The Document Foundation and Open Source LibreOffice Enter Year ThreeBy Sean Michael Kerner | September 28, 2012
From the 'Forks That Work' files:
Some forks die off quickly. Other linger and a precious few actually prosper and excel beyond their origins. I personally would put the LibreOffice project and its masters in the Document Foundation in the latter category.
The Document Foundation is officially celebrating its second anniversary today – hard to believe it has been two years already, isn't it? (I know I wrote the same thing when they turned one last year!).
What has changed over the last year however is a resurgence of OpenOffice, in the form of the Apache OpenOffice project. Whereas in the first year of the Document Foundation's life OpenOffice wasn't all that active, the same can't be said for the second year. Apache OpenOffice 3.4 was releasedin May marking the first new release of OpenOffice under its new leadership. That event potentially could have led to new momentum for Apache OpenOffice and a decline for LibreOffice – but that didn't happen.
Instead, after two years and a new challenge from OpenOffice, LibreOffice has stood tall. According to the Document Foundation there have been over 20 million downloads of LibreOffice inside of the last two years.
Yeaah LibreOffice and The Document Foundation still face challenges, but they have solved a few too. LibreOffice is released with a regular cadence that provides bug and stability fixes. New feature release also have a regular cadence showing an evolutionary path for a product that previously had been going nowhere fast.
So Happy Second Anniversary Document Foundation and thank you for all your effort now and in the future.
Happy 14th Birthday Google! (and don't forget to thank Linux)By Sean Michael Kerner | September 27, 2012
Google turns 14 today. Yeaah, I know it really doesn't seem all that long ago when Google was the 'new kid' on the block and we all used AltaVista (or at least I did…).
Like millions of others I first noticed Google because of its use by Yahoo. The bulky Yahoo portal page of 14 years ago was a mess so I just started going to Google directly (like millions of others). Back then Sergey and Larry were also a lot more accessible than they are now. I remember emailing about a result error and getting a personal reply (and a T-shirt) back in response.
14 years later, Google remains the primary search engine most of us use each and every day. Sure Google is more than just search today, but search still remains the core – whether we're talking Gmail, Android, Maps (IOS 6 sux!) or otherwise.
While Google has built so much innovation entirely on its own, it's important to remember that in the beginning (and even now) – it was and is Linux at the core that enables all of it to happen.
Google's search engine sits on Linux. Gmail sits on Linux, Android sits on Linux.
Sure, Google has built tremendous innovation on top (some of it open source, some not..), but at the core, Linux remains.
So happy 14th birthday to you Google. I can't imagine living without you and likely you can't imagine living without Linux.
Mozilla Plans More Non-Invasive Health Reporting in FirefoxBy Sean Michael Kerner | September 25, 2012
From the 'We're Not Tracking You' Files:
Mozilla has always been respectful of user privacy. But they also have to somehow get information from user's browser to improve the product.
Since at least Firefox 7 with something called Telemetry, Mozilla has had an opt-in mechanism for monitoring the performance of the open source browser on user machines. Telemetry is opt-in.
Now Mozilla is going to the next level with something called the Firefox Health Report.
"We’ve designed Firefox Health Report to treat people well and to start the process of putting us back in control of the data that shapes our online experience," Mitchell Baker blogged. "We’ve designed it to provide useful information to you about your experience. For example: is a particular add-on causing performance to degrade? Will starting a new Firefox profile help improve performance?"
The Health Report can be disabled too - for those of us paranoid types that are always worried about anytime our browsers send data anywhere...but Mozilla (as always) is committed to user privacy with this effort.
I suspect most users will not opt-out and Mozilla will soon have a massive amount of information on the Health of Firefox users. I'm personally really curious what they will find out...
Why is Open Source WebKit the Weak Link in Apple Security?By Sean Michael Kerner | September 24, 2012
From the 'Update or be Pwned' files:
About a month before the recent HP mobile pwn2own event, I told the event organizers that is extremely likely that the mobile vulns they find will be WebKit related.
As it turns it out I was right and I'm not surprised.
The iPHone 4S was hacked by way of a WebKit vuln and I strongly suspect the NFC attack on the Samsung Galaxy had a WebKit component too. WebKit vulnerability fixes also rank highly (by my count over 50 percent) for all security fixes made in the recent Apple iOS 6 update.
WebKit vulnerabilities also accounted for over 100 flaws fixed in Apple's latest iTunes update.
Google, to its credit, has been very aggressive patching WebKit vulnerabilities often and regularly. A good number of those vulnerabilities seem to be found in any given month by Google's own open source Address Sanitizertechnology that can help identify potential use-after-free type memory conditions.
