Mozilla Personas Gets a new Name (and it's not BrowserID)By Sean Michael Kerner | February 29, 2012
From the 'Obvious Choices' files:
Last week, Mozilla officially decided to name its BrowserID effort for consumers as Persona. That choice left the existing Mozilla Personas community without a name, until today.
Personas is now being renamed...
Wait for it....
Uh huh. I shook my head too.
Years ago, the Mozilla community (myself included) were educated that Personas was different than a regular theme. It's a message I bought into and believed - even though Mozilla no longer does.
"After a lot of thought, including consideration of the community poll results, we're planning to make "themes" the name for custom visual changes to Firefox, whether through Personas or existing themes," Amy Tsay the new Mozilla community manager for add-ons wrote in a mailing list post. "We think it's easiest for a user trying to change Firefox's look to go to a single place without worrying about the difference is between a "theme", a "background", and a "skin"."
Amy's view makes sense, except for the simple fact that it's not what Mozilla itself has been saying for years. To add further insult to injury, Mozilla is not fully respecting the votes of its own community.Mozilla ran a poll to see what users thought the new name should be 41 percent voted for skins and only 22 percent said themes.
So Mozilla - why ask for the community's view if you're not going to respect it?
In any event, the name themes does makes sense even though it does dilute all the brand equity they have created in Personas. I'm still shocked at how poorly Mozilla has handled this whole process, they're a group that normally knows and does a whole lot better.
The Beefy Miracle Begins. Fedora 17 Hits Alpha 1By Sean Michael Kerner | February 28, 2012
From the 'Linux Miracle' files:
The first alpha milestone of the Fedora Linux 17 release is now available.
This is the release that is known as the Beefy Miracle and it's not just a marketing message, it's also a statement about how much 'beef' has been packed into this release.
"When we said Beefy, we weren't kidding: an a-bun-dance of condiments, err, features, are available to help you feed your hunger for the best in free and open source software," Fedora developer, Dennis Gilmore wrote in the release announcement. "We take pride in our toppings, and in our fine ingredients; Fedora 17 includes both over- and under-the-bun improvements that show off the power and flexibility of the advancing state of free (range) software."
On the server side Corosync 2.0 is included as is the Pacemaker cluster resource manager. I personally had not been using those project, but now that they're part of Fedora 17, I will be trying them out for clustered load-balancing testing.
On the virtualization front, Fedora is including Open vSwitch which is a virtual switch project that plays a critical role in the OpenStack Quantum networking module. OpenStack is an open stack cloud effort that Red Hat has some involvement with and the embrace of Open vSwitch in Fedora is a huge step in my opinion. It means that the Fedora community will get to test out and use this virtual switch making the path to OpenStack Quantum for Fedora users, relatively easy. OpenStack Essex (the upcoming release) is also set for inclusion in Fedora 17 as is the full Quantum stack.
Security is another strong theme in the Beefy Miracle with support for DNSSEC on workstations. That's right DNS Security comes to end users (and it's about freaking time too.) A new unified Firewall service called firewalld also is including, which will replace iptables with a more modern firewall architecture.
Topping off the Beefy Miracle is a massive scalability boost to the EXT4 filesystem to beyond 16 TB. That's right, Red Hat's 'hobbyist' Linux distro can scale.
And that's just the stuff that interests me as a longtime Fedora user after a quick download - there is lots more to like in this release that I'll dig into in the days/weeks ahead.
OpenStack Promotes Quantum Networking to Core Project StatusBy Sean Michael Kerner | February 23, 2012
From the 'Quantum Leap for Networking' files:
Big news in the OpenStack world as the Quantum networking project is set to become a core project.
Quantum is a networking component for OpenStack that delivers networking technologies that that no other cloud stack (that I know off) provides. It first showed up in the OpenStack Diablo release as an incubated project and now it's set to be a core project for the Folsom release set for the fall of 2012.
I got the opportunity to speak with Dan Wendlandt, Team Lead for Quantum Project at OpenStack back in September and was really impressed. He explained to me that networking within OpenStack to date has just been a sub-system of the Nova compute project and has had limited networking capabilities. The ability to have a multi-tiered network, with isolated network segments for database, web and applications is something that Quantum enables.
