RealTime IT News

Blog Archives

Mozilla Firefox 3.5.7 will fix updates and top crash

By Sean Kerner   |    December 28, 2009

sr-firefox3.jpg
From the 'Incremental Fixes' files:

Mozilla developers are now testing the next stable build of the Firefox 3.5.x series. Firefox 3.5.7 is now available as a beta build for testers to try out.

The 3.5.7 dev update milestone follows closely on the heels of the Firefox 3.5.6 update which came out earlier this month.

Mozilla is not in the habit of disclosing any particular security vulnerabilities that may be patched for upcoming releases (a practice I respect and admire). That said they do publicly disclose the key non-security bug fixes in upcoming releases.

Among the bug fixes for Firefox 3.5.7 is one for how major updates are handled. The major update notification item is a key one in that it is one of the primary drivers to help existing Firefox users update to the next major version. Firefox 3.x users received a major update notification for the 3.5.x update earlier this year.

InternetNews.com 2010 Year in Preview Podcast

By Sean Kerner   |    December 23, 2009

podcast.png
From the 'Listen In' files:

It's that time of year again when everyone and their brother's first grade teacher's second cousin is making 2010 predictions.

Want to hear our tech predictions for 2010?

We've made it real easy for you, you don't even have to read them all  -- just listen in to our 2010 Year in Preview Podcast.

Kenneth Corbin talks about the big policies we're likely to see in 2010 including net neutrality, privacy and cyber-security, David Needle tells us what to expect from Apple and Stuart Johnston tells us why 2010 will likely be a good year for Microsoft's Windows 7.

I chime in there too - with my top security issue for 2010, the top networking story for 2010 and why I think we'll see more open source lawsuit activity in the year ahead.

Happy Holidays!

Opera 10.5 pre-alpha now available. Should you care?

By Sean Kerner   |    December 23, 2009

opera.jpg
From the 'What's a Pre-Alpha' files:

Forget about betas, alphas or nightlies - what you want is a pre-alpha release right?

Well that's what Opera Software is pitching with its Opera 10.5 pre-alpha release this week.

Why Opera 10.5 is interesting to both end-users, developer and competitors, revolves around one key technology - Carakan. Carakan is Opera's next generation JavaScript engine which Opera has been saying is world-beating since February of this year.

With Opera 10.5 Carakan makes its debut for public consumption and it gives Opera 10.5 a 7x JavaScript performance boost over prior versions. Opera 10.5 also introduces a new graphics library and improvement so Opera's rendering engine.

Yes, speed does matter.

Is it faster than Chrome or Firefox? That's always a loaded question as it depends on use-cases.

What is important from my perspective is that there continues to be an emphasis from all browser vendors on making fast next generation browsers even faster.

Is Firefox 3.5 the most popular browser?

By Sean Kerner   |    December 21, 2009

sr-firefox3.jpg
From the 'Netscape's Revenge' files:

After years of playing second fiddle to Microsoft's Internet Explorer browser, Mozilla Firefox is now on top - kinda/sorta.

According to new data from the StatCounter.com, Firefox 3.5 is now the most popular browser version in the world at 21.9 percent, surpassing IE 7 21.2 percent.

The catch (because there always is one with stats) is that on a cumulative basis - that is including all versions of IE currently in use and all Firefox versions currently in use - IE is still ahead.

Combining IE 6, 7 and 8 usage gives Microsoft a great than 50 percent share while Firefox holds just over 30 percent.

Firefox 3.6 Beta 5 now out - will final be out by 2010?

By Sean Kerner   |    December 18, 2009

sr-firefox3.jpg
From the 'It's Done, When It's Done' files:

I've been using the Firefox 3.6 browser as my everyday browser since the Beta 2 release.

While it's just about stable enough for me, Mozilla developers continue to make it as bug-free as possible, while adding incremental features and improvements along the way. Late yesterday, Firefox 3.6 Beta 5 was released, included over 100 fixes from the Beta 4 update.