Apple does fix WebKit vulnerabilities too – though it seems to consistency be slower at doing so than Google. Apple also seems slower at fixing WebKit vulnerabilities on mobile/iOS than on the desktop, (think Safari).
To be fair, updating WebKit isn't as easy for Apple on iOS as it might be on the Mac. Sure, Apple could *simply* update Safari whenever new WebKit issues arise, but the reality is that WebKit's usage extends beyond the browser and is an integral part of iOS itself in a different way than WebKit on Mac OS X. Simply put, it's not just about the browser.
That said, time and again – if a security researcher is looking for a path to exploitation on iOS, they need to look no further than WebKit. Just look for a vuln that has been patched in Chrome, see that it hasn't been patched in iOS and then get 'cracking' on what you want to do.
Yes, I know, that the fact that a WebKit vulnerability exists, doesn't necessarily mean that it is exploitable or that an attacker can actually weaponize such an exploit either. But it is a starting point…..
Sean Michael Kerner is a senior editor at eSecurity Planet andInternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.
Why the Linux Foundation Works (and Why the OSDL Failed) [VIDEO]By Sean Michael Kerner | September 20, 2012
From the 'It's not about the money' files:
Not all Open Source foundations are created equal. Over the last 15 years that I've been actively engaged in open source activities I've seen more than my fair share of open source foundations go bust. I've also seen a few do really well.
Remember the OSDL?
The OSDL was the pre-cursor to the Linux Foundation. It was an organization that I personally never really liked and neither did Oracle. Back in 2006, Wim Coekaerts (then the Director of Linux Engineering at Oracle) told methat OSDL was all about business and Oracle knew how to deal with the Linux community on its own.
Coekaerts in 2007 become an instrumental part of building the Linux Foundation, serving on its Board of Directors.
So when I recently sat down with Coekaerts last month and five years after the formation of the Linux Foundation, I asked him if the Linux Foundation was working.
The short answer is: YES.
The OSDL in Coekaerts view was presenting the business side of Linux and implied that they could get things done in Linux for business. In contrast the Linux Foundation and its leader, Executive Director Jim Zemlin doesn't do that.
Coekaerts said that Zemlin and the Linux Foundation's approach is all about helping Linus Torvalds and the Linux community in creating a better ecosystem for Linux.
That's what makes a great open source foundation. It's about enabling people to collaborate and get involved for common purposes. As Coekaerts tol me, it's still about people working together, which is in start contrast to how the OSDL operated.
"OSDL -- they couldn't care less about community, it was a business," Coekaerts said.
Watch the full video below:
Do We Need More Linux Kernel Developers? Oracle Thinks So [VIDEO]By Sean Michael Kerner | September 14, 2012
From the 'What Does Linus Know?' files:
At the LinuxCon USA event, Linus Torvalds told the audience that there are enough Linux kernel developers out there already.
As it turns out, that might not necessarily be the case.
With the rapid rate of innovation in Linux, there likely still is a need in many companies for more Linux kernel engineering experience and more Linux kernel developers too. It's a view that Wim Coekaerts, Sr. VP of Linux and Virtualization at Oracle also shares.
I sat down with Coekaerts towards the end of LinuxCon and one of the things he told me is that we need to get more people – not less – involved in Linux kernel work.
Going a step further he also things that the Linux community needs to do a better job of integrating new people. Currently if you submit a patch that isn't quite right, the response isn't as polite as it should be.
So what should be done?
Coekaerts suggest that perhaps the Linux Foundation could lead an effort to get people involved and more importantly to educate them in how to actually contribute properly.
From an Oracle perspective, Coekearts' team is already pulling in people that were not previously Linux people and teaching them the right way to contribute. So yes, Oracle in a very real sense is expanding the base of Linux developers too.
I captured the conversation on video too and you can see it here:
VirtualBox Finds the Meaning of Open Source Life with Version 4.2By Sean Michael Kerner | September 13, 2012
From the "Don't Panic!' files:
In the spirit of full-disclosure, let me first tell you that I love VirtualBox. I use it every day and it is a core component of my workflow and my digital life.
The new VirtualBox 4.2 release out today is now going to make my life, a bit easier. The new release enables the grouping of VMs, which is a simple, yet great idea. So now on my test box I can group multiple versions of a given Linux distro together for example, instead of scrolling through a (massive) list.
When I do startup multiple distros at the same time, VirtualBox now has network bandwidth controls. Yeaah I know, VirtualBox 4.x (I'm no n00b) enables users to define how many cores, disk space and memory are to be allocated to a given VM, but it never gave us control over bandwidth.