Quantum also implements a tunneling approach by way of a plug-in that is based on Open vSwitch which is similar to VXLAN (an emerging standard from Cisco and VMware).
Bottom line from all of this is that OpenStack users are the big winners. Cloud computing without proper network integration is really a misnomer – the cloud runs on the network and it has to have the same (or better) features people are used to0 in enterprise data centers.
Congrats to the Quantum development people. I know that you've still got lots of work to get done yet, but it's clear to me that you're on the right path.
Mozilla Branding BrowserID as Persona - While Personas is Now Left NamelessBy Sean Michael Kerner | February 22, 2012
From the 'Brand Confusion' files:
Mozilla officially announced today that its' BrowserID effort for user authentication would get rebranded for end-users as Persona.
Yeaah, I know (and so does Mozilla). Personas is a feature that has been in Mozilla's browser since the Firefox 3.6 release (and even longer as an addon).
Personas has tens of thousands of customizable skins for Firefox, downloaded by millions of users. The brand is also associated with the GetPersonas site (that Mozilla runs).
So in brand terms - the name Firefox Personas has a non-trivial amount of Brand Equity (in terms of time, usage and attach rate).
Yet despite that truth, Mozilla is throwing that out the window, leaving the Personas community -- nameless.
Sure I know Mozilla had a blog post up earlier this month asking people to suggest names, but so far as I can tell none has been chosen. That's right Mozilla now has given BrowserID the name Persona --BEFORE - Personas has a new name.
Does that make ANY sense to anyone?
From a brand perspective, Mozilla is throwing years of brand equity into the garbage. Worse yet they're creating brand confusion with the name -- which is just bad (not ActiveX bad, but still bad).
There has also been strong opposition to the name change on Mozilla's own public marketing lists.
Obviously I'm not as smart as the people that made the decision, they have hundreds of millions of Google dollars that make them right no matter what the community or a tech journalist like me has to say.
Branding aside, BrowserID is an awesome effort and it's a real shame that the marketing types had to create this confusion. There are so many words in the English language (and other languages) that could have been found and used, it's too bad they had to beat up Personas first. Mozilla is a better project than that and there are so many smart, good people involved that it's hard to believe that there wasn't a better option.
VLC 2.0 Delivers More Open Source Video Playing PowerBy Sean Michael Kerner | February 20, 2012
From the 'Open Source Essentials' files:
There are lots of different open source media player out there. For me, VLC has always stood alone at the top of pile. Eight years ago, I was part of the team that awarded VideoLAN (the people behind VLC) with the 2004 Open Source Award (then managed by CNET).
In all the years since, I've always been very satisfied using VLC as my everyday media player. Now with the new 2.0 release, those who are like me that love VLC will have even more reasons to love it - and for those that yet have to experience it - now is a great time.
VLC has long been the best (IMHO) open source media player because it supports more technologies (codecs, streams, filters, outputs, formats) and that's a trend that is amplified in the 2.0 release.
VLC 2.0 has more performance and video capabilities than ever with multi-threaded decoding for H.264, MPEG-4/Xvid and WebM. Lots of new filters too including ebanding, grain, denoising and anti-flickering filters as well as a new deinterlacing filter. There are also new resamplers for higher quality audio.
Then of course there are all the bug fix improvements, which just make this program more stable and reliable across all the platforms it supports (currently Linux, Windows and Mac). According to the VLC devs, there were more than 7000 commits from 160 volunteers for the VLC 2.0 release.
After 8+ years of VLC being my primary media player and the one that I've installed/recommended to everyone I know on every platform - I'm just so grateful that the awesome community of development and users continues to get better year after year.
Mozilla Releases Firefox 10.0.2 for png FlawBy Sean Michael Kerner | February 17, 2012
From the 'Be Careful What you Click' files:
At the end of last week, Mozilla released Firefox 10.0.1, which fixed a single flaw. Now here we are at the end of a new week, and there is another release with Firefox 10.0.2.
This time the flaw is one that I'm familiar with - as it was patched by Google in Chrome 17, just slightly ahead of the Firefox 10.0.2 update.
The actual flaw is a vulnerability in the
"An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages," Mozilla warned in its advisory.
