Red Hat Linux Born on Halloween and Still Scaring the Pants off Proprietary Operating SystemsBy Sean Michael Kerner | October 31, 2012
From the 'Scary Stuff' files:
In October of 1994, on All Hallow's Eve, Marc Ewing released the first publicly available distribution of Red Hat Linux. It's a release that has become known as the Halloween release.
Back in 1994, Linux was a scary beast. It was a nascent effort that was just getting going, full of complexity and loaded with promise. I think in 1994 that Linux scared a few users, but I doubt it really scared the big proprietary vendors. Linux at that time was still mostly a hobbyist type effort, but the first Red Hat Linux release started the process that would change that mentality forever.
Since the Halloween release, Linux likely has scared more than a few proprietary operating system vendors. Red Hat in particular has taken large share from big Unix vendors and today stands as a billion dollar business. That sure is a far cry from the Halloween release of 1994.
So was the Halloween release a Trick or a Treat? Clearly in hindsight it was the beginning of a great success story, one that started off on the scariest of all nights on the calendar but has now become the cornerstone for modern compute infrastructure.
Mozilla Firefox 16.0.2 Locks Down on Location SecurityBy Sean Michael Kerner | October 30, 2012
From the 'Location, Location, Location' Files:
In the most basic sense, programming code allocates specific locations in a program (or memory) that can be used for specific tasks. When code (malicious or otherwise) escapes those locations, trouble isn't usually far behind.
The new Firefox 16.0.2 update is really all about the problem of location, fixing a trio of critical flaws.
CVE-2012-4194 is titled, 'Location can be spoofed using |valueOf| and it's basically an XSS attack vector.
CVE-2012-4195 is titled nsLocation::CheckURL can use the wrong principal and allows for cross origin reading of the Location object.
The third location flaw is actually an omnibus grouping of location issues that Mozilla has simply titled, ' More cross origin location access problems'. The Bugzilla entry page for the 'more' problems is not publicly accessible so it's not clear what the specific issues are.
I can't remember the last time I saw such a grouping of location related issues in Firefox. It will be interesting to see if this was just a coincidental one-off grouping of flaws or if this is actually indicative of deeper root cause set of issues that will be exposed in the months ahead.
Open Source Orion 1.0 Browser based Code Editor Goes LiveBy Sean Michael Kerner | October 29, 2012
From the 'Cloud Code editor' files:
Back in January of 2011, the Eclipse Foundation announced the development of Orion, a browser/cloud based IDE. At the time, Mike Milinkovich, exec director of the Eclipse Foundation told me that Orion is more than just Eclipse in a browser. It's a view that he re-iterated today with the official launch of Orion 1.0
"Orion is a completely new open source tooling platform, which provides an open, extensible tooling platform and a set of re-usable components for building web tools which run in your browser," Milinkovich blogged.
Orion is already in use as the code editor in Firefox's Scratchpad.
As part of the 1.0 release, the Orion developers are highlighting the OrionHub.org site as as live production demo of the power that the Orion platform can provide.
"OrionHub is a demonstration of all the components together providing a pure Cloud based development platform," Orion developer Ken Walker wrote. "At the heart of Orion is a client side plug-in and micro service framework and this allows secure extensibility from multiple sites completely in the browser. This seems to get missed when reviews are done comparing Orion to other web based development tools."
Those other web based development tools include the Cloud9 IDE which also has an association with Mozilla.
Overall though what Orion signifies is the continuing trend toward development in the cloud for the cloud. While I don't think or see developers en masse abandoning Eclipse based IDEs on the desktop this year or even next, it is a new paradigm that will see adoption over time. As the cloud based IDEs grow in power and as CIO's make the Capex vs Opex decision on hardware to run IDEs, there is however little doubt in my mind that at some point in the next 5 to 10 years there will be an inflection point where more development is actually being coded in the cloud than not.