Going a step further, VirtualBox now supports VLAN tagging, which is a huge boost for using the system in a modern network (esp for those of us that segment our networks)
As always, the best part about VirtualBox is that it is Free and Open Source software. I know that there were some that were concerned that Oracle would somehow kill VirtualBox when it acquired Sun, but nothing could be further from the truth.
Oracle over the last two years has expanded VirtualBox to make it the easiest solution for anyone on Linux, Window, Mac or Solaris to get a baseline level of guest operating system virtualization up and running quickly. Sure I have VMware's Workstation in my environment too, but the simple truth is that for everyday virtualization, I run VirtualBox and will continue to do so.
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.
Google Gets Serious about Chrome Security on LinuxBy Sean Michael Kerner | September 12, 2012
From the 'Don't Leave My Sandbox' files:
Google was a bit slow in the beginning getting its Chrome browser ready for Linux. That's now changing as Google is now set to take advantage of an advanced Linux kernel feature that could well make Chrome on Linux more secure than any other OS.
Chrome 23 dev-channel now takes advantage of the Seccomp-BPF feature that debuted in the recent Linux 3.5 kernel.
"Seccomp filtering provides a means for a process to specify a filter for incoming system calls," kernel develop Will Drewry wrote in a mailing list message.
Google developer Julien Tinnes explainedthat,"with Seccomp-BPF, BPF programs can now be used to evaluate system call numbers and their parameters."
In very basic terms, it means more control over the sandbox and less chance of escape for some kind arbitrary code execution.
Mozilla Accelerates Firefox 18 with IonMonkeyBy Sean Michael Kerner | September 12, 2012
From the 'I want TachyonMonkey next' files:
The latest entrant is yet another 'monkey' from Mozilla. This time it's called IonMonkey and it follows in the footsteps of JagerMonkey, TraceMonkey and their granddaddy SpiderMonkey (which I first wrote about back in 2007).
In a blog post, Mozilla engineer David Anderson confirms my suspicion noting that," IonMonkey is targeted at long-running applications (we fall back to JägerMonkey for very short ones)."
Reality is that many modern web apps are long running apps, so my I suspect my concern is a non-issue too.
The performance improvement ranges from 7 to 26 percent over Firefox 17 depending on the benchmark.
Firefox 18 is still a few months out from being generally available, so users will need to wait to benefit from the speed boost. Firefox 18 is currently in the Nightly release branch and is scheduled to enter beta on November 20th.
Facebook Linux, What Distro is it?By Sean Michael Kerner | September 10, 2012
From the 'Now You Know' files:
We've all known for some time that Facebook's infrastructure is for the most part running on Linux.
What I didn't know until very recently was which Linux distribution Facebook was using. I caught up with Amir Michael, Server system lead at Facebook the other week at LinuxCon and I asked him.
According to Michael, Facebook Linux was based originally on CentOS 5.2. Facebook uses one image that is placed on every server that they have.
"It now probably looks nothing like what we started with, being based originally on CentOS 5.2," Michael said. "The kernel itself is fairly recent and we have a few modifications that we do to it, but for the most part it's based entirely on the mainstream Linux kernel."
So Facebook doesn't get its Linux from a big Linux vendor, like Red Hat…but wait there is another piece to this puzzle.
Michael also told me in passing, the Facebook gets its stuff certified by Red Hat Labs. When I pressed him on that point, he said that Facebook gets its hardware (Open Compute Platform) certified by Red Hat. That means that Facebook's infrastructure while not actually bona fide Red Hat (CentOS is pretty close…), is partially certified for Red Hat's flavors of Linux.
I'm not sure that I got the whole story on Facebook and Red Hat, but I'm not surprised that they run their own modified version of an operating system.
Why Chrome Hasn't Killed Mozilla FirefoxBy Sean Michael Kerner | September 06, 2012
From the Happy 4th Birthday Chrome' files:
Four years ago, Google launched Chrome. At the time, I wrote a commentary piece that it wasn't likely that Chrome would kill IE.
As it turns out, I was (mostly) right. IE still exists, though it has its lowest share in years, thanks in no small part to Chrome's growing share.
Chrome however isn't just growing entirely at IE's expense. It has also had an impact on Mozilla's Firefox too.
When Chrome came out in 2008, I don't think it was clear to me that four years later I'd be talking about Chrome version 23. That's right, Chrome has pushed out an average of 6 or more stable browsers a year, every year since 2008.
That incredible rate of release has not been mimicked by IE. IE continues to evolve at a comparably glacial pace. For those that require Google Apps and modern web apps in general, IE simply doesn't move fast enough.
