RealTime IT News

Blog Archives

Mozilla sprints to improve developer documentation

By Sean Kerner   |    January 27, 2011

mdn-logo.png
From the 'Good Documentation' files:

For the last six plus months, Mozilla developers have been focused on building Firefox 4. That's not the only effort that Mozilla is now sprinting to complete, developer documentation at the Mozilla Developer Network (MDN) is now also being completed.

Instead of a 'code sprint', MDN is having a doc sprint - starting Jan 28th and running for 34 hours until Jan 29th.

The list of docs that Mozilla is aiming to get written include JavaScript, extension development, CSS and XHTML/HTML references.

If you decide to participate - for your efforts Mozilla will send you a T shirt.

The important thing to note about the doc sprint - is that open source isn't just about code contributions. Open source also requires writers and people that have the time and energy to write documentation too.

The doc sprint starts at 6 AM PT on Jan 28th and runs until Jan 29th 4 pm PT and is being co-ordinated on IRC at : #devmo on irc.mozilla.org.

Mozilla updates Firefox 4 Beta 10 with 506 bug fixes

By Sean Kerner   |    January 26, 2011

firefox.png
From the 'Bug Extermination' files:

There are a lot of bugs in Firefox 4. Mozilla this week updated the next gen Firefox browser to Beta 10, quashing no less than 506 bugs.

Yeaaah, it sounds like a lot, but you have to remember it's an improvement over the 661 bugs fixed in Beta 9.

On one hand, it's great that so many bugs are being exterminated. On the other hand, it's absolutely shocking that so many bugs remain this late in the process.

Taking a deeper look at the 506 bugs fixed in Beta 10 reveals a tonne of stability fixes. One of my favs is Bug #607231 Closing tabs from browser window causes tab group layouts to be borkedAnother Tab Grouping fix is bug #608223 Tab groups not restored after Force Quit / Crash. Those two bugs (and a pile others that seem similar) are the reason why I personally have avoided the Panorama (Tab Candy) feature in recent Betas, so it's great that this is now resolved.

Fedora Linux suffers a security incident - compromise risk is minimal

By Sean Kerner   |    January 25, 2011

fedora-logo.png
From the 'Dodging Bullets' files:

The Red Hat sponsored Fedora community Linux project has suffered a security incident in which its infrastructure was compromised.

No need to worry, too much - according to Fedora the risk is minimal.

"At this time, the Infrastructure Team has evidence that indicates the account
credentials were compromised externally, and that the Fedora Infrastructure was
not subject to any code vulnerability or exploit," Fedora Project Leader Jared Smith stated.

Long story short is that a Fedora contributor had his/her credentials stolen and then an attacker began to use those credentials to attempt to tamper with the Fedora infrastructure. Due to the limited privileges of the exploited account (and some good luck) it appears as though there has been no risk to Fedora's build or infrastructure.

This story could have ended up far differently.

Mozilla aims to end online tracking, improve privacy - Will it work?

By Sean Kerner   |    January 24, 2011

firefox.png

From the 'TOR to the Rescue' files:

Websites and online service track what you and I do -- that's how some of them make their money. Is it a privacy violation? Maybe.

In an effort to help protect user privacy, Mozilla is now launching a - Do Not Track - effort which has the potentially to revolutionize user privacy (and potentially wreck many advertising revenue models).

"As the first of many steps, we are proposing a feature that allows users
to set a browser preference that will broadcast their desire to opt-out
of third party, advertising-based tracking by transmitting a Do Not
Track HTTP header with every click or page view in Firefox," Alex Fowler Global Privacy and Public Policy Leader at Mozilla wrote in a blog post. "When the
feature is enabled and users turn it on, web sites will be told by
Firefox that a user would like to opt-out of OBA. We believe the
header-based approach has the potential to be better for the web in the
long run because it is a clearer and more universal opt-out mechanism
than cookies or blacklists."

That's right - a header based solution. So no, it's not going to solve the problem any time soon, but it might -- eventually.

As Fowler points out, a header based solution is cleaner, but it's something that first needs to be implemented in the browser -- and that's where this plan falls apart, in the short term at least.

Firefox continues to gain share, but it shares market with IE, Safari, Chrome and Opera. For this header based approach to work, all of the major browsers would have to implement this same technology.

