Blog ArchivesDecember 31, 1969
Mozilla Firefox 4 Beta 12 fixes 659 bugs, including big memory leakBy Sean Kerner | February 25, 2011
Mozilla is out now with Firefox 4 Beta 12 and it fixes a very, very, very long list of bugs.
By my count it fixes at least 659 identified bugs (count 'em yourself if you want..).
The improvements are also non-trivial and deal with stability and performance across the board. There are dozens and dozens of crash fixes for all kinds of things and fixes for really odd flaws too.
Among the *odd* flaws that are now fix are:
|626940||Zoom out transition doesn't show if repeats zooming in and out of the same item|
|635142||<strong> not showing bold text|
This Beta also takes very specific aim at improving Flash player and other add-ins stability and performance within Firefox 4.
For me thought there is one fix that stands out about the 658 others and it's one for a memory leak issue which, I know lots and lots of people have complained about, Bugzilla entry 630932, "High memory usage by the JS Engine even with no tabs open for > 12 hours "
LibreOffice updates to 3.3.1By Sean Kerner | February 24, 2011
One of the promises of the open source LibreOffice office suite was that it would fix more bugs, faster than the OpenOffice.org project it was forked from.
It looks like that was a promise that LibreOffice intends to keep.
LibreOffice 3.3.1 is out this week, barely a month after 3.3 was released. I don't recall OpenOffice incremental releases ever being quite this fast.
The 3.3.1 update is mostly a bugfix update though users will also notice some new colorful icons that come from The Document Foundation's new branding guidelines. The icons are part of the path away from the project's Sun/Oracle past towards it's own distinct LibreOffice future.
Google Chrome expands Omnibox with APIBy Sean Kerner | February 23, 2011
The Chrome omnibox is one of the most distinctive features of Google's open source browser. While Mozilla Firefox has it's 'Awesome Bar' which kinda/sorta is a similar idea, Chrome's Omnibox gets rid of the search dialogue box that Firefox has and puts everything into the Omnibox.
The Omnibox approach is a powerful one - for Google - and now it's going to be powerful for developers too, thanks to an Omnibox API.
"The omnibox API lets extension developers add their own keyword command
to the omnibox," When the user types a query prefixed by this keyword,
the extension can suggest potential completions and react to the user's
That's cool and it's also long overdue in my opinion.
Google claims 'fair use' of Java against OracleBy Sean Kerner | February 18, 2011
I'm not a lawyer and I don't pretend to be one, but the latest round of back and forth in the Oracle/Google battle over Java in Android is really.....interesting (to say the least).
In a series of legal filings this week, Google's attorney's have both asked the U.S. Patent and Trademark Office (USPTO) to re-examine Oracle's patents while also claiming that even if the patents are valid - Android is using them under 'fair use' provisions.
Fair Use - is always a dicey subject in my opinion. In any event this is what Google's legal counsel wrote in their filing dated Feb 16th (and thankfully put on the web by great people at Groklaw):
To the extent that any protectable elements of the Works are used in Android, such use would also qualify as a fair use under 17 U.S.C. �� 107. The Works are technical works subject to limited copyright protection, and Oracle has only identified a very small portion of the Works as allegedly being copied. Android's use of those portions is for functional technical reasons, is needed for interoperability, and is transformative, resulting in a new and significantly different work.
The bottom line in this whole case has to do with only one thing in my opinion.
Google Chrome gets cranked to 11, improves XSS AuditorBy Sean Kerner | February 18, 2011
Google's open source Chrome browser is revving up -- again. Chrome 11 dev-channel is now out as Chrome 10 is now being promoted to Beta.
The other big new item in Chrome 11 is an improved XSS Auditor. This is a Cross Site Scripting (XSS) protection feature and when it's complete will be a major step forward for Chrome browser security.