Among the fixes is one really interesting fix for Firefox 3.6's Safe Browsing feature. With Safe Browsing Firefox checks URL to make sure it's not a phishing site. As it turns out the Safe Browsing request ended up in a user's cache. That could potentially fill up a user's cache as well as have a performance impact for the browser.

Yeaah, it's a small detail, but it's just another check mark on the long list of incremental improvements in Firefox 3.6 that end up making this the fastest browser ever built by Mozilla.

EU browser choice should come to the U.S. too

By Sean Kerner   |    December 17, 2009

IE.jpg
From the 'European Lifestyle Choices' files:

After a whole lot of negotiations, Microsoft is now set to offer European users of its Windows operating system with a browser choice.

My colleague Stuart Johnston reported for InternetNews.com that there will soon be a "choice screen" on Windows PCs sold within the European Economic Area that lets
users choose which of a dozen or so browsers they would like to set as
their default.

Why don't U.S. consumers get the same choice?

Yes I know full well that any user can go and download Safari, Firefox, Chrome or Opera for Windows.

I also know that for a whole lot of people out there, who just don't know any better the big blue E is the Internet and that's all there is to it.

In my own personal experience, I was recently at a relative's house and they asked me to look at their PC. The problemthey thought they had was that the Internet wasn't working. I checked out their router connection, did an ipconfig lookup and everything was fun. The problem was that they had lost their IE (big blue E) shortcut somehow, so they didn't know how to get on the Internet.

That's why browser choice, at the install level of a PC is so critical.

Mono 2.6 and MonoDevelop 2.2 released

By Sean Kerner   |    December 16, 2009

mono_small.gif
From the '.NET on Linux' files:

I've been following the Mono project since its 1.0 release back in 2004 and a lot has changed. Today the project released Mono 2.6 providing even more features and compatibility for developers looking for a .NET framework implementation for Linux.

The 2.6 release is the first major release from Mono since the 2.4 release in March. There are a number of new items in the 2.6 release but at the top for me is the continued evolution of Mono's overall performance.

The other key item that Mono continues to improve on is compatibility with .NET itself. With 2.6, the release notes state that they've achieved more complete .NET 3.5 API coverage, which in my mind is a good thing. Mono has always tried to include the most important elements of .NET, but has not had them all.

The 2.6 release also includes a new verifier and security sandbox which comes by way of the Moonlight effort (delivering Microsoft Silverlight framework compatibility on Linux).

Oh and did I mention that Mono 2.6 includes - wait for it - Microsoft's open sourced ASP.NET MVC. Microsoft announced back in April that the MVC stack was going open source, so it makes sense that it would end up in the open source Mono project.

Best Buy lawsuit shows how GPL violations have changed

By Sean Kerner   |    December 15, 2009

sflc.png
From the 'Responsibilities of Freedom' files:

Yesterday, the Software Freedom Law Center filed a big lawsuit against 20 companies (including Best Buy) on the claim of GPL violation.

It's not the first (and likely not the last) of the SFLC's GPL enforcement efforts, but it does mark a key turning point in their public efforts for a number of reasons.

"It shows how GPL violations
have changed over time," Bradley M. Kuhn, Policy Analyst and Technology Director at the SFLC wrote to me in an email. "Past enforcement efforts have been mostly about
router technology and other computer-oriented components. We now see
BusyBox/Linux adopted more frequently in mass-market consumer
electronics, such as TVs and DVD players."

BusyBox which is the set of GPL'd utilities that is at the heart of the GPL enforcement issue is a technology that is used in embedded devices, like routers as well as consumer electronics devices.

Due to the fact that BusyBox (in particular) can sit so deep within a device, it is my own personal opinion that many vendors simply don't understand the impact of GPL and aren't aware that they aren't compliant.

GNOME should seperate from the GNU Project

By Sean Kerner   |    December 14, 2009

gnome.jpg
From the 'Land Before Time' files:

Did you know that the GNOME project was still officially part of the GNU Project (led by the founder of Free Software Richard Stallman)?

It is - but it might not be this time next year and I personally think that would be a good thing.