VideoLAN updates open source VLC 1.1.6 video for security, VP8

By Sean Kerner   |    January 24, 2011

video-lan.jpg
From the 'Time to Update' files:

VLC is among the most popular open source video players. According to the VideoLAN project, the 1.1.5 release has had 58 million downloads.

Now it's time for those 58 million downloaders to update to VLC 1.1.6, for some security, bug and stability fixes.

The security issue stems for a buffer overflow condition in the Real Media demuxer.

VLC can play Real Media -- in addition to just about any type of audio or video file format - which is what makes it such a powerful application for any platform - Linux or Windows (but apparently not iOS..)

There have also been some improvements made to KDE and PulseAudio integration as well.

Google Chrome 10 advances with new V8 3 JavaScript engine

By Sean Kerner   |    January 21, 2011

googlechromologo.jpg
From the 'Big Iron Engine' files:

Google is updating its dev-channel version of the Chrome browser this week with an updated JavaScript engine and a long list of bug fixes.

Chrome 10.0.642.2 is an update for Windows, Linux and Mac and includes the new V8 version 3.0.7.0 JavaScript engine.

The new version of V8 includes performance improvements on the IA32 (x86) platform as well as enhancing the debugger.

It's not clear to me how much of a performance delta there is between V8 3.x and its predecessors, but I don't doubt that once Chrome 10 hits beta that Google will be sure to trumpet its speed.

Forget about HTML 6 - HTML5 is the last 'version' of HTML

By Sean Kerner   |    January 20, 2011

HTML5_Logo_128.png
From the 'Dumb Ideas' files:

HTML5 (yeah with its new logo), could be the last 'version' of HTML.

Ian Hickson, one of the key authors of the HTML5 specification noted that starting with HTML5, "..the technology is not versioned and instead we just have a living document that defines the technology as it evolves."

In my view that's obscene.

How is any web developer supposed to know if they are HTML5 compliant if the spec is always changing?

Sure there is a baseline and sure what that plan calls for is additions (not deletions), that said it is the version number or even revision number that keeps things somewhat sane for web developers. Without a target to peg a web dev effort against, developers will always be running on a treadmill that will never stop.

While I don't agree with the approach, for better or for worse, as Hickson points out - HTML5 has already been operating like this for some time. There is no final HTML5 spec as I've written many time - and there likely never will be one either.

Linux 2.6.38 eliminates last main global lock, improving performance

By Sean Kerner   |    January 19, 2011

tux.jpg
From the 'Unlocking Linux' files:

The first release candidate for the upcoming Linux 2.6.38 kernel is now out and it could further improve Linux performance.

With 2.6.37, the Big Kernel Lock (BKL) was removed, but apparently there is at least one more big global lock that needed to come out. In 2.6.38 there is a new RCU (Read/Copy/Update)-based path name lookup.

"It's some seriously good stuff, and gets rid of
the last main global lock that really tends to hurt some kernel loads," Linus Torvalds commented about the RCU lookup.

Torvalds added that the new lookup improves kernel performance by as much as 30 to 50 percent in some cases.

Xfce 4.8 updates open source Linux desktop

By Sean Kerner   |    January 18, 2011

xfce_logosmall.png

From the 'Small Footprint' files:

The Xfce open source desktop is out with its first major update in two years this week. Xfce 4.8 brings the low-resource desktop into the modern era and provides usability improvements across the board.

"Xfce 4.8 is our attempt to update the Xfce code base to all the new
desktop frameworks that were introduced in the past few years," The Xfce development team wrote in a statement. "We hope
that our efforts to drop pieces like ThunarVFS and HAL with GIO, udev,
ConsoleKit and PolicyKit will help bringing the Xfce desktop to modern
distributions."

Remote file share access has been dramatically improved, which has long been a sticking point for me. Additionally, the new release promised to reduce window clutter as well.

A rewritten panel application is a big help improving the launcher experience and developers are also claiming the settings dialogs have also been improved. Yup, that means that Xfce just might be able to work on your monitor now too (am I the only one that struggled with that in the past?).

HTML5 gets a logo, will it help adoption?

