RealTime IT News

Blog Archives

Google AppEngine 1.4.3 brings Java and Python runtimes closer to parity

By Sean Kerner   |    March 31, 2011

From the 'Google Cloud' files:

When Google's AppEngine first debuted, it was all about Python. A year after launching, Google decided to expand to Java, though there has always been a gap between the two languages.

The new AppEngine 1.4.3 is an attempt by Google to bring the Python and Java runtimes closer to parity.

For Python users, they now get a Testbed Unit Test Framework which is similar in function to the Java Testing Framework already in AppEngine.

For Java users, they now get the benefit of concurrent requests.

"Until now, Java applications relied on
starting additional instances to dynamically scale up for higher traffic
levels," wrote in a blog post." Now with support for concurrent requests,
each application instance may serve multiple user requests at the same

Concurrency is a critical feature for any type of cloud deployment. It's an area that AppEngine has been steadily improving over the last year or more. The AppEngine 1.3.6 update for example added multi-tenancy support.

Another key new feature in AppEngine 1.4.3 is something called, Prospective Search. According to Google, Prospective Search will enable developers to build services that function
like Google Alerts. 

Linux 2.6.39 RC1 debuts new block device plugging model

By Sean Kerner   |    March 30, 2011

From the 'Merge Window Closed' files:

The first release candidate for the Linux 2.6.39 kernel is now available. As always, it's full of driver and filesystem updates.

From a performance perspective there is a new block device plugging model.

"It makes plugging a
per-thread thing and cleaned up the code considerably," Linus Torvalds wrote in a mailing list posting. "It also avoids
lots of locking in a very hot path, and should generally be a really
good idea."

There are still likely at least six more RC before 2.6.39 will be final, but the timing is likely to bring it out past the next cycle of Linux distribution releases from both Red Hat Fedora and Ubuntu.

Both Fedora 15 and Ubuntu 11.04 are on track to use the recently released Linux 2.6.38 kernel, which introduced some significant performance gains.

Firefox 4 Android debuts - will you use it instead of Chrome?

By Sean Kerner   |    March 29, 2011

From the 'No Apple Version' files:

A week after the desktop version, Firefox 4 for Android is now out. The general idea is to provide Android users with the same Firefox experience they get on the desktop.

No there isn't an Apple iOS version and from what Mozilla has told me and publicly stated multiple time, one isn't coming either.

Android users generally have Google's Chrome browser already and I suspect that those that are already using Chrome on the desktop won't be likely to switch. They aren't however, Mozilla's target market in my view.

Mozilla Firefox 4 Android is likely best suited for users of Firefox 4 on the desktop. With Firefox Sync the desktop and mobile experience can be linked, sharing tabs and preferences as users moved from desktop to wireless.

To the best of my knowledge, this is also the first time that Mozilla has shipped a mobile browser that so closely tracks the latest desktop Firefox release.

Mozilla's previous attempts at mobile browsers haven't been all that successful.In my view, part of that reason has to do with platform choice and the other with features.

By tracking Firefox 4 and providing mobile users with an extension of the desktop experience, this is likely to be a very successful release for Mozilla.

Amazon extends cloud with new player and storage

By Sean Kerner   |    March 29, 2011

From the 'Not Just AWS' files:

Amazon is a name that was once all about the online book trade. It is now a name that is synonymous with Cloud. Amazon EC2 and S3, Amazon's best known cloud services though have been mostly targeted at enterprise developers, but that is now changing with the new Cloud Player and storage service that Amazon is debuting today.

In my view this creates the first real competitor to iTunes on the music side and will also compete against the myriad of backup services (many of which leverage S3) with the Cloud Drive service.

launch of Cloud Drive, Cloud Player for Web and Cloud Player for Android
eliminates the need for constant software updates as well as the use of
thumb drives and cables to move and manage music," said Bill Carr, vice president of Movies and Music at Amazon in a statement. "Our customers have told us they don't want to download music to their
work computers or phones because they find it hard to move music around
to different devices."

While Apple has a real lock with iTunes and its direct connect to iOS, Google doesn't have such a lock. These new Amazon services could well displace Google and its nascent music ambitions before they're even born. Amazon's new cloud services are also specifically targeting PC and Android users.