The GNU Project dates all the way back to 1983 and throughout its history has been an important place for all Free Software projects, like GNOME. Over the last few days, there was a bit of a flame-war going on various GNOME-related mailing lists about an article appearing on Planet GNOME - which is a GNOME news aggregator.

Stallman took issue with an article posted by GNOME co-founder Miguel de Icaza and argued that non-Free Software should not be promoted on the Planet GNOME site. (Stallman and De Icaza are not exactly on friendly terms, lately mostly related to Stallman's opposition to the Mono Project, led by De Icaza).

It's an argument that many in the broader GNOME community don't agree with and could potentially lead to GNOME leaving the GNU Project.

"Planet GNOME is about people and we display everyone's full blog feed as it
represents them," GNOME Foundation Executive Director Stormy Peters wrote "There are people that work on proprietary software as well
as GNOME and that's who they are. I don't think we should reject people
because they don't agree with us 100 percent of the time."

Fedora, open source trademarks and FUD

By Sean Kerner   |    December 11, 2009

fedora-trademark-small.jpg
From the 'Memories of FUDcon' files:

Among the most interesting sessions that I sat in on, at the FUDcon Fedora user/developer conference, which wrapped up earlier this week, was a discussion on trademarks.

Trademarks and open source have an interesting and often confusing relationship. The whole point of open source is freedom of code and usage. Yet there is still a need (for some), to protect their names and ultimately their brands as well.

The session was led by Red Hat attorney Pam Chestek (pic top left), though much of the actual discussion came from the session attendees.

Not surprisingly open source developers and users are passionate about licensing issues.

"The only question to be answered in trademark law, most of the time is - is there a likelihood of confusion," Chestek said. "It's an exercise in theorizing what's happening with consumers...it all boils down to, will someone be confused about what they are getting."

Red Hat open sources SPICE for desktop virtualization

By Sean Kerner   |    December 09, 2009

redhat.png
From the 'Open Source Takes Time' files:

A year after acquiring the SPICE (Simple Protocol for Independent Computing Environment) hosted virtual desktop protocol from Qumranet, Red Hat is now open sourcing it. 

Red Hat bought Qumranet in 2008 for $107 million as a way to boost its virtualization business, now based on KVM , which was initially developed by Qumranet.

I know that Red Hat has always said that they try and make any tech they acquire open source (which they have in practice) and I know it often takes time.

Whey SPICE is particularly interesting and important is the fact that it's a key part of  a core Red Hat Enterprise Virtualization for Desktops which is now in beta. Red Hat rolled out a big server virtualization released last month based on Qumranet tech as well. The problem with the server release is it required Windows (which I personally found quite jarring).

Novell speeds up iPhone app dev in MonoTouch 1.4

By Sean Kerner   |    December 09, 2009

monotouch.png

From the 'There's An App For That' files:

Back in September, Novell launched MonoTouch which is way to build .NET applications for Apple's iPhone.

It's based on the Novell led  Mono project which is an effort to create an open source implementation of Microsoft's .NET. In the span of four months, Novell is iterating quickly and is now out with MonoTouch 1.4, which is all about speed.

"Startup times have been dramatically decreased," the MonoTouch 1.4 release notes state. "The time reduction is anywhere from 60 percent to 40 percent depending on your application."

That's a big deal, as opposed to PC users that are used to waiting, iPhone users don't have the same patience.

The other key item, also related to speed is that MonoTouch compiled releases are now also smaller.  According to Novell, MonoTouch 1.4 actually compiles apps that are 30 percent smaller than previous releases.

As the iPhone continues to gain in popularity, the need for enterprise .NET type apps no doubt will grow. That growth will likely also continue to fuel demand for MonoTouch.

Will Mozilla Thunderbird 3 fail?

By Sean Kerner   |    December 08, 2009

thunderbird.jpg
From the 'Superior Siblings' files:

Mozilla today officially released Thunderbird 3.0, it's next generation email client. It's got lots of interesting features, but is it too little too late?