According to Mozilla, they were alerted about the flaw by Red Hat.
In any event, make sure you update, this is a flaw looks relatively easy to me to exploit and thanks to the quick actions of Google and Mozilla - now trivially easy to protect against too.
Will Fedora 17 Beefy Miracle get Cinnamon?By Sean Michael Kerner | February 16, 2012
From the 'Would You Like a Mint with your Fedora' files:
The upcoming Fedora 17 Beefy Miracle release is likely to be one of the most feature packed Fedora Linux releases in years.
One feature that I'd like to see in it, is the Cinnamon desktop.
Cinnamon was started by Linux Mint and has since found its' way to multiple distro's repositories. As far as I can tell, it hasn't quite yet landed in anything official for Fedora (and yes I know, it's all open source so users can just go and build on their own - great tutorials are out for that too). Cinnamon is a response to user demands for something other than Unity or GNOME Shell on top of a GNOME 3 base.
There are lots of people (myself included) that don't want to use Shell or Unity, but still would prefer to have a GNOME base rather than migrate to KDE, Xfce or otherwise. That's where Cinnamon fits in.
Currently there is a bugzilla entry to get Cinnamon included with Fedora.
"Cinnamon provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications," Leigh Scott wrote in the bugzilla entry. "Cinnamon takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy to use experience. The desktop layout is similar to Gnome 2."
Scott entered the bug on January 2nd. To date, no one in the project has 'officially' claimed the bug and it's not clear if anyone is actually reviewing the packages.
I expect that to change in the days/weeks ahead. From a Fedora perspective there is no reason not to include Cinnamon in its repos, for users to grab. More importantly it gives those that don't want to use the Shell a real choice. In Fedora 17, the plan is to not have GNOME fallback mode for users (which is actually how I run Fedora 16 now). Meaning users that run GNOME by default will get the Shell.
That said, the current release plan for Fedora 17 calls for the inclusion of GNOME 3.4 which is still in active development. Given that Cinnamon likely has some interesting GNOME dependencies, I'd also wager that the introduction of GNOME 3.4 could also throw a few technical hurdles at the Cinnamon inclusion.
In any event, there is still time for a member of the Fedora community to review and take on Cinnamon - if you have the time (and Fedora bugzilla credentials) - please review bug 771252.
Everyone that likes GNOME (but detests Shell and Unity) Thanks You!
LibreOffice 3.5: Time for a Word CountBy Sean Michael Kerner | February 14, 2012
From the 'Why Are You Using Anything Else?' files:
As a long time user of OpenOffice.org, it really is just thrilling to see the innovation present in LibreOffice 3.5, which was officially released today.
As a writer, this release has at least one update which quite literally will change the way I work, (hopefully for the better). In my business, word counts – count. In older versions of LibreOffice (and OpenOffice), I've always had to first write then select what I've written to get a word count. It's a two step process, that when repeated over the course of a day (I write at least 4 stories a day), week, month and year takes a real toll on wrists and arms (can you say Carpal Tunnel?)
With LibreOffice 3.5, the good folks at The Document Foundation will quite literally save me a pile of pain. Writer now has a real-time word count window. Yeaah I know a simple idea and one that did exist waaay back in the WordPerfect days but now it's back and it's good (so thnx to the developers that think of us poor writers trying to hit word counts..).
Word count in Writer today is available in a separate window, so it's not quite as integrated as I'd like (i.e in the bottom bar, but I suspect if I was a better coder I could figure something out)
Now real-time word counts are really just a simple thing, but it's a good example of where LibreOffice is really doing things right. Another great example is the new Microsoft Visio import filter (how many times has that tripped me up..)
Ever since the effort was created it has removed the 'cruft' from the code (which now actually starts somewhat faster even on my old hardware) and added in new features that users can really notice and benefit from.
"We inherited a 15 years old code base, where features were not implemented and bugs were not solved in order to avoid creating problems, and this - with time - was the origin of a large technical debt," Caolán McNamara, a senior RedHat developer who is one of the founders and directors of TDF said in a statement.
I don't think that LibreOffice has yet paid off that 'technical debt' but with the 3.5 version it's clear that they're making real progress.