Java Founder Gosling going to Google

By Sean Kerner   |    March 28, 2011


From the 'Ex-Sun Employee' files:

Google's Java credibility is about to get a major boost.

James Gosling, the creator of Java is now a Google employee.

Gosling was among the many former Sun employees that were not happy with the new Oracle ownership. Gosling left Oracle in April of 2010 and has been looking for a home ever since, as far as I can tell.

One of the major things that has changed over the course of the last year is the fact Oracle is now suing Google over Java. How that will now play out with Gosling at Google will likely keep journalists like me very busy over the coming months and likely years to come.

"One of the toughest things about life is making choices," Gosling wrote in a blog post." I had a hard
time saying "no" to a bunch of other excellent possibilities. I find it
odd that this time I'm taking the road more travelled by,
but it looks like interesting fun with huge leverage. I don't know
what I'll be working on. I expect it'll be a bit of everything,
seasoned with a large dose of grumpy curmudgeon."

Will Gosling help drive Google's efforts on the JCP (Java Community Process) for Java 8 and beyond? I sure hope so.

GCC 4.6 set to Go forward

By Sean Kerner   |    March 28, 2011

From the 'Open Source Compiler' files:

GCC is one of the most important open source applications in use today, enabling developers to compile their programs.

With each incremental GCC release, there always seems to be more speed and stability fixes and that looks to be the case with GCC 4.6 as well.

There are a number of link-time optimization improvements including memory usage and intermediate language streaming performance improvements.

"A new general optimization level, -Ofast, has been
introduced," the GCC 4.6 release notes state. "It combines the existing optimization level -O3
with options that can affect standards compliance but result in
better optimized code. For example, -Ofast enables

Going a step further datastructures used by the dataflow framework in GCC were reorganized
which results in a improved compile

Mozilla: Sorry, we messed up on SSL cert disclosure

By Sean Kerner   |    March 25, 2011

From the 'Full Disclosure' files:

When Mozilla issued Firefox 4 RC 2 last week, the only update was a non-specific SSL cert revocation issue.

At the time, I wrote that I thought it was a big deal, though to be honest, I had no insider information. As it turns out, it was a big deal as the certs in question were from Comodo and affected other major browsers as well. Allegedly the SSL cert issue was an attack perpetrated by the Government of Iran (though I have not seen solid evidence of that myself).

In addition to patching Firefox 4, Mozilla also issued updates for Firefox 3.5 and 3.6.

"As soon as all the patched versions were released, we made a release announcement with some details of the problem," Mozilla stated in a blog post. "Mozilla did not publish the information we received prior to shipping a patch. In early discussions, we were concerned that any indication that we knew about the attack would lead to attackers blocking our security updates as well."

Sounds reasonable enough to me. Though Mozilla now has a different view.

"In hindsight, while it was made in good faith, this was the wrong decision. We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects."

I disagree on that point.

Google Chrome 12 now in dev

By Sean Kerner   |    March 25, 2011

From the 'Firefox 4? IE 9 ? Our Browser is a 12!' files:

True to form, Google is upping the version number for its browser - with a new dev-channel release for Chrome 12 (technically 12.0.712.0).

This is the first Chrome 12 in the dev-channel, though the number of changes are few -- that are user visible at least. Sure there is a new V8 JavaScript engine, then again Google revs V8 multiple times inside of a Chrome release cycle.

There is also a new Tab Multi-Select feature which according to Google, provides,"the ability to select multiple tabs, using the ctrl key, and applying actions (e.g. reload) to them all."

Then of course there is the stuff that we can't see.

"This release contains lots of behind the scenes work (code cleanup and refactorings) in addition to numerous crash and regression fixes," the Chrome 12.0.712.0 release notes state.

How much is an IPv4 address worth?

By Sean Kerner   |    March 24, 2011

From the 'They Paid What?!' files:

Not that long ago, IPv4 addresses were free flowing. Not anymore.

The free pool of IPv4 address space is now gone and there is a premium that is being paid for those addresses. Well at least, Microsoft is paying a premium.

Microsoft is buying 666,624 IPv4 addresses from the bankrupt shell that used to be known as Nortel Networks.

How much is Microsoft paying?

$7.5 million.

So let's do the math, (7.5 milion/666,624 =) $11.25 per IPv4 address. That's right, the value of an IP address is now more than a domain name, go figure.