Thunderbird 3.0 is the first major release of Thunderbird in years and that's a very bad thing in my view. Unlike its cousin Firefox which has had regular releases and enjoys a large user-base and following, Thunderbird (to date) hasn't generated the same type of attraction.

Back in 2007, Mozilla tried to kick start Thunderbird development by spinning out a new organization called Mozilla Messaging which was tasked with building Thunderbird. What have they done in the last two years?

Thunderbird 2.0 came out in April of 2007, at the time I had thought that we might see Thunderbird releases come out in roughly the same timelines as Firefox releases -- I was wrong.

Having a new release every two years works for enterprise tech, open source or otherwise. But in my honest opinion that's not how you grow an open source community or build an engaging application that innovates. Frequent iterations, rapid updates and continuous evolution are what make open source projects great. Look at the Linux kernel with new releases nearly every four months that have a staggering amount of innovation in them.

The path from the first Thunderbird 3 Beta to the final release is also somewhat disappointing.

Google Chrome graduates to beta on Linux and Mac

By Sean Kerner   |    December 08, 2009

googlechromologo.jpg
From the 'Does It Matter?' files:

Six months ago, Google began its official publicly available effort to land the Chrome browser on Apple Macs and Linux computers.

At first the Linux and Mac builds were barely usable with no plug-in or printing support and frequent crashes. In my own personal experience on Linux, Chrome-dev has become very stable and has been for months.

For those of us that have been growing along with the dev-channel releases, the beta release is nothing new. What the beta signifies is a maturation of the tech to a level that Windows users have enjoyed for a year.

For Chrome, Beta means it's (almost) ready for prime time users, but not quite ready for absolutely everyone. Google has a three tier dev process for Chrome with a stable, beta and dev channel. The dev-channel is the fastest moving (and quickest to break) and it's the one that I'll be sticking with and I suspect many Linux users, that are used to rapid updates, will too.

Mac users are often a bit different than typical Linux users (though there is also some overlap).

Fedora devs keeping OLPC sweet with Sugar

By Sean Kerner   |    December 07, 2009

xo_small.jpg
From the 'Green Tech' files:

TORONTO. Remember the One Laptop Per Child (OLPC) project?

I sure do. Back in 2006, I remember very well watching Nicholas Negroponte take the stage at LinuxWorld to pitch the effort.

The effort was supposed to be provide a Linux based operating system and easy desktop environment for children around the world. The Linux used ended up being Red Hat's community led Fedora distribution with a user interface known as Sugar. The actual OLPC hardware is known as the XO.

At the FUDcon Fedora conference held in Toronto (and wrapping up today), I sat in on a key session where software developer Steve Parrish (pic above, credit: Sean M. Kerner) explained one of his key goals in working on the Sugar interface.

"My biggest goal is to make sure the first gen XOs don't end up in
landfills, Parish said. "I want to make sure they stay current and we get as much
life as we can out of the platform."

I thought that statement was astounding. Here we are with an effort trying to help the world's children and there is a legitimate concern that the platform (or at least the first gen) could end up as garbage.

Is Google Public DNS safe? Look at the source ports

By Sean Kerner   |    December 04, 2009

googlecodegif.gif
From the 'H D Moore Knows' files:

Yesterday, Google launched its new Public DNS service. Among the benefits that Google is claiming for the new service is that it helps to secure DNS for users.

Is that an accurate claim?

One of the big issues that security researcher Dan Kaminsky disclosed about DNS insecurity in 2008 was that DNS request information isn't quite as random as it should be. The way DNS works is that each DNS request is supposed to carry with it a random number
transaction ID. But it turns out that the random number is only one out
of 65,000. DNS is at risk when there isn't enough randomization and a hacker can 'guess' the number.

So is Google's Public DNS random enough?

I got a comment from famed security researcher, H D Moore on that point. Moore knows what he's talking about when it comes to DNS exploits as his Metasploit tool was among the first to have a weaponized version of the Kaminsky DNS flaw.

Moore has now put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports.

Here's his graph, click for the full size. (credit: H D Moore, Rapid7):


googledns.png


Cisco almost closes Tandberg deal. DoJ investigating.