Mozilla Issues Critical Update for Firefox 10By Sean Michael Kerner | February 13, 2012
From the 'Rapid Bug Fix' files:
The open source Mozilla Firefox 10 web browser is the first of a new era for Firefox. Firefox 10 is an ESR (Extended Support Release), with at least 42 weeks of support. In contrast with Mozilla's new rapid release cycle new non-ESR releases are out every six weeks.
Barely two weeks after being released, Mozilla is already updating Firefox 10. Firefox 10.0.1 was released late Friday with no advance notice from Mozilla. That's not exactly a good way to handle the first update for an enterprise release IMHO.
The 10.0.1 update however isn't just a quick fix for a minor bug though. The fix is for a critical flaw that Mozilla obviously felt needed to be patched ASAP.
The fixed flaw is a Use-After-Free issue (which seem all to common these days to me). This particular Use After Free in the ReadPrototypeBindings function.
Yes it's great that Mozilla patched this fast. NO it's not good that this was missed in the initial Firefox 10.0 build and it's not good that there wasn't (to the best of my knowledge) proper advance notification for the update. Enterprise users are a conservative bunch and it's important to provide a warning that an update is coming. The whole point of the ESR was to avoid the hassles of the rapid release update, but I suspect that this rapid release bug fix issue will still be a hassle of sorts for plenty of big enterprises that still aren't equipped to do non-scheduled updates.
To be fair, this is the first bug update for the ESR and perhaps, I'm just expecting too much from Mozilla. After all, the bottom line in a fix like this is about user security, which is always better when it's delivered faster, right?
Want a Job? Learn LinuxBy Sean Michael Kerner | February 10, 2012
From 'Linux HR' files:
A new study set to be released by career website Dice.com and the Linux Foundation paints a very rosy picture of the Linux job market.
Now the fact that the Linux Foundation is involved in this study means that it could potentially be seen as self-serving (but hey what PR isn't), but the trends are unmistakable. The survey found that the vast majority (81%) of companies were going to making hiring Linux people a priority for 2012.
Now digging a layer deeper, only 47 percent actually noted that they expect to add more Linux people to their staff in early 2012.
While the demand for Linux skills is high, on the flip side there is a gap. The report found that 85 percent of respondents had a hard time filling their Linux jobs.
That's shocking to me. Linux is not new, the skills are out there, so it's either a case of just too much demand or perhaps a need for paper certs (which to be fair aren't always as common, since so many Linux pros are self-taught, I know I am...).
So hey, if you are out there and need a job, or know someone that does (and sadly don't we all?) - tell them about Linux.
"In the last ten years, there’s been no tech skill that matches Linux in terms of growth in hiring requests and size of demand and clearly it’s not done,” said Alice Hill, Managing Director, Dice.com. “The best Linux candidates have options and we need more talented professionals to join the community. Linux is simply a core skill for anyone pursuing a career in software development or systems administration.”
Symantec should not be afraid of 'open' source codeBy Sean Michael Kerner | February 08, 2012
From the 'Security by Obscurity' files:
Over the last several weeks, the saga of Symantec's pcAnywhere source code 'leak' has been all over the tech media. Apparently the source code was stolen (or otherwise inappropriately appropriated) and has now illegally been made public on bittorrent.
The 'funny' part of this whole saga for me, is that none of this happens to open source vendors. I use open source software every day and in a very real sense it secures (nearly) everything I do. I also know full well that open source technology (security and otherwise) helps to secure strategic assets for the U.S. Government and others around the world.
Being open - shouldn't necessarily be equal to be more at risk -- yet that's what has happened with the pcAnywhere leak. All Linux distros use OpenSSL and OpenSSH which are free and open - to help secure traffic (and hey I'm pretty sure you can run a remote desktop pcAnywhere type deployment over SSH too). While both OpenSSL and OpenSSH have been dinged by their fair share of security vulnerabilities over the years, being open hasn't made those technologies less secure, it has made them more secure.
It's the 'many eyes' theory of open source. That being, if there are many eyes looking at code, there is greater chance of flaw discovery. Security by obscurity does work...sometimes, but when you can be secure being totally open, that's real security because you've got nothing to hide.