Of particular note here is the fact that Nortel's bankruptcy team solicited bids from 80 companies, only four of whom actually bid for all 666,624 IPv4 addresses.

Microsoft will not immediately get use of all 666,624 IPv4 addresses.

Pligg 1.1.4 plugs security in open source Digg clone

By Sean Kerner   |    March 24, 2011

From the 'Time to Update' files:

Pligg is a popular open source social voting site (think Reddit or Digg). The open source application is now getting an update to fix a number of security and bug flaws.

The Pligg 1.1.4 update provides fixes for what the project describes as a,"large number of security improvements."  Among those security improvements are items that were reported to Pligg by third parties (hurray for responsible disclosure!).

In addition to the non-specific security improvements, Pligg 1.1.4 also provides a new "Human Check" Anti-Spam module. Pligg previously had an anti-spam module as well an Akismet module that help to also deter spammers from clogging up Pligg sites.

From an admin usability perspective, the statistics widget now provides information on database size, PHP, and MySQL version information.

The 1.1.4 update is the first Pligg update in 2011. The 1.1.3 update debuted at the end of December 2010.

LibreOffice 3.3.2 continues evolution of open source office suite

By Sean Kerner   |    March 23, 2011

From the 'Continuous Innovation' files:

The Document Foundation continues to stick to its commitment of updating LibreOffice at a rapid pace.

Barely a month after LibreOffice 3.3.1 was released, LibreOffice 3.3.2 is now available. This is a stability and bug fix release as well as translation updates.

Alongside the release, The Document Foundation is continuing to promote its openness to new contributions.

"I have started hacking LibreOffice code on September 28, 2010, just a
few hours after the announcement of the project, and I found a very
welcoming community, where senior developers went out of their way to
help newbies like me to become productive,"  Norbert, a French developer living in
the United States said in a statement issued by the Document Foundation. "After a few hours I submitted
a small patch removing 5 or 6 lines of dead code... enough to get my feet
wet and learn the workflow."

The next big release from LibreOffice will be the 3.4 release which is currently set for mid-May.

Google Chrome 11 hits beta with voice to text

By Sean Kerner   |    March 23, 2011

From the 'Dragon Dictation' files:

Not content to let Mozilla developers have their day in the sun with the big Firefox 4 release, Google has upped the ante in the browser wars with Chrome 11 Beta.

While many of the recent Chrome releases have primarily focused on performance gains, Chrome 11 offers users a feature that none of us have ever seen built into a browser before.

Chrome 11 supports the HTML5 speech input API.That's right, speech input - the keyboard isn't the only way to get data into your browser anymore.

"With this API, developers can give web apps the ability to transcribe
your voice to text," Google wrote in a blog post. "When a web page uses this feature, you simply click
on an icon and then speak into your computer's microphone. The recorded
audio is sent to speech servers for transcription, after which the text
is typed out for you."

The potential for this technology is staggering.

Google Chrome FINALLY gets Page Speed

By Sean Kerner   |    March 22, 2011


From the 'What Took So Long?' files:

When I develop websites, I rely on Google's Page Speed (and to a lesser extent Yahoo's Y!slow) add-ons to help improve pages.

Though Page Speed is a Google tool, the vast majority of users use it on Firefox, That could soon change as Google has finally made Page Speed available as a Chrome plug-in.

Google though it going a step further to make Page Speed for Chrome even better than the one that Firefox users use, for not at least.

"We've improved scoring and suggestion ordering to help
web developers focus on higher-potential optimizations first," Google Page Speed developers wrote in a blog post. "Plus,
because making the web faster
is a global initiative, Page Speed now supports displaying localized
rule results in 40 languages! These improvements are part of the Page
Speed SDK, so they will also appear in the next release of our Firefox
add-on as well."

The scoring is actually a pretty big deal. On 'messy' code Page Speed can deliver a dizzying list of suggestions. With an improved scoring mechanism, devs will be able to spend less time figuring out what's important to fix.

Oracle gearing up Solaris 11 compatibility

By Sean Kerner   |    March 22, 2011

From the 'Does IT Work?' files:

Oracle has been building out the next generation version of its Solaris UNIX platform ever since it acquired Sun last year.

Solaris 11 is available as a developer preview now in something called Solaris 11 Express which came out in November.