Dear Microsoft, Thanks for Windows 8! Love LinuxBy Sean Michael Kerner | October 25, 2012
From the 'End of the Traditional Desktop' files:
Microsoft has a big launch event today in New York City for Windows 8. Surprisingly I got invited, but no I won't be there. Linux users like myself however really should thank Microsoft though, Window 8 is truly a great gift.
Unlike Windows 7, which provided Microsoft's large user base with an evolutionary path forward from Windows XP, with a look, feel and overall experience that was better – Windows 8 is a different beast.
I've had to support a couple of Windows 8 (preview) users for a few months now and the experience has taught me one thing – Windows 8 is unlike other Windows and it's not something that most users will like. In my case, the users wanted Windows (but they wanted it for free) so I said 'hey you can try Windows 8. Windows 8 takes an app-centric view of the desktop, which might work for tablets, but deskop users aren't used to that. In fact, in my users' experience the most often clicked app was 'desktop' because all they wanted to do was get the 'regular' Windows experience.
It's a GOLDEN opportunity for Linux.
Linux (be it GNOME Shell, Unity or KDE 4.x) has already undergone a desktop evolution. While I personally don't like Shell or Unity (MATE/Cinnamon!), the bottom line is that Linux today offers desktop users more choices, traditional or otherwise than Windows 8. With such a massive change in Windows 8 that is undoubtedly disruptive to the vast majority of Microsoft's user base, Linux can and should emerge as a free and genuine alternative.
Unfortunately, no major Linux distribution vendor is really pushing that message. But I also have no doubt that legions of IT consultants and help desk types will push the message. Linux will move forward from the ground up and creep in for those users that don't want Windows 8, can't afford Mac and don't want to pirate Windows 7. No, it's the Linux desktop dominance dream that many people once had, but it's more realistic.
Market disruption is always an opportunity for change and Window 8 is disruptive. The various Linux desktop out there provide a real option for this new era. The app centric view of the world is not how desktop users work. It's a reality that Microsoft should understand but they don't.
Windows 8 will likely dis-enfranchise millions from the Microsoft treadmill of desktop dominance updates of the past two decades. I know there are some analysts who claim that enterprises will move to Windows 8, but if you look closely, many of those analysts are the same that predicted that Itanium would dominate by now. 2013 is not going to be the year of the Linux desktop, but it will likely be a year in which (some) users realize they have a choice.
Apache Elevates Open Source OpenOffice – So What?By Sean Michael Kerner | October 18, 2012
From the 'Yeaah, I'm a LibreOffice User – ' files:
There was a time when OpenOffice was where I spent a good chunk of my work day. Those days are now in the past, as I've moved on and so has every single major Linux distribution. We've all moved to a faster more agile open source office suite. We have moved to LibreOffice.
Today the Apache Foundation announced that OpenOffice has been elevated to Top Level Project status. Big whoop. The project had been incubation but come on?! Seriously this was just a process issue.
Projects go to incubation as part of the process and to also gain support and broader base of contribution. Sure, the process takes time, but can anyone tell me if the base of participation has actually expanded at Apache? Please?
This is what I got out of the official Apache press release:
"The graduation of OpenOffice is testament to The Apache Way successfully scaling from incubating 'ingredient brands' to a highly-established end-user product," said ASF Executive Vice President and Apache OpenOffice mentor Ross Gardler in a statement "The incubation process allowed experienced Apache contributors to mentor the project, helping both new and established OpenOffice contributors build an Apache-style community that is both open and diverse."
I know…IBM has lots of users and is a big backer. That's a good thing. Yes the Apache Way is a brilliant process too.Don't get me wrong either, if given the choice between Microsoft Office or OpenOffice on a Windoze box, there is no choice what I would choose.
In any event, truth is that not all project move to Top Level status, moving code is not an easy thing either. Kudos certainly are due to Oracle for moving this forward too, instead of simply letting it die.
There is still a base of OpenOffice users that cannot or will not move to LibreOffice – for them (not for me), the move to Top Level Project status is reassurance that they will have a home for some time to come.