But what about Firefox?
The impact of Chrome's rapid development has led to Mozilla's own rapid release cycle. When Chrome was first released, I was thinking about Firefox 3. Now I'm writing about Firefox 15. Of course, numbers don't really matter all that much, but there is no doubt in my mind that Chrome forced Mozilla's hand in a way that likely would not have happened otherwise.
That said, Firefox is likely better today because of Chrome. Personally I preferred the slower release cycles that Firefox once had. As a journalist (and a wannabe web dev) it's just easier for me to consume new development innovation in a less rapid way. That said, the reality of the modern web is that we all rely on big web properties and those big web properties all move fast and are able to take full advantage of new innovation faster.
While Chrome has made the web move faster, it is clear to me that Chrome isn't likely to kill Firefox either. While Firefox does have some Chrome inspired features (silent updates etc), they are delivered differently than the Google approach.
Firefox continues to have a standalone search box and Firefox continues to respect user choice in a way that no other browser does. Mozilla, though it's PR, marketing and outreach efforts are far from perfect, still has a vastly superior and more transparent workflow that lets users, developers and even journos like me, easily follow the path of development. No such clear transparency exists with Chrome.
From the beginning, Firefox has always been about user choice and transparency. That's why in a world where there is more browser innovation than ever before, I personally continue to choose Firefox and so do millions of users.
So happy birthday Chrome, nice browser, but I'm happy sticking with Firefox.
Mozilla Lays Out Firefox Enterprise 17 Release PlansBy Sean Michael Kerner | September 05, 2012
From the 'Open Source Upgrade or Else!' files:
Enterprise users were never really fans of Mozilla's insanely rapid release cycle for the open source Firefox web browser. So, in order to help out enterprise users, Mozilla launched the ESR (Extended Supported Release) with Firefox 10. That ESR is still maintained with security updates as Mozilla updates the mainline branch currently at Firefox 15.
Mozilla developer Alex Keybl has now detailed the plans for how Firefox ESR 10 users will migrate (or not) to the next ESR release. The plan is for the next ESR to be based on Firefox 17 which should be out around November 20th.
Existing ESR 10 users will then have until February 19th of 2013 when the Firefox 19 release is out to upgrade voluntarily.
That's right, Mozilla plans on 'automatically' updating Firefox ESR 10 users after February 20th.
You would think that Mozilla would simply auto update ESR 10 users to ESR 17, but that's not the current plan. Currently the plan is to do the auto-update to Firefox 19.
"If a user is still on ESR17 after 2/19, we can be confident that they were not a part of a deployment scenario requiring qualification, and we'd like to instead support them on mainline Firefox," Keybl said. "This is similar to what we did with our final update of Firefox 3.6 (it was also updated to mainline), which was also in an extended support scenario."
We are still more than five months away from that cutover date, so there is time for that auto-update decision to change. Personally I understand the rationale, but I also think it makes more sense to stick with an ESR if a user already is on the ESR.
Mozilla Fails to Bring Firefox Home on iOSBy Sean Michael Kerner | September 04, 2012
From the 'But It's Open Source?' files:
Back in 2010, Mozilla's was all over the place promoting the open source browser vendor effort to sync Firefox on Apple iOS devices.
Now, two years later, Mozilla is throwing in the towel, giving up on Firefox Home.
I think it's another example of why none of us should really trust Mozilla to follow through on every good idea they have. Home is now another failure in a recent string of Mozilla efforts that I personally relied on, that have now been cut as the browser giant moves on to other things (I miss Prism!!)
"We have decided to remove Firefox Home from the Apple App Store and focus our resources on other projects," Mozilla stated in a blog post.
Yes, the code behind Firefox Home is open source, so yes theoretically none of us are truly stranded. Then again, the complexity underlying Mozilla's Firefox Sync service is non-trivial, and neither is the process of getting an app into the Apple store today.
Mozilla also won't allow a regular schmo like me to use the name Firefox – so even if I had the skill (which I don't) to properly figure out and maintain my own fork of Firefox Home and then go through the effort of bringing it to iOS, I couldn't call it Firefox Home Reborn (for example). As such how would users find it?
I think it is somewhat sad that a group making as much money as Mozilla ($70 million this year anyone?) no longer has the resources to keep a 'simple' app like Firefox Home alive – and then has the audacity to think that the 'community' will be able to do it instead.
Of course, I hope to be proven wrong. Nothing would make me happier than to see a community rise up, fork Firefox Home on github and then actually release and maintain a stable client on the Apple AppStore. As of the time of this post, the code has been forked 24 times on Github....so we'll see.