Open Source PHP Usage Tops 244 Million SitesBy Sean Michael Kerner | January 31, 2013
From the 'Open Source Language Rules' files:
When I first started building websites in the late 90's, PHP was my tool of choice. Though many things have changed on the web since then, PHP's popularity has not changed, it has grown.
A new report from Netcraft puts the current tally as of January 2013 for PHP sites on the web, at a staggering 244 million sites. In context, that's nearly 40 percent of the 630 million total sites on the web today.
Why is PHP so dominant?
Well the most obvious answer is that most modern content management systems (including the one that powers this site) use PHP. The world's most popular CMS systems including WordPress, Drupal and Joomla all use PHP.
The dominance of PHP will not change anytime soon, especially since CMS usage continues to grow.
As a language, PHP also continues to grow. My first exposure to PHP was with the 3.x branch and I spent many long days and nights struggling with PHP 4.x too. Today PHP 5.x dominates, which makes sense since PHP 5.0 was first released over 8 years ago. Though it wasn't until 2008 that PHP 4.x was declared (mostly) dead.
So for all you aspiring developers out there, don't get caught up in the hype around RoR or other 'exotic' web frameworks and languages, make sure you have a grounded understanding of PHP. You'll certainly be in company with nearly half the web.
Linux Foundation Gits GrowthBy Sean Michael Kerner | January 31, 2013
From the 'Git This' files:
The Linux Foundation continues to amaze me as it never ceases to stop adding new members to its roster.
This week, development firm Perforce joined the Linux Foundation which is of interest for a number of reasons. Perforce builds enterprise-grade Git version management software solutions via the Git Fusion solution. For years, I've been told by 'other' enterprise development firms that Git is all fine and nice but it's not for enterprise developers (yeaah I know,FUD!).
Perforce has been a pivotal figure on the commercial side of Git and in the community at large. By joining the Linux Foundation, where Git's creator Linus Torvalds works and where the most important Git developed effort (Linux) is built, only good things can happen.
"We recognize the importance of supporting organizations and workflows that encourage software development from multiple sources," said Don Marti, technical marketing manager for Perforce Software in a statement. "By joining the Linux Foundation, we are better able to help our customers who face the challenge of blending the needs of enterprise development with third-party open source development."
Oh and yeah it is that - Don Marti. Known and well respected in the Linux community for his work as the one time Editor-in-Chief of LinuxJournal and Conference chair of the OpenSource World (once known as LinuxWorld) conference.
What Will Follow OpenStack Grizzly into the Open Source Cloud?By Sean Michael Kerner | January 28, 2013
From the 'Open Source' naming files:
One of the interesting idiosyncrasies of open source projects can communities is the desire to choose release names – often following some kind of logical (alphabetical in some cases) order.
The open source OpenStack cloud platform is no stranger to alphabetical releases.
The first named release of OpenStack that I wrote about was Bexar back in February of 2011. That was followed by Cactus in April of 2011, Diablo in September of 2011, Essex in April of 2012 and most recently Folsom in September of 2012.
Folsom will be followed by Grizzly but what follows Grizzly?
That's what the OpenStack community is voting on this week.
We know that it has to be an 'H' name and the Technical Committee at OpenStack has narrowed it down to four possibilities:
Hood, Havana, Harbor or Hatfield
Yeah they're all places.
"Codenames are cities or counties near where the corresponding OpenStack design summit took place," the OpenStack wiki states. "An exception (called the Waldon exception) is granted to elements of the state flag that sound especially cool. "
The Waldon exception is the reason why Grizzly is called Grizzly and not the San Diego release. The Grizzly is an element of the state flag of California, the state in which the most recent design summit took place.
Voting on the 'H' name for OpenStack closes tomorrow – on January 29th.
Github Search Exposes PasswordsBy Sean Michael Kerner | January 24, 2013
From the 'If you leave the keys out in the open it's your own fault' files:
Github rolled out a new search tool today making it easier to not just discover new projects, but code within projects. Think Google Code search (when it was alive, but better).
So the TL;dr version is – awesome power. But as Spiderman taught me a long time ago, with great power comes great responsibility.
Remember Google Hacking? It's still alive and well – but let's call it Github Hacking now. This is a problem that a few people have now noticed and a simple search can easily pull up more results than I care to count.