Red Hat Enterprise Linux 4.9 marks the end of 4.xBy Sean Kerner | February 17, 2011
After 6 plus years of service, Red Hat is moving its Red Hat Enterprise Linux 4 (RHEL 4) into a bug and security fix maintenance phase. The move follows the release of RHEL 4.9 which is the last update of RHEL 4.x that will include new features and hardware support.
According to Red Hat, RHEL 4.9 included 200 updates including an update version of SystemTap.
RHEL 4 was first released back in 2005 and was the first version of RHEL to be released after Red Hat discontinued its Red Hat Linux line (which has since transitioned to become the community Fedora Linux distro).
RHEL 4 also marked the debut of SELinux which has been significantly enhanced over the years to be both more usable and powerful to secure enterprises. RHEL 4 was also the first version RHEL to have the 2.6 Linux kernel.
December 31, 1969
Mozilla losing Director of Firefox, Mike BeltznerBy Sean Kerner | February 14, 2011
Mozilla's Director of Firefox, Mike Beltzner announced this AM that he plans to leave Mozilla.
For me Beltzner has been THE POINT MAN on Firefox dev stuff for the last several years. He's been the guy I met with at the Mozilla Toronto office and he's usually the final word on Firefox development.
I personally have always respected and admired his articulate comments and insight into Firefox and the broader world of open web developments.
Beltzner notes in his farewell post that he's not leaving immediately and that he'll stick around until Firefox 4 is out the door (which isn't that far way...hopefully).
While this is a loss for Mozilla, the great strength of Mozilla is its depth on the bench. There are many leaders at Mozilla (including the 'other' director of Firefox, Johnathan Nightingale) that will likely be stepping up (even more than they already have..).
I'll be curious to see - how and if Mozilla does in fact restructure their organization as a result of Beltzner's pending departure.
Firefox 4 knows about:me (and you)By Sean Kerner | February 11, 2011
I'm a big fan of data analytics which is why back in 2009 I was excited about a new potential Firefox feature called about:me.
The basic idea was that the about:me call would provide users with information about their browsing habits and usage.
Originally about:me was a feature that was under consideration for direction integration with Firefox 3.6, but that didn't happen. Instead about.me became an add-on for Firefox 3.6.x.
This week, at long last, about.me is now available as an add-on for Firefox 4 too.
This is a great relief to me, as it means that about:me has a future.
Too many 'maybe-features', like Mozilla Prism for example, get relegated to the add-on dustbin, never to progress to Firefox 4 (there is no Prism add-on for Firefox 4 which is a real shame).
December 31, 1969
Mozilla Firefox 4 Beta 11 doesn't track you, brings WebGL to LinuxBy Sean Kerner | February 08, 2011
Mozilla's is out with another open source milestone of its next generation Firefox 4 browser. Beta 11 isn't just a bug fix this time either, it actually adds in a significant new feature with Do Not Track.
What Feature Freeze???
Yeah I know staggering to think that developers will still add features at the Beta 11 stage, that's just madness. No wonder this release is taking so long to hit general availability. Then again, the recent betas have been so solid and stable, a beta release for Firefox 4 would be a major release for its competitors.
Do Not Track is an interesting idea, but it's one that relies on other parties in the web ecosystem to implement fully. That said, we should all applaud Mozilla for trying.
Linux users also get a major boost, with the inclusion of WebGL for hardware accelerated graphics.
All told, Beta 11 fixes 348 bugs, which is a decline from the 500 plus of Beta 10 and almost half the 600 plus that were in Beta 9.
Not far now...
Couch merges with Membase in Couchbase NoSQL team-upBy Sean Kerner | February 08, 2011
In a move that is all about scalability- memcached vendor Membase is merging with NoSQL vendor CouchOne. The new company will be called Couchbase.
CouchOne is the commercial entity led by CouchDB founder Damien Katz. I've written about CouchDB a few times over the years and I use the database myself (as do millions of Ubuntu users) everyday. CouchOne started off as a company called Couchio, before it changed its name in 201.