By Sean Kerner   |    January 18, 2011

HTML5_Logo_128.png
From the 'Nice Logo, But Where's the Final Spec?' files:

A logo is a critical element of a brand. Now the W3C is attempting to brand the emerging HTML5 web standard with a new logo.

Looks decent enough to me, and considering that HTML 4 and XHTML (transitional or otherwise) never had any such 'brands', this is a new step for web dev standards, kinda/sorta.

Much of the debate lately around HTML5 has centered around the video and audio tags that HTML5 introduces -- but those are just small parts of a much larger and robust reworking of the web. Canvas and CSS3 (I know now a little outside, but..) effectively remake the way web developers have been building sites and for Apple (at least) help to enable an effective replacement for Adobe Flash.

The problem with HTML5 continues to be the fact that the specification is not yet complete and frankly considering the lack of consensus on some items -- it might still take awhile.

Firefox 4 Beta 9 now out fixing 661 bugs.

By Sean Kerner   |    January 14, 2011

sr-firefox3.jpg
From the 'Are We There Yet?' files:

Mozilla today officially released Firefox 4 Beta 9 and it's a big improvement over previous betas and a parsec beyond the Firefox 3.6.x experience.

At this stage, after months of development, Mozilla developers are clearly nearing the end of this development marathon. If this had been Google, the 9 Betas would like have been broken up in to 5 (or more) stable releases -- there are just sooo many new features.

For Beta 9, by my count of the buglist, there are some 661 items that were fixed for this beta.

That's staggering. Especially at this point in the release cycle.

Open source vendor venture funding tops $4 billion

By Sean Kerner   |    January 14, 2011

tux.jpg
From the 'Free Software =$$' files:

Since 1997 private investors have bet on open source related vendors and technologies.

How much has been invested in the last 13 years?

According to an analysis by The 451 Group, over $4 billion had been invested in 543 deals spread across 216 open source related vendors.

That doesn't sound like all that much to me, considering the length of time we're talking about. That said, the amount is still non-trivial and clearly shows that investors have an appetite for open source investment.

It's an appetite that seems to have picked up in the fourth quarter of 2010, with nearly $152 million raised during the quarter for a 74 percent increase on a year-over-year basis. According to The 451 Group, there were 16 funding deals in the fourth quarter of 2010 with an average deal size of nearly $11 million.

Overall 451 Group analyst Matthew Aslett reports that for 2010 private investment in open source related vendors hit $466 million, which is the third best year ever for open source funding.

In my opinion, it would appear as though the recession recovery is helping to fuel interest in open source vendors. There are also some clear winners that have emerged in the last years with vendors like Cloudera (backing Apache Hadoop) gaining both mind and market share.

It will be interesting to see if 2011 will continue the positive trend that 2010 started with increasing flows of capital moving to open source technologies.

Red Hat Enterprise Linux 5.6 now out - EXT4 now fully supported

By Sean Kerner   |    January 13, 2011

redhat.png
From the 'Incremental Open Source Update' files:

Red Hat is out today with the GA release of Red Hat Enterprise Linux 5.6 (RHEL).

After the big launch of RHEL 6 last year though, there isn't a whole lot to be excited about in the latest 5.x release. That said RHEL 5.x users that aren't in a position to move to RHEL 6 will likely be very happy with the update.

Each incremental update of RHEL always brings with it additional driver and bug fixes, which make them important for users.

Among the updates that I find interesting from a server perspective is an update to BIND 9.7 for DNS, which has improved DNSSEC capabilities. As DNSSEC is now enabled in the root zone of the Internet, the time for all DNS servers globally to be DNSSEC enabled is here.

The other interesting thing to note is that EXT4 finally is fully supported for RHEL 5.x with the 5.6 update. In previous RHEL 5.x releases, EXT4 was considered to be a technology preview. EXT4 offers significant performance and reliability improvements over EXT3. RHEL 6 as well as Fedora 14 already provide full support for EXT4, so it's great to see this finally land as a fully supported feature for RHEL 5.x users.

Open source Wireshark sniffs new 1.4.3 network traffic

By Sean Kerner   |    January 12, 2011

wireshark.png
From the 'What's That Smell?' files:

If you've ever had to audit/capture network traffic, you've likely used the open source wireshark (formerly Ethereal) application.