One of the funniest things I've seen is Github user Postmodern open an issue on one user's public tree for including a Pidgin IM password.
"Bro, you accidentally committed .purple/accounts.xml which contains all of your accounts and passwords," the issue report states. "Might want to remove the file and change all passwords, otherwise your gonna have a bad time."
It's important to note that this is NOT a Github security issue. This is a BONEHEAD security issue. If you upload security information (keys/passwords etc) to a public repository, they will be discovered. All that Github search is doing is exposing what is already there – it isn't creating the problem.
The hard part (I know..) for some comes in database connectivity type passwords where the usr/pswrd info is directly included as part of application code. While this *might* be ok in a demo, it's just poor coding practice to include user/pswrd in non-encrypted/hashed and salted formats cause eventually it will lead to trouble.
Reality with Github though is lots of folks (just look at that pidgin example) are ppl that use it as cloud/online storage and don't think before they upload. I suspect that for at least the next month (if not more), Github will be a hackers playground for more reasons then it should be.
Is Fedora 18 Linux - 'The Worst Red Hat Distro Ever'?By Sean Michael Kerner | January 24, 2013
From the 'Former Red Hat Employees Gone Mad' files:
Alan Cox is a name that is well known in Linux circles. The former Red Hat kernel dev has always been influential and in recent years he has made his work home (until yesterday) at Intel.
In what is the most scathing description I have ever seen of a Fedora release, Cox referred to Fedora 18 as: "...the worst Red Hat distro I've ever seen."
"The new installer is unusable, the updater is buggy," Cox wrote in a G+ update. " When you get it running the default desktop has been eviscerated to the point of being slightly less useful than a chocolate teapot, and instead of fixing the bugs in it they've added more."
No surprise, the post has generated a fair bit of response. As a long-time user of Fedora myself, I'm no stranger to the first week of bugginess that typically accompanies many new Fedora releases, though for the most part they work. And so does Fedora 18. Then again, I literally *hate* the default shell desktop too (hurray for Cinnamon!!), but overall calling Fedora 18 the worst Red Hat distro is completely unwarranted in my opinion.
However, Cox's opinions do carry weight and if Fedora 18 and its' new fangled installer are to be the base of the upcoming new Red Hat Enterprise Linux 7, that's where bigger troubles could emerge. Fedora is a proving ground and I'd expect that installer and default desktop issues will be fixed in Fedora before they land in Red Hat Enterprise Linux proper.
What's also particularly interesting is that Cox rant about Fedora 18 was followed relatively quickly by his disclosure that he is leaving the Linux world and his current employer Intel. He is leaving is 'family reasons'.
"I'm aware that "family reasons" is usually management speak for "I think the boss is an asshole" but I'd like to assure everyone that while I frequently think Linus is an asshole (and therefore very good as kernel dictator) I am departing quite genuinely for family reasons and not because I've fallen out with Linus or Intel or anyone else."
I personally wish Cox all the best and hope that his family concerns work out and that the day will come soon when he can return to contributing his valuable expertise to the Linux community.
Eclipse Releases Open Source Hudson 3.0 – What About Jenkins?By Sean Michael Kerner | January 23, 2013
From the 'fork that time hasn't forgotten' files:
In the world of Continuous Integration (CI) servers, more often than not I only hear one name and it's not Hudson. The name I usually hear is Jenkins, the fork of the formerly Oracle project, now Eclipse project called Hudson.
While they hype cycles that I follow are almost exclusively talking about Jenkins, Hudson is still active and today the Hudson 3.0 release debuted, (well at least the official press release from the Eclipse Foundation did – the actual Hudson 3.0 release came out at the end of December).
W"ith a strong and engaged ecosystem, Hudson continues to thrive, and Oracle's goal in moving the project to the Eclipse Foundation has expanded this even further," said Chris Tonas, vice president, Application Development Tools, Oracle in a statement "Hudson 3.0 adds key capabilities that make continuous integration easier than ever to implement and manage while enhancing the overall environment for developers."
Oracle officially 'donated' Hudson to Eclipse in May of 2011and to be honest, that's the last time I've heard about Hudson before today. Apparently there are some 30,000 plus installations of Hudson out there and the new 3.0 release could help to accelerate that.