Membase on the other hand started out as memcached vendor NorthScale that grew their own NoSQL/memcached database, called ..Membase.
Personally, I had always thought that CouchDB already had pretty decent scalability, but the new merger aims to expand that.
Wordpress 3.0.5 updates for 5 security issuesBy Sean Kerner | February 08, 2011
The open source Wordpress blogging platform is out with version 3.0.5, a new update fixing at least five security issues.
Two of the issues are Cross Site Scripting (XSS) flaws which I personally consider to be serious. Wordpress considers the issues to be *moderate*. In general for me, an XSS flaw that can be triggered by non-admins is a serious issue.
There is also a fix for an information disclosure issue that Wordpress warns, could have enabled a non-admin author to view posts that they aren't authorized to see.
The other two security issues that Wordpress 3.0.5 addresses are actually enhancements to further improve security on the blogging platform.
One of them is a new feature that forces HTML filtering on comment text in the admin. The other is a hardened check_admin_referer() when called without arguments, which plugins should avoid. Both improvements are what Wordpress in their release notes refer to as 'defense in depth' techniques to further improve security.
Debian Squeeze(s) out a new release - Not just for Linux anymoreBy Sean Kerner | February 07, 2011
From the 'Out of the Toy Story box' files:
Over the weekend, Debian 6 - aka - Squeeze, was officially release after two years of development.
Normally when a new distro comes out the first thing that I write about is all the 'new' Linux features. With Squeeze the most notable new feature isn't actually Linux related, it's a new Debian
GNU/kFreeBSD tech preview.
That's right, Debian is going BSD.
"Debian 6.0 Squeeze introduces technical previews of two new
ports to the kernel of the FreeBSD project using the known Debian/GNU userland:
Debian GNU/kFreeBSD for the 32-bit PC (
the 64-bit PC (
kfreebsd-amd64)," the Squeeze announcement states. "These ports are the first
ones ever to be included in a Debian release which are not based on
the Linux kernel. The support of common server software is strong and
combines the existing features of Linux-based Debian versions with the
unique features known from the BSD world."
That's a really big deal.
Wanted: Google Chrome Hacks. Reward: $20,000By Sean Kerner | February 03, 2011
The PWN2OWN hacking competition has been rewarding security researchers for finding flaws in web browsers for years, but never like this.
For the 2011 iteration of the contest, Google is upping the ante by offering $20,000 to the security researcher that can successfully demonstrate a security flaw in Google Chrome.
Yeaah, they've got guts (and brains too).
Now I know what you're thinking - it's not that hard to hack a browser by way of plugins right? Well that's true, and Google won't consider those to be flaws worth $20,000 either.
"On day 1, Google will
offer $20,000 USD and the CR-48 if a contestant can pop the browser and
escape the sandbox using vulnerabilities purely present in
Google-written code," the PWN2OWN contest rules state. "If competitors are unsuccessful, on day 2 and 3 the
ZDI will offer $10,000 USD for a sandbox escape in non-Google code and
Google will offer $10,000 USD for the Chrome bug. Either way, plugins
other than the built-in PDF support are out of scope."
Mozilla Prism goes ChromelessBy Sean Kerner | February 02, 2011
Back in 2007, Mozilla launched the Prism effort to create web applications that could run on the desktop. Essentially Prism offered users a way to run a browser loaded to a specific web application.
After a couple of years of active development, Prism development stalled in February of 2010 and there have been no updates about the project or its releases -- until now. Prism could run as an add-on for Firefox (but only 3.6.x and not 4), and as such Firefox 4 Beta users have been missing out on what I believe to be - a fantastic Mozilla technology.
I personally have no idea why Mozilla stopped working on Prism or why it didn't get updated to the Firefox 4 era. The first news that I've seen on Prism in nearly a year came this week with the announcement from Mozilla that Prism is now being integrated into Chromeless -- Mozilla's effort to enable users to build thin browsers.
Interesting idea - but a mistake (in the short term) in my view.