Wireshark is getting updated this week to version 1.4.3, providing some really interesting fixes. I personally use wireshark to audit network traffic and security, but apparently Wireshark itself had a trio of security flaws in it.

The Wireshark 1.4.3 security advisory, details a few conditions which could have led to a buffer overflow or an application termination.

In addition to the security fixes there is a long list of bug fixes for different issues as well as updated protocol support. One of the enhancements comes to DHCPv6, which is the IPv6 implementation of DHCP.

An additional IPv6 improvement comes by way of a bug fix for a delegated IPv6 prefix.

Auditing IPv4 network address is always *fun*, but try it on IPv6 and you better have some strong coffee nearby. Luckily with Wireshark analyzing IPv6 traffic - or nearly any protocol for that matter - is something that is open source and very accessible.

Google dropping H.264 support in Chrome. Big Mistake?

By Sean Kerner   |    January 11, 2011

googlechromologo.jpg
From the 'Disambiguation:open' files:

Google is dropping support for the near ubiquitous H.264 video code in Chrome.

That's right folks, you'll have to choose your platform based on what content you want to use. If you want Flash you can't run Apple iOS and if you want H.264 forget about Chrome.

That's nuts.

Google Product Manager that Chrome's HTML5 <video>
support will be limited to the new WebM (VP8)
and open source Theora video codecs.

"Though H.264 plays an important
role in video, as our goal is to enable open innovation, support for the
codec will be removed and our resources directed towards completely
open codec technologies," Jazayeri wrote.

This makes no sense to me as it will create a content divide for users, while providing additional complexity and frustration for developers. Apple and Microsoft in one corner versus Google and Mozilla in the other?

Google's short URL service gets an API - Finally!

By Sean Kerner   |    January 11, 2011

google_code_labs.gif
From the 'End of Bit.ly?' files:

Google has had its own goo.gl URL shortening service since September -- though until now the only way that users could use it was via a web interface.

Now Google is expanding Goo.gl with a new API so that the service can be leveraged by third parties (thing Twitter clients, blogs etc, etc).

"With this API, developers are able to programmatically access all of the
fast, sleek goo.gl goodness that we currently provide via the web
interface," Ben D'Angelo of Google's URL shortening team blogged. "You can shorten and expand URLs using the API, as well as
fetch your history and analytics."

Finally!

Zend raises another $7 million for PHP dev

By Sean Kerner   |    January 10, 2011

zendlogo.gif
From the 'How Much Is the Company Worth Now?' files:

Zend, one of the lead commercial sponsors behind the open source PHP development language has raised another $7 million in venture funding.

This latest round is in addition to the $9 million Zend raised in May. No, it's not Facebook money, but it's still not too shabby.

As a private company, we don't know what Zend's revenues are and we don't know exactly how much equity the investors are taking in the company. That said, it is clear that investors see value in Zend -- and rightly so.

2010 was a banner year for the company and they're extremely well positioned to take advantage of the emerging opportunity for cloud infrastructure.

The cloud after all is heavily dependent on the web and PHP is the lingua franca of web applications.

PHP 5.3.5 and 5.2.17 out for critical flaw fix

By Sean Kerner   |    January 07, 2011

php.gif
From the 'Hope You're Not on PHP 4.x' files:

If you're running PHP on your webserver -- and you probably are - you really need to update, NOW.

A critical DoS flaw in PHP that was first reported on December 30, 2010 has now been publicly fixed for all PHP users in the open source PHP 5.3.5 and 5.2.17 releases.

According to commercial PHP vendor Zend, the flaw is related to how PHP handleS an internal
conversion of floating
point numbers. An attacker could potential insert a malicious string into a web browser query string, which could then take down a web server.

Though the flaw has been fixed in the 5.3.x and 5.2.x PHP branches, according to Zend, this vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.

WOW.

Zynga acquires Flock browser

By Sean Kerner   |    January 06, 2011

zynga.png
From the 'Tending the Farmville Flock' files:

Social gaming vendor Zynga, best known for Farmville and other Facebook games is acquiring privately-held browser vendor Flock. Financial terms of the deal are not being publicly disclosed.