The new features include a small footprint that has been reduced by 50 percent – now that's a lot of bloat. A simplified installation process is also key feature, making it easier for new installations. Overall the look and feel of the web interface has also been improved.
I suspect that by the very nature of the Eclipse release train and the highly integrated nature of Eclipse project that Hudson will continue to do well as an Eclipse project, even if journalist like me don't hear about it.
Mozilla Firefox OS - Just an 'Academic' Exercise?By Sean Michael Kerner | January 23, 2013
From the 'Mozilla Bashing' Files:
This week, the big news is that there are now a pair of Firefox OS developer phones.
In my opinion, Mozilla would do well just to simply support the same basic specs as the OpenHandsetAlliance/Android at the firmware level. That's the basic approach that I think Ubuntu is taking now too. Though as we all know far too well, hardware is a key differentiator when it comes to mobile – no matter how much software vendors might argue otherwise.
While I'm personally optimistic about the prospects of Firefox OS, there are some detractors.
"Much like Chrome OS in the desktop, Firefox OS is an interesting academic exercise that will test the limits of what is currently possible with mobile web technologies," Nick Dillon, senior analyst at Ovum, stated. " However, a web-only Firefox OS will not facilitate a dramatic change in the approach to mobile application development. There is already good support for HTML5 web technologies on the existing major smartphone platforms, meaning that there is little need for another platform in order to drive their adoption forward. "
I'm not sure I agree with the notion of Firefox OS being an academic exercise. Mozilla has engaged with carriers and hardware vendors and that counts for a whole lot.
Instead of vaporware, Firefox OS (as evidenced by the dev phones announcement) is real and it's coming soon. Mozilla Labs, which starts interesting projects and then (more often than not) leaves them to die is the experimental academic area of Mozilla. When Firefox OS was just Boot2Gecko – maybe you could have called it an academic exercise, but that's not the case anymore.
Mozilla's Firefox OS is a business exercise and one that will test the market for its appetite for a truly open platform.
It is up to Mozilla and its myriad partners to properly articulate the vision, but ultimately the free market will determine the fate of Firefox OS.
Mozilla Stabilizes Firefox 18.0.1 with 7 bug fixesBy Sean Michael Kerner | January 22, 2013
From the 'Friday Updates' files:
Mozilla updated Firefox with a 18.0.1 release late Friday fixing at least seven bugs.
Firefox 18.0 was released at the beginning of January, but apparently it missed a few items that have surfaced in recent weeks.
Four bugs are related to problems with HTTP Proxy Transactions. These include bugs 828202, 828234, 828632 and 829646. In a nutshell, all the bugs are related to the usage system proxy setting in different scenarios.
"After updating to Firefox 18 'Use system proxy settings' no longer seems to work," a bugzilla commenter wrote. "If it's enabled and there is a proxy defined in "Manual proxy configuration" I get "The proxy server is refusing connections" error (e.g. https://www.google.com/). If I switch to manual mode, remove proxy entries and switch back to system mode, then sites begin to open as usually."
Then there are also a pair of fixes for Firefox running on Mac OS X. One is a bug fix for the Unity Player on Mac OS X.
Then there is bug 814434- [hidpi/retina] url suggestion box pops up on wrong screen. The TL;dr version is that there is flaw when using Firefox on a Retina enabled system when there is an external monitor. The fix, isn't really a fix if I read the bug correctly. Instead (for now) Mozilla has just disable external monitor support for Retina displays (?).
With Mozilla's rapid release update cycle, there tends to be fewer incremental releases like 18.0.1 and when these releases do come out they are always for interesting corner cases.
Mozilla CTO Brendan Eich Gets an Expanded Role (and it's about time!)By Sean Michael Kerner | January 16, 2013
From the 'Not All CTOs are Created Equal' files:
I've had the good fortune to talk to many CTOs as part of my day-to-day job as a tech journalist over the last decade here at InternetNews. One thing that I can say for certain is that the role of CTO is a varied one and the definition of what a CTO is or does is not definite.
At some organizations, the CTO is a technical cheerleader and a product evangelist. In other organizations, the CTO is the person that actually leads and directs development. In the case of Mozilla CTO Brendan Eich, he is now set to combine the best of all CTO worlds.