OpenStack Summit Analyst Panel - Fragmentation and CommercializationBy Sean Michael Kerner | October 18, 2012
From the 'Cloud Punditry' files:
SAN DIEGO. Thanks to the OpenStack Foundation, I got to sit on a panel event this week alongside some industry analysts (Gary Chen/IDC, Steve O'Grady/Red Monk and Krishnan Subramanian. Yeah, that's right I was the only press guy on a panel of analysts and no I wasn't the moderator.
There were a few surprises in the session, not the least of which was the fact that the room was packed. Clearly people wanted to know what we had to say. And no it wasn't just pr or analyst relations folks either, it was mostly people in operations.
The biggest question that dominated half of our time was about commercialization. The FUD being that OpenStack has now just become some kind of cabal of commercial vendors and that's bad.
No I didn't agree with that assessment. I just reminded the analysts that THE Linux experience was different and that has colored some viewpoints in the media and elsewhere. With Linux, we started off with Slackware and Debian and we started off with hobbyist developers.
The cloud is going the other way.
While you can run a cloud in your basement if you want (yup, that's me!) it really is A data center and enterprise IT challenge. It's something where there is a need now and there are people willing to pay money for support. That's a good thing. It has fueled the rapid growth of innovation in OpenStack.
The risk – and one I mentioned during the panel – is that of fragmentation. It's an idea that Steven O'Grady echoed as well. As multiple vendors jump in, and as people begin to deploy there is a (small) risk that we could end up with Android style fragmentation. That's where it's still (mostly) open source but different versions and vendor specific enhancement make for lots of developer (and user) challenges.
There were some on the analyst panel that weren't perhaps as bullish as I am on OpenStack, but all were positive. There is clear acknowledgement that it is the way forward.
The risks that face OpenStack today are far fewer than what faced Linux in the early days. Sure there is FUD. But the backing of all those commercial sponsors, all of them are embracing the open source model, from Dell to IBM to HP to Cisco to Intel, is something Linux did not have in the beginning.
Linux took off into mainstream it when many of those same vendors embraced Linux. With OpenStack the same thing is happening, just a whole lot faster.
OpenStack Summit Board. Please Stay Open Source (avoid Open Core!)By Sean Michael Kerner | October 12, 2012
Next week is the OpenStack Summit and I couldn't be more excited. This isn't just a typical IT conference where vendors pitch their wares (though that will be there too). This is a working conference where the future of OpenStack will be mapped out.
This is also the first big board meeting since the official formation of the OpenStack Foundation last month. So yeah, lots on the table.
OpenStack in its short life has gone from being an interesting idea led by Rackspace and NASA to being a massive organization with nearly every big IT vendor name that I write about including Cisco, IBM, Dell, HP, Red Hat and many, many more all having a seat at the table.
The reason why OpenStack has become a fantastic success story in progress is due to a dozen or more reasons. For me, the most important reason is open source.
Open Source isn't just a buzz word (though plenty of marketing folks do toss it around as such). Open Source is the foundation for true innovation and customer choice. With true open source there is interoperability and there is compatibility. With true open source, there is almost no lock-in either.
One of the reasons why OpenStack is now racing forward is because the model feels very much like Linux, with a core upstream base and then distributions built around it.
As the OpenStack Board gets together on Monday – I have just one request – Don't abandon Open Source in favor of Open Core.
In the true Linux model, (hurray GPL!) everything should flow from the upstream. It's not just a question of API openness, it's about code openness. OpenStack Nova, Swift, Horizon and Quantum need to remain entirely Open Source.
In the Open Core model, vendors bake in proprietary tech, leaving the core base as essentially cripple-ware that won't work unless you pay. Open Core also leads to interop challenges (yeaah I know API compatibility is nice but it's not enough).
Personally I would want to see the whole project be GPL to enforce that openness, but I know that's not likely a reality.
