivirus?

Maybe. Then again, maybe not. One of the biggest problems with the support page note was wording that suggested that users use 'multiple' pieces of software.

"Apple encourages the widespread use of multiple antivirus utilities so
that virus programmers have more than one application to circumvent,
thus making the whole virus-writing process more difficult,"Apple (NASDAQ: AAPL) wrote on its now deleted support page.

I received a call from an Apple spokesperson today who gave me Apple's official statement on this issue. Here's the official word:

"We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running anti-virus software may offer additional protection."

So there you go. Not a recommendation for multiple antivirus tools after all - which is a good thing since that wouldn't really work anyways. The problem with that is running multiple antivirus tools at the same time is hardly a best practice. In fact for many antivirus tools (on Windows at least) the first step of the installation process often involves removing any existing antivirus software to prevent conflicts.

I for one am glad that the confusing note has been removed - but I do hope that Apple replaces it with a clarification rather than just a deletion at some point.

The act of simply deleting a support note without any mention (on the support page) of why is not the mark of a company that is entirely open and transparent.

Certainly the Mac is less prone to virus attacks than Windows systems, but by Apple's own admission it is not 100 percent immune. In fact just look at the number of updates that Apple has had to make in the last two years to its QuickTime media player to see that Apple technologies are being targeted by malware writers.

Songbird 1.0 is out. Are iTunes days numbered?

By Sean Kerner   |    December 02, 2008

songbird_logo.gif

From the "keep on rockin in the free world" files:

Songbird 1.0 the Mozilla powered open source customizable music player is out today and it could give iTunes a real run for Apple's money (or maybe not).

What makes Songbird special in my view is the fact that even though it's a decent music playing app - it really extends the whole music playing experience. For one it has something called mashTape which is this neat feature that lets you 'mashup' and pull in flickr photos, Google News, YouTube vids and more  - all contextually related to the tune you're listening too.

Songbird developers are claiming the release is faster than previous development builds, with claims of up to 1000x faster for search, 70 percent RAM usage reduction and 4x speed improvement on media importing.

"We set out to build an open, customizable music player," Songbird developer raffel blogged. "Today, we're launching with dozens of integrated services, hundreds of add-ons, and a growing developer community. We'll be the first to admit that there's plenty left to do. And, while we're not ready for everyone, 160k users a month are expressing their vote for an alternative music player."

Songbird is built on top of the Mozilla Platform (mostly XUL) and is a good example showing how Mozilla technologies can be leveraged for more than just web browsing.

While Songbird is a powerful application, I'm not too sure that Apple has too much to worry about. Every iPod/iPhone user knows about iTunes - that's tens of millions of users and a built-in user base. Songbird has no such distribution advantage. That said, Firefox doesn't have the distribution advantage that IE has, so hey you never know...

Google Chrome playing catch-up on extensions.

By Sean Kerner   |    December 02, 2008

googlechromologo.jpg
From the "you gotta start somewhere" files:

Sure Google's Chrome browser is fast. But since day one it has lacked add-ons/extensions that provide additional functionality.

Today Google Chrome still doesn't have extensions, but Google developers now have a "design doc" that is an initial attempt at a roadmap. In my opinion, the roadmap looks like it's an effort to do an add-ons/extensions approach that is as good (if not better) than the one that Mozilla Firefox uses today.

Firefox 3.x has made great strides in improving how add-ons are consumed, and Mozilla continues to expand that effort. With Chrome, the Google developers are trying to start with a secure mechanism for obtaining and updating extensions from day one. This is a big deal and one that no doubt is the result of Firefox's experiences.

It looks like SSL, signed extensions and a central repository for auto-updates and validation are all part of the plan.
According to the roadmap:

We will provide a service designed to reduce burden to developers
by reducing traffic costs and providing a robust, secure mechanism for
autoupdates that they can easily leverage rather than having to handle
the logistics on their own site.  It would also provide authors with a
way to easily create and verify their extension packages and manifests.
However, developers will always have the option to package, sign, and
host extensions on their own site. The
central service will maintain a blacklist of known malicious or harmful
extensions.  This blacklist will be used by the browser to disable
these extensions.

All sounds good to me. What would be even better though is a cross-browser standard API set for add-ons/extensions such that a developer could build once and then deploy to all browsers that support the standard. I know, someone spiked my coffee this morning - but hey the time/effort/trouble of building extensions for yet another browser is likely something that few (external to google) look forward too.

MySQL 5.1 goes GA, Monty not happy

By Sean Kerner   |    December 01, 2008

MySQLjpg
From the "better late than never" files:

MySQL 5.1 is now out, but not everyone is happy about this oft-delayed open source database release.

I've been hearing about MySQL 5.1 since at least 2006 and over the last two years there have been a few dates I've been told when it would be released. Earlier this year the plan was for it to be out by June , then that got bumped back. Last month, a Sun spokesperson told me the release would be generally available (GA) on December 9, but apparently MySQL 5.1 is now already generally available.

One of the reasons, I've been told over the years as to why MySQL 5.1 has been delayed is to ensure the quality of the release and to learn from mistakes made in the MySQL 5.0 release. It's an argument that MySQL founder Monty Widenius now disagrees with.

"The reason I am asking you to be very cautious about MySQL 5.1 is that
there are still many known and unknown fatal bugs in the new features
that are still not addressed," Widenius blogged.

Widenius argued that there are still at least 180 serious bugs in the MySQL 5.1 release - (as evidence of his allegation he points to a bug tracking page that shows many of the bugs). He also lists a litany of other errors that in his view should have been caught and corrected prior to a generally available (GA) release. The reason for the flaws is not due to developer dedication, according to Widenius, but rather due to the conditions in which the developers work.

FreeBSD 6.x hits final release

By Sean Kerner   |    December 01, 2008

FreeBSD_small1.jpg

From the "little devil" files:

FreeBSD 6.4 is now out and it's likely to be the last release on the 6.x branch of the free operating system. The first FreeBSD 6 release came back in 2005, FreeBSD 6.1 came in 2006 and 6.2 in 2007. The FreeBSD 6.x branch became Legacy (that is not the leading edge of development) when FreeBSD 7.x was released earlier this year.

The FreeBSD 6.4 update looks to me to be a basic point upgrade for key applications. According to the release announcement  the big items are:

*

New and much-improved NFS Lock Manager (NLM) client

*

Support for the Camellia cipher

*

boot loader changes allow, among other things, booting from USB devices and booting from GPT-labeled devices with GPT-enabled BIOSes
 *

DVD install ISO images for amd64/i386
 *

KDE updated to 3.5.10, GNOME updated to 2.22.3

*

Updates for BIND, sendmail, OpenPAM, and others

Even though this is the last point release for FreeBSD 6.x, security support for FreeBSD 6.4 will extend until November 30th 2010. So that means for you FreeBSD 6.x users out there, you've got two years to migrate (if you want to stay relatively current).