By Sean Kerner   |    December 04, 2009

cisco.gif
From the '90 percent' files:

As part of it original offer to acquire video conferencing vendor Tandberg, Cisco Systems (Nasdaq:CSCO) has a condition that 90 percent of shares needed to vote in favor of the deal.

That hasn't happened.

After two deal deadline extensions ,with the last one ending on Thursday Dec 3rd, Cisco still does not control 90 percent of Tandberg shares. But they are close, very close, but as they say,'close only counts in horseshoes' right?.

According to Cisco, they now control approximately 89 percent of Tandberg shares.

"The received acceptances represent a lower acceptance ratio than the
90 percent condition to the offer set out in Section 1.7 in the offer
document dated October 7, 2009," Cisco said in a statement. "However, Cisco has decided to waive
this 90 percent condition."

Wait a second here, they can just 'waive' the 90 percent condition? Really?? Then why on Earth didn't they just waive that condition before upping the deal by an additional $400 million and extending the deadline for acceptance twice?

**UPDATED 1:15 pm ET** Cisco has now issued another statement, and now they say they've got 91.1 percent of the voting shares of Tandberg.

Google launches Public DNS

By Sean Kerner   |    December 03, 2009

googlecodegif.gif
From the 'AYBABTU' files:

Is there anything that Google can't do? As part of its never-ending quest to update and improve the web experience for all, Google today launched a new free public DNS service.

DNS is critically important technology that we all of use everyday. It's the system that resolves IP addresses to domain names and usually you get that info from your ISP (or in a big enterprise your own DNS server).

What Google's Public DNS will offer is an alternative, enabling users to use Google (instead of their ISP) to provide DNS service.

"We believe that a faster DNS infrastructure could significantly improve
the browsing experience for all web users," Prem Ramaswami, of Google's Public DNS Team wrote in a blog post. "To enhance DNS speed but to
also improve security and validity of results, Google Public DNS is
trying a few different approaches that we are sharing with the broader
web community."

Altruistic ideals of enhancing the web experience aside, by having its own DNS server for public consumption, Google will also potentially gain access to a new source of Internet information.

They will know (anonymously or otherwise) how popular certain sites are (based on query volume) and potentially have a new metric by which they can improve web search quality as well (*though they do have a privacy policy in place which protects against user-identifiable information).

US-CERT warns on SSL-VPN flaws

By Sean Kerner   |    December 03, 2009

security-200x180-redlock_small.jpg
From the 'Flaws Without Fixes' files:

US-CERT is now warning against a potentially dangerous flaw in the SSL-VPN implementations from over two dozen vendors including industry giant Cisco.

"Clientless SSL VPN products from multiple vendors operate in a way that
breaks fundamental browser security mechanisms," US-CERT warns. "An attacker could use
these devices to bypass authentication or conduct other web-based
attacks."

Sounds scary doesn't it? But I'm not so sure we all need to run for the hills and abandon SSL-VPNs (yet).

At issue is the same origin policy that all modern web browser use. Same origin is basically an attempt to limit the resources that can access data from a particular site. That is, you generally don't want one site having access to the other sites you have open.

Now the idea of bypassing same origin policy is not new and is at the root of many cross-site request forgery, clickjacking and cross site scripting attacks.

The problem is that with many clientless SSL-VPN implementations, users could potentially be free to visit any site they want. Since they've logged into their VPNs and potentially have access to VPN resources such as files shares etc, then all of that could potentially be at risk, if the same origin policy is violated.

Cisco short on Tandberg shares, extends deadline

By Sean Kerner   |    December 02, 2009

cisco.gif
From the 'Unbelievable Exchange Rules' files:

I've covered many of Cisco's acquisitions over the last 7 years and I've never seen one like Tandberg. 

Today Cisco revealed that they have 84 percent of the voting shares of Tandberg committed to the deal, which normally would be more than enough to complete any acquisition, in any other jurisdiction, anywhere in the World, but not Norway.

