Will Mozilla Firefox 20 Fix Private Browsing?By Sean Michael Kerner | November 30, 2012
From the 'Enhanced Porn Mode' files:
All the way back in 2008, Mozilla brought Private Mode (aka Porn Mode) to Firefox 3.1. Over the last four years, not a whole lot has changed in Firefox's implementation of private mode, but that might change with Firefox 20 in 2013.
Currently when a user enters Private Mode, a new browser window spins up in Firefox (it works the same for Google Chrome's Incognito mode). The problem with Firefox is that the Private Browsing mode can only operate with the one Private window – that is users cannot concurrently have a regular Firefox window and a Private Browsing Firefox Window open at the same time.
Firefox 20 could change that model (maybe)
There is a 'bug'that has been in Mozilla Bugzilla since November of 2008 to fix the issue. It's a bug that has also had some 'heated' discussion.
"Keeping a highly frustrating bug like this around for nearly four years has certainly caused some users to switch to Chrome," one bugzilla commenter wrote.
On a positive note, this week I noticed at least 8 code checkins on Mozilla Central for Private Tab features on Firefox for Android. It looks to me like this is work that would likely show up as Firefox 20, though it's unclear exactly how and if that would finally actually fix the private browsing bug – but I am hopeful and I have seen some chatter that makes me think that this bug might finally be squashed in 2013.
**UPDATE** Experimental builds are now available with the Private Browsing fix!!
Google Chrome 23 Updates Security Thanks to Address SanitizationBy Sean Michael Kerner | November 28, 2012
From the 'open source hygiene' files:
For the last several years, I have seen the same flaws again and again show up in the security vulnerability list for Google's open source Chrome browser (and to be fair in Firefox lately too).
Use-after-free errors are common and frequent in browsers. Google updated Chrome this week to version 23.0.1271.91 fixing six flaws and paying out $1,500 in bug bounties.
Use-after-free errors that were publicly acknowledged by Google for the Stable update include a use-after-free flaw in SVG filters and a use-after-free flaw with printing. I suspect that a few more were found (and fixed silently) during the early development phases as well.
Time and again, Google credits the use of its open source AddressSanitizerprogram which is a memory error detection tool. Is identifying memory security issues in Chrome as easy as just pointing AddressSanitizer at the code base?
Sure seems that way, doesn't it?
As an open source effort, other browsers and hey any other code base can leverage AddressSanitizer too to help identify flaws. Why do all these memory errors occur in the first place?
I'd suspect that it's simply due to the fact that a tool like AddressSanitizer is not leveraged during the actual development process as some kind of IDE plugin, before code is ever even checked in. Yeaah, I know, it's likely not that easy…or is it?
Fedora 18 Linux Rolls Spherical Cow BetaBy Sean Michael Kerner | November 27, 2012
From the 'Good Things Come to Those Who Wait' files:
Fedora 18 was originally scheduled to have its first beta release on October 2nd. Things change, bugs are found and now at long last Fedora 18 Beta is now available.
There is a lot to like about Fedora 18 aka the Spherical Cow and I've been eagerly looking forward to this releasesince mid-August when the feature list first came out.
Among the key items that I was excited about then and still am now are the inclusion of ownCloud (it's a must have open source cloud sync/storage utlity), MATE (Does anyone like Shell? Seriously? Really Anyone? Bueller??). Unfortunately Cinnamon is not a core feature for Fedora 18, though if you're like me, you'll likely find yourself searching it out in a repo and installing it anyways.
On the virtualization side, Fedora 18 will be the proving ground for technologies that Red Hat is already pushing for production. One of those features is Virt Live Snapshots, which is already in the RHEV 3.1 beta. With that feature, KVM users can easily take a live snapshot of a running VM.
The oVirt engine 3.1 is also landing in Fedora 18, which is another core component for the RHEV 3.1 release.
Then of course there is OpenStack Folson, which again is something Red Hat is already previewing for Enterprise customers.
I've also been very excited since at least June for the new Initial User Experiencewhich was supposed to be in Fedora 18, which also includes an improved Anaconda graphical installer. My experience with Anaconda, goes way back to when I first used it with Caldera Linux (eeww SCO, I know!!) , but a whole lot has changed since then.
Anaconda isn't the only installer getting a boost by the Cow. There is also a new facility for doing offline updates via PackageKit and systemd that looks really interesting (no it's not kSplice Oracle!)