Now Oracle is ramping up the Solaris 11 effort with a new Oracle Solaris 11 Compatibility Checker Tool. This is an important step for Oracle and Solaris users.

While there will be new applications written for Solaris 11, the vast majority of available applications will be those that were written for prior versions.

"For more than a decade Solaris has
maintained a Binary
Compatibility Guarantee
, and this guarantee is planned to
continue after the release of Oracle Solaris 11," Oracle notes on the Compatibility checker site."However, it's still possible to build
applications that, even though they compile and run successfully, are
not using OS interfaces properly, or use deprecated interfaces, which
may cause the application to break at some point in the future. It's
always helpful to find potential trouble spots, adding yet one more
way to assure your application continues to run."

Very true.

Gnash 0.8.9 advances open source Flash

By Sean Kerner   |    March 21, 2011


From the 'Open Media Now!' files:

Apple isn't the only group that has trouble with Adobe's Flash. The open source community, and specifically the Free Software Foundation (FSF) have issues too, though the FSF's issues are around openness.

I first wrote about Gnash back in 2006, when the FSF helped to get the effort going. Gnash is a GPL licensed implementation of a Flash player. The first beta for Gnash came two years later in 2008. Gnash plays SWF (Shockwave Flash) files and is available as both a standalone player and as a browser plug-in for Firefox, Chrome and Konqueror.

The new 0.8.9 release improves on the usability and stability of the platform.

Among the changes are fixed for playback of uncommon MPEG4 streams and SWF-embedded ADPCM audio when using GStreamer. The release also fixes playback of SWF-embedded PCM audio when using FFMPEG.

Firefox 4 RC 2 - a minor update before GA

By Sean Kerner   |    March 21, 2011

From the 'Not Far Now' files:

Late Friday, Mozilla issued what is likely the last development cycle update for Firefox 4.

Firefox 4 Release Candidate 2 (RC 2) has the shortest bug list of any release in the entire Firefox 4 development cycle to date.

The big fix is the blacklisting of a number of invalid HTTPS certificates. Sure they may sound minor, but it's actually a big deal. Invalid certs on the shipping version of Firefox 4 would enable attackers to phish/spoof and do other bad things to users of fully patched versions of Firefox. By fixing this issue now, Firefox 4 will be more secure, right out of the gate.

Beyond the HTTPS fix, RC2 has updated localizations and included one for Vietnamese. In total, Firefox 4 supports 83 localizations.

Pending any kind of late breaking issue (which I highly doubt), Firefox 4 is set to be generally available tomorrow - Tues March 22nd.

How does Firefox 4 improve memory use?

By Sean Kerner   |    March 18, 2011

From the 'Memory Rulez' files:

One of the items that bugged many people about Firefox 4, until very recently, was its use of memory.

That is, Firefox 4 (to put it politely) was a memory hog.

That's no longer the case as the browser is set to exit development and become generally available on March 22.

One of the biggest memory leak issues was fixed in Firefox 4 Beta 12 and it has helped to make the release candidate version of Firefox 4, the snappiest Firefox ever made.

"Beta 11 revealed a method JIT which is part of
Jaegermonkey JavaScript engine had been interacting poorly with tools created for Firefox 3, to
reclaim memory from object chains that get created by web pages," Mike Beltzner, director of Firefox at Mozilla told me. "Beta 12 fixed a
lot of that."

 It sure did.

Fixing that one leak alone, isn't the only way that Mozilla developers have improved memory management and usage in Firefox 4.

Open Source Drizzle database now GA - Should Oracle worry?

By Sean Kerner   |    March 17, 2011

From the 'Fork This' files:

Back in 2008, I was at the OSCON conference when Brian Aker announced Drizzle to the world.

Nearly three years later, Drizzle is now Generally Available (GA), as a new open source database that takes a different path than its MySQL roots. Drizzle originally had the backing of Sun, but I don't think that Oracle ever really cared for it.

Drizzle is a more scalable database in some ways than MySQL and is more suited for the cloud. It's also compatible with MySQL, so it won't be a major code rewrite for apps and enterprise that choose to use it.

While Drizzle is built for scale, it's not just about big sites like Google and Facebook.

"I've seen someone say that Drizzle is designed for Google and Facebook.
This is not the case at all," Aker blogged. "We built it so that the next Facebook,
Google, etc would have a platform to build on. Facebook and Google have
their own forks of MySQL, they aren't going to be using Drizzle. The
pieces are there for the next company who needs to innovate, it is just a
matter of someone making use of them."