If I was Symantec - I'd turn this exercise into a positive experience and open source the code with some kind copyleft license, preferably the GPL. The packaged version can and could still exist as a fully supported version, so there wouldn't necessarily be a revenue loss either. That's not likely to happen though given the circumstances under which the code was leaked and the fact that Symantec isn't exactly an open source vendor either.
Red Hat Selects New Fedora Project LeaderBy Sean Michael Kerner | February 07, 2012
From the 'Thanks Jared!' files:
It looks like current Fedora Project Leader Jared Smith will not be overseeing the Beefy Miracle Fedora 17 release. Smith announced leadership changes at the Fedora project today that will see a new leader in place.
Smith became the Fedora Project Leader in June of 2010 as the successor to Paul Frields (who had held the post since 2008). I've had the good fortune of speaking with Smith for every Fedora release during his tenure and was always impressed with his depth of knowledge and insight into what really matters - both at Fedora and for the Linux world as a whole.
The role of Fedora Project Leader - unlike Debian which is a voting process or Ubuntu which is a dictator for life - is an appointed role from Red Hat. Red Hat has never just drop shipped in its own staff, but has always pulled from the community to staff the position and the same is true this time.
Robyn Bergeron is set to be the new Fedora Project Leader. Bergeron is a name that is familiar to me and many others from the Fedora mailing lists. She will be the first (what took them so long?) female leader of Fedora and from what i've seen over the years - is likely the best person to be leading this project esp for the big marketing bonanza that will be the Beefy Miracle.
I will certainly miss the deep technical conversations about things big and small that I have had with Smith over the last year and half and I wish him well in whatever role he lands next. For Robyn Bergeron -- looking forward to speaking with you soon to discuss the 'miracle'.
Google Summer of Code 2012 Kicks OffBy Sean Michael Kerner | February 06, 2012
From the 'Summer Already?'
For the last eight years, I've been amazed and awed at Google's Summer of Code. The effort started back in 2005 with some 200 participants and it has grown every year since.
In 2011, 1,116 students were accepted into the program, which pays the students as well as the open source mentoring organizations.
For 2012, Google is paying $5,000 to each student and an additional $500 to the organizations that mentors the student. So that means that if Google holds to the same numbers as 2011, they will be pumping at least $6.1 million into open source development over the summer months this year.
While the program has now just been announced, we won't know until the end of August how successful it is for this year. Mentoring organizations have until March 9th to apply for the program and students have until April 6th. The final 'pens down' date for the project coding is August 20th.
Managing the whole Summer of Code effort is an amazing technical back-end known as the Melange platform (as in Melange/Spice from SciFi Classic 'Dune'). The Melange system was introduced back in 2008 and this year, the system (from my layperson's naked eyes) look pretty sharp.
Melange is also an open source project available on Google Code. At this point, it looks like Google is looking at expanding Melange beyond being just a system to manage the Summer of Code.
In any event, over the last eight years, I have seen no other effort come even close to what Google does with Summer of Code. It is an engine of innovation and involvement that could well be the single biggest effort on Earth focussed on getting students actively engaged in a meaningful way with the open source community. Congrats to Google on keeping this effort up after all this years and on pushing it forward for 2012 (and beyond!).
OpenStack Gets a HyperVsectomyBy Sean Michael Kerner | February 02, 2012
From the 'Microsoft Bashers' files:
OpenStack is supposed to be a vendor agnostic open community for building an open source cloud stack. And it is, unless you don't pull your own weight- or if you're Microsoft.
I know there is plenty of vitriol in the open source world towards Microsoft and certainly some of that has now surfaced in the OpenStack community.
OpenStack is now removing the Hyper-V capabilities from its stack, after Microsoft didn't maintain the code. That happens in projects all the time, just think about the Linux kernel where Microsoft has had similar challenges and hey for that matter so has Google.
What is more interesting to me is how the OpenStack community has labelled the move. Officially it's called: blueprint hypervsectomy.
And no, you can't make this stuff up.
So OpenStack isn't just removing Hyper-V, there are now sterilizing the stack against it too. I know full well that the devs are just having a little 'fun' here with the name - but it's painfully obvious that Microsoft isn't welcome at the OpenStack party anymore.