"By "offline" OS updates we mean package installations and updates that are run with the system booted into a special system update mode, in order to avoid problems related to conflicts of libraries and services that are currently running with those on disk," The Fedora wikiexplains. "Updates will be downloaded in the background, and the user will be informed about available updates only once they are actually ready to be installed. "
The list of featuresfor Fedora 18 overall is truly impressive and represents the leadership role that Red Hat funded developers have across the open source landscape.
Firefox 18 Gets an Ion Boost of Open Source AccelerationBy Sean Michael Kerner | November 26, 2012
From the 'More Monkey Business' files:
Firefox 18 is now officially in Beta and it is likely to be the fastest browser ever released by Mozilla.
When I asked Mozilla bout IonMonkey here is what I got back:
Linux users however have no such issue. Public releases of 64 bit Linux are available at: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest/linux-x86_64/
So, if you want the fastest Firefox possible with the most addressable memory, you really want and need to be running Firefox on Linux.
Vyatta Core 6.5 Open Source Network OS Now Out. Your Move Brocade.By Sean Michael Kerner | November 21, 2012
From the 'Open Source Acquisitions' files:
The first time I had ever spoken with Vyatta, it was about the company's open source routing Linux distribution. That was back in 2006 and while many things have changed, some things haven't.
Vyatta Core (VC) 6.5 was released this week marking the latest iteration of the company's open source routing platform. The new release includes a policy-based routing engine for traffic prioritization. It also includes some interesting VPN features including a Virtual Tunnel Interface (VTI).
"A VTI provides a termination point for a site-to-site IPsec VPN tunnel and allows it to behave like routable interfaces," Vyatta staffer Stephen Harpster wrote. "In addition to simplifying the IPsec configuration, it enables many common routing capabilities to be used because the endpoint is associated with an actual interface."
VC 6.5 also now supported IPsec for IPv6.
VC remains open source goodness as it has for the past six years. What has changed is the Vyatta as a company has expanded with a Software Defined Networking focus. Vyatta has also recently been acquired by networking vendor Brocade.
I always worry that when an open source vendor gets acquired that the core project is at risk. When I spoke with Vyatta CEO Kelly Herrell about the acquisition earlier this month, I specifically asked him about the open source core. He told me that open source is central to Vyatta and is set to remain so.
The VC 6.5 release to my knowledge is the first Vyatta open source release in the Brocade era. Let's hope that trend toward a vibrant and evolving open source Vyatta Core release continues for many years to come.
PHP 5.5 Open Source Set to Include New Password Hashing APIBy Sean Michael Kerner | November 20, 2012
From the 'Nope, Still Not PHP 6' files:
Work has now officially begun on PHP 5.5. This will be the first major update since PHP 5.4 debuted earlier this year. Work on major milestone releases has been painfully slow in recent years, so it'll be interesting to see how fast (or slow) PHP 5.5 matures.
The biggest new item set to land in PHP 5.5 that caught my eye is the new Password Hashing API.
PHP developer, Anthony Ferrara explained in his rationale for the new Password Hashing API that, "as recent attacks have shown, strong password hashing is something that the vast majority of PHP developers don't understand, or don't think is worth the effort."
"The current core implementations of strong password hashing using crypt() are actually fairly difficult to work with.," Ferrara wrote. "By providing a simple API that can be called, which takes care of all of those issues for you, hopefully more projects and developers will be able to use secure password hashing."
Makes sense to me. Let's just hope that it doesn't take years until PHP 5.5 is officially released before developers are able to take advantage of this security innovation.
FreeBSD Open Source OS Breached. Should We Be Worried?By Sean Michael Kerner | November 19, 2012
From the "Here We Go Again' files:
The open source FreeBSD project publicly revealed on Saturday November 17th, that an intrusion had been detected in their server infrastructure on Sunday November the 11th.
Why the week delay? I don't know. According to a FreeBSD email, the affected machines were taken offline for analysis as a precaution.
According to FreeBSD, " We have found no evidence of any modifications that would put any end user at risk."
However on further analysis the FreeBSD security team also noted that, "…a package set uploaded in preparation for the upcoming FreeBSD 9.1-RELEASE could not be verified, and so was removed."
"As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to further improve our resilience to potential attacks," FreeBSD stated.
Unfortunately, these kind of breaches seem to happen every so often. Debian has been hit in the past as has Fedora and even the Linux Foundation.
Breaches occur. That's reality.