Though Drizzle leverages a NoSQL type of solution, Aker noted that Drizzle first and foremost is a relational database.

Ubuntu Linux aims to give back with Debian Dex

By Sean Kerner   |    March 17, 2011


From the 'Let's Try This Again' files:

Debian is the 'mother' distro to many 'children' derivative distros, including Ubuntu. Sometimes those derivatives give back to the upstream, but it's not always easy.

A new effort called DEX is aiming to improve how derivative bits are merged upstream.

"DEX is all about action:
merging patches, fixing bugs, crunching data, whatever is necessary to
get changes from derivatives into Debian proper," Ubuntu CTO Matt Zimmerman wrote in a blog post. "DEX is a joint task force where developers from Debian and its derivatives work together on this common goal."

It's a good idea, but it kinda/sorta sounds familiar to me.

About five years ago, the Debian Common Core Alliance (DCCA) got started as an effort to help encourage collaboration among Debian derivatives. The DCCA failed.

So why does Zimmerman/Ubuntu think that DEX can succeed where the DCCA failed?

Tomcat 7 upgrades open source Java middleware for security

By Sean Kerner   |    March 16, 2011


From the 'Time to Update' files:

Apache may no longer be a part of the Java Community Process, but that's not slowing down development on the Apache Tomcat Java Server.

Tomcat 7.0.11 was recently released as a security update for 7.0.10. The Tomcat 7.0.10 update itself was mostly a bugfix and security update for Tomcat 7.0.8.

So why does that matter?

It matters because all this bug and security fix activity means that Tomcat 7 is settling into becoming a very stable Java server.

The first Tomcat 7 release debuted in July of 2010 after four years of development. At the time, Tomcat 7 was first released, it wasn't considered 'stable' as there were still some known bugs. Additionally Tomcat is intended to be run in production environments, making the need for stability even more critical.

Back when Tomcat 7 was first released, Mark Thomas, a member of Apache Tomcat's project management committee,  told me that major Tomcat releases typically take 6 to 12 months to reach stability.

While I'm not sure that Tomcat 7.0.10 is 100 percent stable at this point, it is clear to me that the pace of incremental fixes is solid. As such, Tomcat 7 is well on the path to being stable - if it isn't already.

I personally haven't seen many organizations move to Tomcat 7 quite yet, but I suspect as hardware gets refreshed in the next couple of years and as new virtual Tomcat servers need to get deployed - Tomcat 7 will likely get the call over the older 5.5 and 6.x branches.

Ubuntu Core going after embedded Linux

By Sean Kerner   |    March 15, 2011

From the 'Not Just for the Desktop' files:

Ubuntu Linux, which is likely best known for being a great desktop Linux distribution is going after the embedded Linux market.

The new Ubuntu Core offering is targeted at embedded deployments on Intel x86, ARM (TI, Marvell, Freescale). Considering how widespread embedded Linux is in consumer electronics, this is likely a good route for Ubuntu.

That said the reason why embedded Linux is already pervasive in consumer electronics (and other embedded devices) is due to an existing robust ecosystem of vendors and developers.

MontaVista Linux as well as WindRiver dominate the embedded space today and have existing relationship that will be near impossible for a newcomer like Ubuntu to break-into.

Both MontaVista and Wind River also have years of experience with Real Time operating systems and kernels -- which is something that I've never heard Ubuntu doing. Both MontaVista and Wind River also have the benefit of developer toolkits and toolchains which enable embedded developers to effectively build out an embedded Linux platform.

That said, Ubuntu has come out of seemingly nowhere in the last five years to become one of the leading Linux distributions. I suspect that they can make a dent in the embedded space, but their competition here is superb and isn't likely to yield an inch without a fight.

Where is RSS in Mozilla's Firefox 4?

By Sean Kerner   |    March 11, 2011

From the 'Lucky Charms' files:

There are a lot of new features in Mozilla's Firefox 4 web browser. There are also a number of old features that are now gone -- or at least appear to be.

One of the things that I first noticed with Firefox 4 (when I shifted to it for daily use) was the omission of the RSS indicator as part of the main browser user interface.