**UPDATED Friday Feb 3rd **
OpenStack developer (and now Cisco employee) Soren Hansen has provided some additional guidance on the removal of Hyper-V and the name Hypervsectomy (pasted below). Thanks Soren!
I named that blueprint and I also wrote the corresponding patch. I am a long time Linux supporter and I'd be lying if I said I was a Microsoft fan. Nevertheless, I'd be thrilled to have a functional, maintained (and maintainable) Hyper-V driver back in OpenStack. In fact, I helped the developer who wrote the Hyper-V driver back when it was initially proposed, and if memory serves, I was even the one who gave final approval on the patch back then.
I'm not a doctor, so I can't really say if you're reading too *much* into the term or if I read too *little* into it, but to me an somethingectomy is just about removing something, not about "sterilizing" against it or anything along those lines. Wikipedia seems to agree with me.
"The surgical terminology suffix "-ectomy" was taken from Greek εκ-τομια = "act of cutting out". It means surgical removal of something, usually from inside the body." - http://en.wikipedia.org/wiki/List_of_-ectomies
We've performed multiple -ectomies in OpenStack. Here's another one:
(Yes, also named and authored by me, and I have nothing against Redis)
The fact of the matter is that the HyperV driver has been unmaintained for almost a year. It was made clear when we accepted it in in the first place that we (the core developers of OpenStack) didn't have the means to test it. If we can't test it, we can't maintain it. We can sponsor patches for anyone who wants to maintain it, but we can't even do rudimentary functional testing on it. That it got removed shouldn't come as a surprised to anyone involved in the process.
Greg Kroah-Hartman Becomes Linux Foundation Fellow - Gives SUSE the BootBy Sean Michael Kerner | February 01, 2012
From the 'For He's a Jolly Good Fellow' files:
Greg Kroah-Hartman is joining the Linux Foundation as a 'fellow.' The move means that he's leaving SUSE - that's right kaput, no more SUSE for him.
I've been a huge fan of Greg ever since I sat in a session he ran at LinuxWorld in 2006..you see while I had been aware of his work, I never had the opportunity to actually see him speak. I was impressed and amazed (and still am) at his attitude towards getting things done. I remember distinctly asking about some esoteric kernel bug and he simply said, if anyone has any security bugs send to me and i'll look at it and get it fixed.
This past year I watched in amazement as he released a stable Linux kernel in front of a live audience. That's where I see the name Greg Kroah-Hartman the most as THE maintainer of the stable Linux kernel. He's also the man that in recent years has been Linus Torvalds right hand - literally at Linuxcon events around the world having candid on stage discussions.
It makes sense that he should be part of the Linux Foundation and frankly, I really wonder why it has taken so long for this to happen. For SUSE, the loss is large in my opinion. The Tumbleweed effort, which brings a rolling kernel release is just one of the many contributions that he has led at SUSE. He was easily the most important kernel dev that SUSE ever had and without him, I really wonder what (if any) influence SUSE will still exert on kernel development.
Perhaps even more telling is the only public message (that I was able to find) that Greg posted about leaving SUSE. It's just a simple blog post titled,"Time to update your email address book"
sed -i 'email@example.comfirstname.lastname@example.org/g' .addressbook
Ok Greg, I've updated my address book. Good Luck at the Linux Foundation and congratulations on making the move.
**UPDATED 11:30 am ET**
Just got a few comments from Jim Zemlin (Greg's new boss and the head of the Linux Foundation). I asked Zemlin whether or not the LF fellowship was a job for life and he told me that's up to Greg to decide.
In terms of why Greg is coming to LF now (as opposed to some other point in time) Zemlin said:
The embedded Linux market is growing rapidly, and Greg's deep level of experience here and history of collaboration with hardware manufacturers at the kernel level can accelerate the work that needs to be done in this area. It's a natural time to for The Linux Foundation to sponsor his work, and we're very happy to be able to do it. "
The other question I always like to ask (but don't really expect an answer on) is about $$. I asked how much the LF is paying Greg for the fellowship and got an answer that made my day.
"He is given food in exchange for code," Zemlin said. "We find this is the most effective form of pay for our Fellows."