"I'm happy to announce that as CTO I will now also be managing our product and platform engineering teams," Eich blogged. "This is a privilege and an obligation I take seriously. I look forward to working even more with community members including Mozilla's engineering staff to advance the Open Web on all platforms, especially the mobile ones rising to overshadow desktop computers."
I'm not surprised at all by this move. In fact it really does seem quite obvious.
While Eich may not have always been the point person behind all Firefox development that the public has seen, he has always been there pushing forward the vision and the platform. One of the earliest interactions I had with Eich was in 2004 when he was standing point for Mozilla's battle with Microsoft over Longhorn (remember Longhorn?) and the XAML language.
Microsoft did not win that battle, Mozilla and the Web did.
Now its time for Eich to lead the charge in the Mobile battle and lead he will (and has). Eich has already made tough technical calls on Web Video patents (H.264)and a myriad of other things.
I think this shift is a change for the better and it will expedite Mozilla's efforts with clear, definitive and experienced leadership.
Mozilla Building Open Source Minion Security Testing FrameworkBy Sean Michael Kerner | January 14, 2013
From the 'Up Next, the Lackey Release' files
Security has long been a core competence and a serious focus for Mozilla but now the open source Foundation is taking it a step further. Mozilla is now building its own open source security testing framework called – Minion.
Minion could one day become a core part of all Mozilla development effort, being the security toolkit that will be run to ensure application security.
"Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers," the project's wiki page states. " To do so, it enables developers to scan their projects using a friendly interface.
The project is now in its earliest phases and a Beta release is set for Q1 of this year. The project already has released a pile of code up on Github and looks to me to be reasonable active.
As is always the case whenever a new security framework is being built, the question is asked if it could also be used by attackers to find exploits.
"[Of course it could be, but the important thing to consider is that Minion doesn't (on it's own) present a novel threat; virtually all of the vulnerability analysis tools are external to the framework (at this point)," Minion contributor Yvan Boilyhttps wrote in a mailing list posting. " Minion does make the tools much easier to use, and out of the box in the release version there will be site authentication controls to allow admins of a minion deployment to prevent abuse, but anyone with basic software development abilities would be able to disable those if they deployed the server themselves."
Mozilla Firefox 19 Set to Include PDF and Remote Web Console for Firefox OSBy Sean Michael Kerner | January 11, 2013
From the 'Chrome Catch-up' files:
Some Firefox releases have more innovation in them than others. Firefox 19 is currently in beta and at this early point the feature list is likely to underwhelm some users.
The only information that Mozilla listed for the public beta on its primary blogis that Firefox 19 will have a native PDF viewer.
Ok, that's nice and somewhat long overdue, considering that Google Chrome has had this for some time now.
Now mobile developers however might be a bit more excited about Firefox 19. A new experimental Remote Web Console that will enable devs to connect to Firefox OS or Firefox for Android is a key part of the release.
For web developers, the Firefox 19 release will support the @page CSS attribute. This is an interesting capabilitiy that could be used to help devs specify how to layout pages for print
Firefox 19 is currently set for general availability on February 19th.
Open Source WordPress 3.6 Will Add Edit FlowBy Sean Michael Kerner | January 09, 2013
From the 'Publishers' Blogging Platform' files:
The open source WordPress 3.5 was released in December and so its now time for WordPress developers to turn their attention to WordPress 3.6.
While it's still early in the development process, one new feature that is likely to land in WordPress 3.6 is Edit Flow. With EditFlow, the evolution of WordPress from being a simple blogging platform to being a robust large enterprise-class Content Management System will take a giant leap forward.
Edit Flow has been a WordPress plugin but it could become part of the core platform with WordPress 3.6. Edit Flow provides just what the name implies, an editorial workflow. So for a journalist or publication there is the facility to have an editorial calendar and comments as well as content stages toward live publication.
Simply posting content just isn't enough when it comes to running a full scale publication and while Edit Flow has been available as a plug-in, by integrating the core tech into WordPress core it will become much more.
WordPress 3.6 overall is shaping up to be one of the most exciting WordPress releases in years for other reasons as well. The current plan also includes improvements to distraction-free writing, UI improvements for menus and revisions for content tracking improvements.