"Flock's dedication to its products and users allowed us to achieve over
10 million users around the world with two products on the Facebook top
10 list of the most popular desktop apps," Flock's Shawn Hardin blogged. "We thank our users for their
unwavering support and dedication, and we're thrilled to be going to a
platform that shares our passion for combining great user experience and
technology."

Flock is a social browser that originally was based on Firefox/Gecko but has since moved to Chrome/WebKit as its base. Personally, I never really understood the point of Flock (or its recent competitor RockMelt), to me, they both just look/feel like Firefox/Chrome with a different theme and some default add-ons.

Google Chrome 9 hits beta, Chrome OS changes in the mix.

By Sean Kerner   |    January 05, 2011

googlechromologo.jpg
From the 'First Browser Release of 2011' files:

The new year has barely started and Google is now out with the first browser milestone release of 2011. Chrome 9 Beta (officially build 9.0.597.42 for Windows, Mac, Linux and Chrome Frame) is now available to Beta-channel users of Google's browser. This is the second public Beta release, following the 9.0.597.19 build that debuted in December.

With the Beta release now available, a stable Chrome 9 could be out inside of the end of January as Google has a very aggressive and agile development and release cycle.

So what's new in the latest Chrome 9 Beta?

Lots of bug fixes and some fixes that look like they are clearly intended just for Chrome OS.

Has Mozilla Firefox passed Microsoft IE?

By Sean Kerner   |    January 04, 2011

sr-firefox3.jpg
From the 'It's About Time' files:

I remember well, back in 1996 when Netscape's browser share was in the 80 percent plus range. Back then IE 3 (and then later versions) were the underdog.

We all know what happened next.

But flash forward 14 years and it looks like for the first time, Netscape's successor - the open source Mozilla Firefox browser - may have just retaken the browser share crown, kinda/sorta.

According to analytics vendor StatCounter, for the month of December 2010 for European browser share,  Firefox came in at 38.11 percent while IE came in second at 37.52 percent.

"This is the first time that IE has been dethroned from the number one spot in a major territory," commented Aodhan Cullen, CEO, StatCounter in a statement. "This appears to be happening because Google's Chrome is stealing share from Internet Explorer while Firefox is mainly maintaining its existing share."

StatCounter's analysis in my view is flawed.

In my personal view, the decline of IE in Europe has everything to do with the Browser Ballot choice screen that European Windows users get.

Open source Wordpress users advised to upgrade to 3.0.4

By Sean Kerner   |    January 03, 2011

wordpresslogo.jpg
From the 'U.S. CERT' files:

U.S. CERT is out with a note this morning advising users of the open source Wordpress cms to update to the new 3.0.4 release.

This new release follows the recent 3.0.3 update in early December -- itself a quick update to the 3.0.2 update of late November.

"WordPress.org has released
WordPress 3.0.4 to address a vulnerability in the HTML sanitation
library," U.S. CERT states." Exploitation of this vulnerability may allow an attacker to
insert arbitrary HTML and script code into the browser session.
"

Yeah, that's pretty darn serious -- so if you're running Wordpress, update immediately (and check to make sure you haven't already been exploited).

Wordpress developers do a fantastic job of responding and updating the application to threats, which is likely why the last three incremental point updates to Wordpress have all come so quickly.

Instead of *waiting* to bundle all known vulnerabilities into a *big* update, Wordpress developers have taken the initiative to update rapidly to protect their users.

Mozilla updates Firefox Sync 1.6.1

By Sean Kerner   |    January 03, 2011

firefox-sync.jpg
From the 'Sync This' files:

Mozilla continues to make improvements to its Firefox Sync technology with each incremental release. The new Firefox Sync 1.6.1 update is no exception, and improves on the synchronization experience.

Among the improvements that Mozilla's release notes detail for Firefox 1.6.1 are a pile of bug fix and performance improvements.

Somewhat ironically however, when I first got prompted to update Sync, the add-on update failed (from a 'cold' start). On second try, after the browser had already loaded, the update did work (I tried this on three different computers, one Windows and two Linux) - so apparently there are still some stability and bug fix issues that remain to be fixed.

That said, Firefox Sync has become an essential component of my browsing life and I literally could not work (well) without it.