What's more important though is that they are identified and that the open source development process can adjust rapidly. With the distributed nature of open source development, there are a lot of devs all over the place. Yet it is that centralized nature of the servers, sha1 hashes and even subversion that can contain and mitigate risk quickly.
Fedora 19 Linux Will Be Called Schrödinger's CatBy Sean Michael Kerner | November 15, 2012
From the 'I CAN HAZ LINUX?' files:
The voting is done and we now have a name for Fedora 19 Linux which will be out sometime in early 2013.
The successor to Spherical Cow will be:
Loch Ness Monster
and Cubical Calf
Ok so we know the rules are that the name of one release needs to be linked somehow to the name of the prior release.
So how is the Cat linked to the Spherical Cow?
Well apparently both are theoretical thought experiments.
That may be so..but personally i expect this to be a mega winfall for lolspeak. What is clear is that thanks to Beefy Miracle, Fedora names have gone off on a wacky tangent. Though I sure did like more logical names like Verne, at least these names are picked by the community and not just the next letter the alphabet and some animal name that no one has ever heard off.
Mozilla Pulls In $163.5 Million in 2011 RevenueBy Sean Michael Kerner | November 15, 2012
From the 'Open Source $$$$$' files:
Mozilla released its 2011 financial report today showing staggering growth in revenues for the open source browser vendor.
In 2011, Mozilla generated $163.5 million in total revenue, up from $123.2 million in 2010. Of that $163.5 million, royalties account for the biggest share coming in at $161.9 million.
"Mozilla receives royalty income from contracts with various search engine and information providers," the Mozilla report states. "Revenue from these contracts is determined by the search and information providers based upon end user activity. In addition, Mozilla receives royalties from the sale of various products on its website."
So yeah, Google is Mozilla's primary source of revenue.
The $163.5 million figure is an astounding figure when you consider that in 2007 Mozilla's revenues were 'only' $75 million. So Mozilla was able to double revenues in less than four years, during the worst economic slowdown of the modern era.
I would strongly suspect that as FirefoxOS begins its rollout in 2013, that by 2015 we will see that Royalty figure grow to include more than just search providers but mobile providers as well.
WordPress Makes a Bid to Bring Open Source CMS To Cities around the WorldBy Sean Michael Kerner | November 14, 2012
From the 'Fiscal Restraint' files:
Every city in the world needs to have a website. The good people at open source CMS vendor WordPress think that CMS should be free too.
So WordPress is now offering a WordPress.com/cities setup and account for any city for free. This is the hosted version of the open source WordPress code that powers more blogs than any other software on Earth.
The Cities service goes beyond the basic free version that WordPress has offered for years – with templates set up for common city content.
"While millions of users turn to WordPress.com to build their blogs, organizations like yours can also take advantage of our platform to build a non-blog site too," WordPress developer Chris Finke wrote.
Open Source is of course no stranger to supporting government websites. The open source Drupal CMS is the engine behind the Whitehouse, the FCC and the U.S. Congress.
While the hosted side of WordPress is moving to support city governments, work continues in the core open source project on version 3.5 WordPress 3.5 is currently at the Beta 3 stage with a final release due out before Christmas.
Mozilla Popcorn Highlights the Power of Open Source HTML5 Beyond FirefoxBy Sean Michael Kerner | November 13, 2012
From the 'Remix' Files:
Sometimes it's easy to forget that the mission of Mozilla is about more than just the browser. Mozilla is about enabling the open web in all of its glory and it is taking the latest step with an innovative HTML5 web tech called Popcorn Maker.
While Popcorn Maker is a Mozilla tech, for a laugh, I decided to run it in the latest version of Chrome. Guess what? It works.
The reason why it works? It's all HTML5 standards based meaning anyone that properly implements standards should be good to go.
Popcorn maker is basically a simple video markup tool that lets user drag 'events' that is a popup a link an image, a link to Wikipedia etc on top of the video. The video needs to be sourced from a web resource (that is it's not a large local 1080p video), but it's still neat. NO this is not a replace for Adobe Premiere, or even the open source OpenShot or Kdenlive, at least it's not today.
That said, all kinds of neat capabilities, like the ability to loop a video, pause inline, or insert a googlemap. You can compose multiple layers (as in any multi-track video or audio editor today) but it lacks full audio capabilities now such that users can overlay new audio.