I understand that vendors want and need to have competitive differentiation. That makes sense and the cloud is not a charity. The competitive differentiation should not come from the core OpenStack bits though. It should come from management overlays, improved reporting, interface (GUI) work as well as integration with proprietary enterprise and data center technologies. Differentiation should come through execution, service and support.
So to you the Board of the OpenStack Foundation I make this request: please ensure that upstream remains the primary target for innovation. Please ensure that members don't just build proprietary, but also contribute back upstream. Please ensure that instead of a large community of consumption that a large community of contribution and open source innovation remains the way forward.
Thank you and looking forward to seeing you next week at the OpenStack Summit.
Shameless plug: I'm on a panel session Tues at 11:50 AM, drop by and say Hi!
Mozilla Firefox 17 Gets SocialBy Sean Michael Kerner | October 11, 2012
From the 'Flock to This' files:
Firefox 16.01 (updated today) is out the door and that means Firefox 17 is now in Beta (those trains move fast!).
This release like the the last half dozen before it - adds new developer goodness - but this time it's more sociable than just CSS3 support.
Firefox 17 includes the new SocialAPI , which is described as an attempt to integrate social content (i.e Facebook) into the browser.
Yes, I know others have tried in the past. Flock (fail!) and now RockMelt (fail in progress) are just a few browser attempts at better social integration.
The Social API though is different. More than just an add-on, this is API level integration. That means it's extensible at a deep level and can be integrated into the fabric of the modern browser experience.
According to Mozilla:
As services integrate with Firefox via the Social API sidebar, it will be easy for you to keep up with friends and family anywhere you go on the Web without having to open a new Web page or switch between tabs. You can stay connected to your favorite social network even while you are surfing the Web, watching a video or playing a game.
I think that is tremendously powerful. Sure every website has some kind of tweet/like this or that button, but baking social integration at the browser level makes the social aspects of the web pervasive in a deeper way.
We've all heard about the Social Network - now it's time for the true Social Web, enabled by openness and spearheaded by the good folks at Mozilla.
Red Hat Moves to Open Source Polymita, Integrate FuseBy Sean Michael Kerner | October 10, 2012
From the 'Aquire, then Open' files:
Red Hat today revealed its plans for integrating a pair of recent acquisitions into its JBoss portfolio. FuseSource and Polymita were both acquired by Red Hat in recent months and now we're finally finding out what the plans are for those two companies.
The TLDR version of the press conference is that Red Hat is planning on integrating both companies into broader JBoss branded efforts. FuseSource will land alongside JBoss SOA, while the Polymita tech will integrate with JBoss BRMS (Business Rules Management System).
So no, no surprises on that press call. Well actually there was one.
I didn't realize that the Polymita tech was closed source (FuseSource leverage Apache Camel, so no trouble there).
In true Red Hat fashion, the company pledge to open source the technology. It's a promise that Red Hat has made time and time again over the last decade. I remember well when Red Hat acquired the Netscape Certificate Server tech, which was later open sourced. More recently, Red Hat has open sourced the former Qumranet virtualization tech (in RHEV).
It is admirable how now matter what, Red Hat's open source core remains the core.
Red Hat OpenShift Embraces PHP and ZendBy Sean Michael Kerner | October 09, 2012
From the 'Open Source PaaS' files:
I'm a PHP guy (yeaah that's right) and I'm also a Red Hat (Linux) user, so when those two technologies get together - I'm plenty interested.
Red Hat is now partnering with commercial PHP vendor Zend on bringing PHP to the OpenShift PaaS. OpenShift was first announced back in June of 2011 and from the very beginning, Isaac Roth (the PaaS Master) told me that the plan was to be as open as possible.
Yup, Red Hat (hello JBoss!) isn't a PHP company, but they know who to turn too to make PHP support a reality. The new partnership brings the Zend Server (integrated PHP server system) to OpenShift. That means if you're a PHP dev that wants to run on OpenShift, it's now dead simple.