Apparently, Cisco needs to have 90 percent of the voting shares in order to close the deal.

This is a deal that was first announced on October 1st with a $3 Billion bid by Cisco for the video conferencing vendor. Six weeks later, after running into some shareholder resistance, Cisco did the unthinkable and upped the bid by an additional $400 million bringing the total bid to $3.4 Billion.

At the time of $3.4 Billion bid, Cisco also extended the deal offer to December 1st, which if you check your calendar was yesterday.

The deal offer has now been extended (again) until December 3rd.

Why Red Hat doesn't see CentOS as a Linux rival

By Sean Kerner   |    December 02, 2009

centos_icon_60.png
From the 'How Linux Vendors Make $' files:

I wrote a story yesterday about CentOS (the Red Hat Enterprise Linux clone) getting commercial support from OpenLogic. One thing that isn't in the posted story, that I've always been curious about, is why Red Hat itself doesn't go after CentOS users in an effort to convert them to paid Red Hat support.

Today, I got an answer on that question from Red Hat's Marco Bill-Peter, vp Global Support Services.

"We are not actively chasing users of CentOS, but rather find that
enterprises are naturally turning to Red Hat for the value of the Red
Hat subscription model and support," Bill-Peter said.

I personally find that a little 'interesting' especially in light of the comments made by Red Hat's CEO and CFO during recent quarterly investor conference calls. As an overall sales strategy, Red Hat is pursuing the free-to-paid opportunity.  

During Red Hat's third quarter fiscal 2009 conference call CEO Jim Whitehurst said that one of the top 25 deals closed by Red Hat
during the quarter was one where the user moved from a Free version of
Linux to a paid Red Hat Enterprise Linux subscription. Whitehurst
pegged the deal at "6 figures" for a single year.

Open Source digg-clone Pligg plugs security holes

By Sean Kerner   |    December 01, 2009

pligg_small.gif
From the 'Web Apps at Risk' files:

Pligg, which is an open source attempt at a Digg-like social networking voting site application is being updated this week for some serious security vulnerabilities.

As opposed to many other vendors/projects which typically release an update alongside security advisories, that's not the case with the new Pligg 1.0.3 release. The full security advisory isn't coming out until tomorrow (Dec 2) giving Pligg users (and there are a whole lot of them) a running head start on potential attacks.

Security researchers from firms big and small have been saying for the
last few years that it is web applications that pose the greatest
security risk to users.  That's because an attacker only need take
advantage of one site to infect potentially thousands of the infected
site's users.

"Shortly after the 1.0.2 release we were alerted to a vulnerability reported by Secunia and third party researcher Russ McRee," the Pligg blog states.

I think fixing before advising is the right approach both for Pligg and quite frankly for all applications. It's always a race between hackers and users whenever a patch comes out at the same time as an advisory.

What will Fedora 13 Linux be named?

By Sean Kerner   |    December 01, 2009

fedora-logo.png
From the 'Linux Nomenclature' files:

Among the bits of minutiae that I personally find entertaining about the Linux distribution release cycle is how different distros come up with their respective release names.

Ubuntu with its 'interesting'  animal inspired names like Dapper Drake and Karmic Koala gets its names from it's Dictator-for-Life Mark Shuttleworth.  Rival Linux distribution Fedora doesn't have such an autocratic approach to naming. Instead the process (like much of the distro itself) is driven by the community. It's a process that is now gearing up for 2010's Fedora 13 release.

The recent Fedora 12 release was codenamed 'Constantine' and the prior Fedora 11 release was called Leonidas.

The way the naming works is there is a certain relationship between the names. According to Fedora:

"Leonidas -> Constantine -> <new name>? Constantine is a <blank>, and so is <new name>. The link between Leonidas and Constantine was 'both are
townships in St. Joseph County, Michigan, USA.' The link between
Constantine and the new name must be different than that link, and different from any other previous link."

Yeah, I know when I think of Leonidas and Constantine I think of the historical figures, not the township in Michigan.

So what will Fedora 13 be called? There are now 7 candidates that the Fedora community will vote on.