From my point of view, there are also some obvious copyright questions too. Just because a video is accessible over the web doesn't mean that it can legally be changed (or popped with Popcorn) and then shared with others (does it?). Yeaah I know it's all good fun and trust me I'm not a lawyer (today), but the reality of the modern world is that not all content is ready to be popped.
Popcorn Maker really is marginally more powerful than the inline video editing that YouTube has provided for some time – but there is a big catch here – this isn't just for YouTube. Popcorn (copyright concerns aside) is for anyone that has access to the web and an HTML5 enabled browser.
I would assume that given HTML local storage capabilities that if someone really wanted too, a more robust full non-linear video editing tool could emerge sooner rather than later. The browser isn't just for viewing web pages anymore.
Mozilla Firefox turns 8By Sean Michael Kerner | November 09, 2012
From the 'Open Source Goodness' files:
I remember well when I wrote about Firefox 1.0, which was officially released on November 9th, 2004. It was a very different time - and it was 8 years ago.
Mobile then meant WEP. A book meant paper and Firefox was the only game in town when in came to browser innovation.
Remember back in 2004, a tabbed browser was still a major innovation for the majority of the world's Internet users.
Firefox itself is also evolving.
8 years ago Firefox was a product platform name. Today Firefox is a brand in its own right. A brand that likely eclipses the Mozilla name itself too. With Firefox OS now in development and a Firefox Marketplace (aka AppStore), the Firefox brand isn't just about the browser anymore.
I've been writing about Firefox since day 1, and it has been a fun ride everyday since.
Congrats Mozilla, your little browser is growing up to be something much more.
Fedora 18 Linux Delayed to 2013By Sean Michael Kerner | November 08, 2012
From the 'Don't Have a Cow – in 2012 – Man' files:
Last week, Fedora pushed back a milestone beta release, but still committed to getting the final Fedora 18 (aka the Spherical Cow) before the end of the year.
That plan changed late Wednesday. The Beta is being delayed by an additional two weeks, making a 2012 release of Fedora 18 a non-starter.
Fedora 18 Beta release is now set for Nov 27th with a final release set for January 08, 2013.
That would mean that for the first time in Red Hat's history, we wont' see two Fedora (or two community) releases in one calendar year. The original plan for Fedora 18 had a release date as early as November 6th.
The latest set of delays however important items are. The installer, upgrade and Secure Boot teams all need more time to get their tech polished. So instead of religiously sticking to a fixed date like some distros, Fedora is erring on the side of quality. For those of us that rely on Fedora as an everyday operating system, this is a good thing.
Reality is that the existing Fedora 17 release is still pretty snappy,so the Beefy Miracle will live on….
Google Chrome 23 Open Source Browser Won't Track You - Or Will It?By Sean Michael Kerner | November 07, 2012
From the 'I like to eat cookies, not save them' files:
More than a year and a half after Mozilla first led the way by promoting Do Not Track (DNT) technology for Firefox 4. Google is now finally on-board too, with the Chrome 23 release.
The basic idea with DNT is it gives users the choice to either allow or block sites from tracking them. Seems like an obvious and easy enough idea – and frankly I have not idea why it has taken so long to implement.
Oh wait, maybe I do.
Google owns ad networks that track people.
So, if Google doesn't allow those networks and the sites they run on to track, that could cost them money. Yeaah, sure Google is doing the right thing now by implementing DNT, but I'm still a little skeptical about their larger motives. I have no such skepticism with Firefox's DNT, since they don't have a multi-million dollar ad revenue based model to protect.
Chrome 23 isn't just about DNT though, it also implements GPU accelerated video decoding which ends up improving battery life, according to Google.
In terms of security, 15 vulnerabilities have been patched with Google paying out at least $9,000 in security awards to researchers.
Linux Foundation Sponsors Now Includes Microsoft?By Sean Michael Kerner | November 06, 2012
From the 'Say It Ain't So' files:
I remember sitting down with Jim Zemlin, the executive director of the Linux Foundation not long after Microsoft announced it was becoming a sponsor of the Apache Foundation in 2008. At the time Zemlin told me that Microsoft had no place at the Linux Foundation.
For the LinuxCon Europe event which is going on this week in Spain, if you look closely you will notice that Microsoft is listed as a Gold Sponsor.
That's right, Microsoft is a Gold Sponsor of a Linux Foundation event. They are sponsors at the same level as IBM, Red Hat and SUSE.
Back in 2008, Zemlin told me: "The Linux Foundation is in the business of promoting Linux and coordinating activity to make Linux better. You can't join this organization unless that's your game. So if Microsoft woke up one day and said we really want to support Linux, I guess I'd consider it, but I'm just not seeing it."