Sure, you could have done it on your before, but Zend Server is really a great technology (and hey commercial support !). And sure, Zend has the PHP cloud, if you're a PHP dev that wants to get into the cloud, you didn't have to wait for OpenShift. So no, this is not something entirely unique - but yes it does expand the range of choice available to both Red Hat OpenShift users as well as PHP users.
"With millions of PHP developers in the world today, it is exciting to be able to collaborate on an offering that combines the power of Zend’s leading tools for PHP developers and our enterprise-grade application server with the flexibility and strong ecosystem of integrated partner solutions that Red Hat is building with the OpenShift platform," Andi Gutmans, CEO of Zend said in a statement.
Mozilla Firefox 16 Delivers More Dev Tools. Hello Browser IDEBy Sean Michael Kerner | October 09, 2012
From the 'open source goodness' files:
Mozilla's Firefox 16 open source web browser is now generally available and with it comes more goodies for developers.
That's right. While Firefox has long positioned itself as browser for users, the focus since moving to the rapid release train cycle has clearly shifted – towards developers. I personally think that's a good thing because it's not something that any other major browser vendor does.
The Mozilla focus on developers means that developers will use Firefox more than other browsers. If developers use it more, I suppose that the prevailing notion is that they will also be more prone to recommend it to others, thus feeding a virtuous cycle of referrals and future adoption.
So what's new for developers in Firefox 16?
The big new item is a developer toolbar. This toolbar is yet another element that Firefox is adding (on top of the Web Inspector and the 3D view that is the pinnacle of awesome – first introduced in March with Firefox 11)
Mozilla developer Joe Walker explained in a blog post that the new toolbar also includes a command line.
"It's a great place to add small tools and experimental features, and we're making it easy to add your own commands," Walker blogged.
From a practical point of view this new toolbar makes it easier to access and control, other tools that Mozilla has already baked into Firefox. One of the nifty little commands that Mozilla has also included is something that I've never seen before – called screenshot. Mozilla developer Kevin Dangoor explained in a post that the screenshot command can quite simply grab a screenshot of whatever element you want. The Export command is a simple way to, export HTML.
Sure these are things that you could kinda/sort do before, but not from a simple CLI. Firefox is now evolving into what I will call the world's first true Browser IDE. View Source is still fun for me, but with all the goodness now exposed through the dev toolbar, I suspect that view source won't be used nearly as much in the years ahead.
Mozilla has also moved to stop accepting MD5 hashes in signatures and memory reporting is now getting a boost with the about:memory per tab reporting feature.
While I'm always a user of the leading edge of Firefox's generally available releases, I still tend to not recommend them for enterprise usage. It never ceases to amaze me how many custom built applications seem to break with each Firefox release. Thank goodness for Firefox ESR (but hey you devs out there stick with Firefox 16 and get your code in gear!).
Open Source Python 3.3 Boosts VirtualizationBy Sean Michael Kerner | October 01, 2012
From the 'It's Done When It's Done' files:
Over two and a half years after the last major release of the open source Python language, Python 3.3 is now generally available.
When Python 3.2came out back in March of 2011, most of the world's Python developers were still running Python 2.x
Today, there are still a fair number of Python 2.x applications and code out there, but that's ok – Python 3.3 has features in it designed for easier porting of code from Python 2.x to 3.x.
PEP 414: Explicit Unicode literals is one such Python 2.x transition features.
"To ease the transition from Python 2 for Unicode aware Python applications that make heavy use of Unicode literals, Python 3.3 once again supports the “u” prefix for string literals," the Python 3.3 release notes state.
Looking at new features, one of the ones that interests me the most is PEP 405 for virtual environments
"Virtual environments help create separate Python setups while sharing a system-wide base install, for ease of maintenance," the release notes state. "Virtual environments have their own set of private site packages (i.e. locally-installed libraries), and are optionally segregated from the system-wide site packages."