In Firefox 3.6 (and all the way back to least Firefox 1.5 if I'm not mistaken..) when you visit a URL that has an associated RSS feed, the main Firefox address bar had a small RSS icon. It provided an easy way for users to subscribe to RSS...and now in Firefox 4 it's gone.


Novell sale to Attachmate delayed until April - due to patent investigation

By Sean Kerner   |    March 11, 2011

From the 'Hurry Up and Wait' files:

Novell shareholders are going to have wait just a bit longer until they can cash in and be acquired by Attachmate for $2.2 billion.

Though Novell shareholders have already approved the sale, the deal is contingent on Novell selling off 882 patents to CPTN Holdings - a group which includes Microsoft, Apple and Oracle.

The CPTN patent sale is in the process of being reviewed by the U.S. Department of Justice and according to a new regulatory filing from Novell - the process is going to take more time than first expected. The DOJ has issued a second request for information from Novell which Novell is complying with.

"On March 4, 2011, each of the Company and CPTN certified as to its substantial compliance with its second request," Novell's 8K filing states. "In addition, at the request of the DOJ, the Company and CPTN have agreed to provide the DOJ with additional time to review the patent sale and not to close the patent sale prior to April 12, 2011. The Company remains committed to working with the DOJ as it conducts its review of the patent sale."

What does that mean?

Firefox 4 RC1 fixes 648 bugs and now considered stable

By Sean Kerner   |    March 09, 2011

From the 'Bug Extermination' files:

FINALLY! Mozilla's Firefox 4 open source web browser is at the Release Candidate stage (RC1) -- though it sure is fixing a massive list of bugs from the Beta 12 release.

By my count the RC1 release fixed 648 bugs though it's not clear how many are unique to RC1 as opposed to earlier update. Mozilla's published list of fixed bugs for Firefox 4 RC1 appears to include items that were actually fixed in Beta 11 or Beta 12

Most of the fixed bugs appear to be crash related stability fixes and updates. Though there are still a good number of interesting memory leak fixes, which in my experience with the Firefox 4 beta was the number one issue that annoyed me personally.

For RC1 there is a unique new fix for a memory leak with NoScript installed. NoScript is a popular Mozilla add-on that reduces the risk of scripts (JavaScript and Flash) from running.

Ubuntu Netbook Remix is dead. Long Live Ubuntu

By Sean Kerner   |    March 09, 2011

From the "Nefarious Netbook' files:

Canonical has decided to retire the Ubuntu Netbook Remix - as a named product.

The Netbook Remix was a personal favorite of mine, as it made it easy for me to point my netbook friends at it, as an easy replacement for whatever OS was installed by default on their device.

Netbooks after all have under-powered CPUs, low RAM and small screens. The needs of Netbook users are categorically different than regular desktop users right?

"The introduction of the new shell for Ubuntu means that we have a user
interface that works equally well whatever the form factor of the PC,"Gerry Carr, director platform marketing at Canonical blogged. "And the underlying technology works on a range of architectures
including those common in netbook, notebooks, desktops or whatever you
choose to run it on. Hence the need for a separate version for netbooks
is removed."

I'm not so sure I agree.

Fedora 15 Linux hits first alpha, debuts BoxGrinder for cloud

By Sean Kerner   |    March 08, 2011


From the 'Should Have Been Called Vegas' files:

Fedora 15, codenamed 'Lovelock' now has its first alpha milestone available. This is a BIG release for Fedora in that it's the first Fedora of the post Red Hat Enterprise Linux 6 era, and oh yeah first with GNOME 3, SystemD and BoxGrinder.

GNOME 3, including GNOME Shell mark the evolution of the Linux desktop and Fedora is likely to be the first big Linux distro to full integrate it. When it comes to systemd, that's been a long time coming, but in Fedora 15, it's finally fully baked making it easier and faster to manage and startup background daemons.

BoxGrinder is another story and is a very exciting technology. Red Hat first starting talking about BoxGrinder a year ago as a new way to build virtual software appliances (think SUSE Studio from rival Novell).

The key differentiator for BoxGrinder is its cloud focus, BoxGrinder is intended to enable developers to build an application platform
image that could then be deployed on any cloud, and be easily

Why Pwn2Own doesn't target Linux

By Sean Kerner   |    March 08, 2011

From the 'Hack Me' files:

The annual Pwn2Own hacking challenge kicks off today, pitting security researchers against web browsers and mobile platforms. The HP TippingPoint sponsored event grows every year to include more platforms, though Linux isn't among them.