True, Microsoft is not 'actually' a member of the Linux Foundation (yet). But it is also true that Microsoft wants Linux support, especially for its Hyper-V virtualization efforts. Thanks to that Hyper-v technology, Microsoft has also contributed a non-trivial amount of code to Linux as well. That said, Microsoft is certainly not an open company and it still extracts countless millions in patent threat related intellectual property items from Android vendors, likely based around Linux and open source IP.
I'm not exactly sure how Microsoft ended up being a Gold Sponsor of the Linuxcon event. At the Gold Level for an event, sponsorship is worth approximately $20,000 and it looks like it also comes with a guaranteed session speaking opportunity too.
**UPDATE*** I've been informed by the good people at the Linux Foundation that the Gold Sponsorship for the 2012 event was actually only $18,000 and doesn't include the guaranteed speaking slot. The $20,000 and the speaking slot guarantee for Gold Sponsorship are the specs for the 2013 event. ***
Don't get me wrong, I have complete faith in the Linux Foundation and I'm a huge fan of the work they do. I just think it's interesting to note, that four years after Apache took Microsoft's money, the Linux Foundation has now (to a significantly lesser extent) done the same thing.
Firefox vs. the WebBy Sean Michael Kerner | November 05, 2012
From the open source branding files:
One of the most hotly debated topics in years is now bubbling up in the Mozilla community as people debate the position of Web vs. Firefox.
There was a time when Firefox was just a browser, the view by which freedom loving people could see and interact with the web. The primary brand was Firefox as an enabler of the Web. That's now sliding a bit as Mozilla brands Firefox as its own operating system and ecosystem of app.
"To what extent, if any, are we willing to promote 'the open web' or 'HTML5' over 'Firefox', when the success of one and the success of the other are in tension?" Mozilla staffer Gervase Markham wrote in a mailing list message.
It's a question that has spawned a mailing list thread with over 50 message and countless side discussions over the last two weeks.
Fundamentally, Mozilla is investing in Firefox as its uber brand for the Web and in particular the Firefox OS Marketplace which is where Firefox OS apps will be sold. Firefox is no longer the name of an open source browser it's an umbrella brand.
"Over the next few years we are transitioning "Firefox" from meaning "desktop browser" into our brand umbrella for a range of consumer products: Marketplace, OS, browsers, and anything else we create for mass consumers in the future," Mozilla staff David Slater, wrote in a bugzilla entry. "As for the notion "we'll distribute apps that run in other browsers", our goal is to extend the meaning of "Firefox", not to limit it to mean "desktop browser."
From a branding perspective, I understand the marketing imperative to leverage and extend existing brand equity. From an open web perspective and from a historical technical perspective, I think this is a terrible move. I personally have always seen Firefox as an enabler for the open web, not the definition of it.
Ultimately though, Mozilla is now run by executive management that is very much focused on mobile and come from the mobile world. Branding based on the leading product is great way to expand awareness and if ultimately it all rolls back into more awareness for something is inherently open, then perhaps this isn't such a bad thing after all.
Open Source Asterisk 11 Jump Starts Long Term SupportBy Sean Michael Kerner | November 01, 2012
From the 'What's in a number?' files:
Digium this week released Asterisk 11, (though I bet more than a few people missed it since Digium didn't do a particularly good job in promoting the release IMHO, great tech terrible marketing/PR). This is the first major Long Term Support release (LTS) since the 1.8 release that came out two years ago in October of 2010. So yeah, a bit of a number jumble here..
In any event, Asterisk LTS release carry 4 years of support, so those running 1.8 still have two years.
That said, Asterisk 11 offers some pretty interesting new capabilities. At the top of the list is support for WebRTC which delivers WebSockets SIP transport. Basically what this will enable is for web browsers (hurray Firefox!) to directly access Asterisk on the backend to place calls. That's a huge opportunity for the web as a whole and I can imagine all kinds of innovative use case models will emerge for this technology.
WebRTC sessions will be secured with DTLS-SRTP, which is another new feature in Asterisk 11. The browser based sessions will also be supported with ICE, STUN and TURN – basically a set of technologies for tunneling media streams for WebRTC.
WebRTC is something that holds amazing promise, and I strongly suspect that Asterisk 11 will be one of the defining infrastructure technologies that enables that promise to become a reality.