Pwn2Own will target IE, Firefox, Safari and Chrome all running on Windows 7. Windows XP isn't on the target list and neither is Linux, for different reasons.

I spoke with Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint the other day and asked him why Linux wasn't being included. Apparently the question is among the most common questions he is ever asked about Pwn2Own.

"Linux is not an operating system that has widespread use with any one particular distribution, flavor or configuration," Portnoy said. "In general Linux is still a server-based operating system, people do use it on the desktop, but you can't go to BestBuy and buy Linux with a specific distro on it that everyone uses that has widespread market share. If we were to include Linux, we'd have even more controversy and we just don't want to deal it."

Personally, I think that Pwn2Own is an event that serves to focus security research and makes the underlying platforms better.

I would love to see, Mark Shuttleworth put up $10,000 (or more) for an Ubuntu challenge on Pwn2Own, as that's likely the only way (in the short term) that Linux on the desktop will get the intense security scrutiny that Pwn2Own provides.

Oh and were you wondering why Windows XP isn't included this year? That's an easy one.

Since Windows 7 is now available, Portnoy and the contest organizers figure that's the most secure version of Windows and quite simply, Windows XP just doesn't measure up.

Ubuntu Oneiric Ocelot set to debut in late 2011

By Sean Kerner   |    March 07, 2011

From the 'Define:Ocelot' files:

The animal kingdom was never a big area of interest for me, but thanks to Mark Shuttleworth, I've been learning about all kinds of animals.

The next major Ubuntu release is 11.04 codenamed the Natty Narwal and Shuttleworth has just revealed its successors name: the Oneiric Ocelot.

What's an Ocelot? Apparently it's a nocturnal wildcat.

"Oneiric means 'dreamy', and the combination with Ocelot reminds me of
the way innovation happens: part daydream, part discipline," Shuttleworth blogged.
"Keep up the discipline and focus on the Narwhal, and let's direct our daydreaming to the Ocelot."

These are interesting times for Ubuntu. The company has been dealing with its own mini-PR crisis lately with debate raging over their attempts to share (some, but not all) revenue with the GNOME Banshee project. Ubuntu has also decided to move away from GNOME Shell which has also raised questions.

From a timing perspective Oneiric is also the last Ubuntu release ahead of the 12.04 Long Term Support release, so it will be the final attempt pre-LTS for Ubuntu to shake things up.

Red Hat defends Linux kernel move

By Sean Kerner   |    March 04, 2011

From the 'Kernel Obfuscation' files:

There is no company on Earth that contributes more to the Linux kernel than Red Hat. That said, Red Hat has recently come under some scrutiny for the way it packages the kernel in RHEL 6 - some mis-informed people have gone so far as to question whether or not Red Hat is violating the GPL.

Frankly, I've been shocked that Red Hat has been quiet on the topic - until today that is. Red Hat finally broke their silence defending their moves to apply patches to the kernel and not making everything openly available.

"When we released RHEL 6 approximately four months ago, we changed the
release of the kernel package to have all our patches pre-applied." Red Hat CTO Brian Stevens blogged. "Why
did we make this change? To speak bluntly, the competitive landscape
has changed. Our competitors in the Enterprise Linux market have
changed their commercial approach from building and competing on their
own customized Linux distributions, to one where they directly approach
our customers offering to support RHEL."

Competition sure has changed. CentOS now has commercial support from OpenLogic and Oracle also builds on RHEL. Red Hat had to do something, while not breaking either the terms or the spirit of the GPL.

Mozilla is using you to make Firefox 4 start faster

By Sean Kerner   |    March 03, 2011

From the 'I Did Not Know That' files:

Firefox 4 is nearly done and one of the first things that most users are likely to notice occurs right at the start-up.

Firefox 4 starts faster than any previous version of Firefox.

I recently visited Mozilla's Toronto office and got some really great insight into how Mozilla was able to speed up the Firefox start-up.

"You know how every day Firefox pings to get a list of blocked add-ons for security, what we send in that ping now is one number and that number is, how long did it take you to start-up this morning," Mike Beltzner Director of Firefox told me. "So we're getting live start-up data from the field."