The WordPress 3.6 feature development freeze doesn't happen until March 11th so there is still plenty of time for more open source goodness to land. The target date for the WordPress 3.6 release currently stands at April 22nd.
LEGO Goes LinuxBy Sean Michael Kerner | January 08, 2013
From the 'What else would they use?' files:
Move over RaspberryPi and Arduino, there is a new maker on the 'block'.
I've been lusting after Arduino and RaspberryPi based maker initiatives since I first heard about them. Plug and play build your own electronics with Linux and open source goodness – it's just like LEGO people kept telling me.
Funny how times change. Now LEGO is set to embrace Linux in a limited way. The new MINDSTORMS EV3 robot playset will include Linux based firmware. Meaning, that Linux skills can now be used in a limited way to control/build/teach with LEGO.
"Fifteen years ago, we were among the first companies to help children use the power of technology to add life-like behaviors to their LEGO creations with the MINDSTORMS platform," said Camilla Bottke, LEGO MINDSTORMS project lead at The LEGO Group in a statement. "Now, we are equipping today’s tech-literate generation of children with a more accessible, yet sophisticated robotics kit that meets their tech play expectations and abilities to truly unleash their potential so that they may surprise, impress and excite the world with their creativity."
No, LEGO Mindstorms is not a replacement for an Arduino or a Raspberry Pi, in fact I personally hope to be able to own all three platforms (Mindstorms, Arduino and Raspberry Pi) myself. The LEGO move to Linux firmware is just a recognition that firmware should be Linux based if you want to make it easy to engage with developers and makers.
Red Hat Enterprise Linux 5.9 Released, Marking last release of Production Phase 1By Sean Michael Kerner | January 08, 2013
From the 'Teaching an old dog new tricks' files:
Red Hat Enterprise Linux 5.9 (RHEL) became generally available today. The RHEL 5.9 release first landed in beta in late September and is mostly about new hardware enablement.
It's also an important release in that RHEL 5.9 is the last minor release in the first Production phase of RHEL. Red Hat has three production phases for its enterprise Linux releases. The first phase is the one where new features are added, meaning that RHEL 5.9 is likely to be the last point release of the RHEL 5.x platform to get new features.
So what are the new features in RHEL 5.9?
When I spoke with Ron Pacheco, Senior Director of Product Management at Red Hat, in 2012 about RHEL 5.9 he told me that the release was including SystemTap. SystemTap is s Linux tool for monitoring information about a system.
While RHEL 5.x now enters its second phase of production, RHEL 6.x will continue to push forward. RHEL 6.4 entered Beta in December and is set to become generally available in the coming weeks.
Open Source Flex Gets Top Project Status at ApacheBy Sean Michael Kerner | January 07, 2013
From the 'Adobe Open Source Flash' files:
It has been some time since I last wrote about Adobe Flex, which now has gained new status at the Apache Software Foundation.
Flex first came to my full attention back in 2007 when Adobe decided to open source the Rich Application Framework. Adobe had been building flex since at least 2004 so the move to open source was not part of the original design.
At the time, the move was seen as an effort to help Adobe compete against AJAX based web development approaches. Huh, remember AJAX? We don't talk about it anymore do we? Instead the conversation has now morphed to being about HTML5.
Fast forward to June of 2012 and Adobe donated all of the Flex Framework to the Apache Software Foundation as an incubated project. On December 19th, Apache Flex was voted up out of the incubator and became a Top Level Project. Yeaah that's relatively fast.
On December 27th, Apache Flex 4.9 was released, marking the first official release of Flex as a full Apache Top Level Project. Among the additions in the new release is support for Java 7, as well as a new SDK installer. The Flex SDK installer, in my wannabe dev opinion is one of the greatest innovation in the history of the Flex project to get new devs started with the project.
"The Apache Flex SDK Installer is an application that simplifies the download and installation of the Apache Flex SDK and its (required) components. It is aimed at anyone who wants to use the latest release of the Apache Flex SDK, but who might not necessarily be familiar with the tools and procedures required to compile the Apache Flex SDK from source code."
Yeah, I know, Flex=Flash and Flash is dead right? Well not quite. As a development framework, developers can build use Flex as a starting point for applications that can run on multiple platforms including mobile (iOS and Android) as well as HTML5 enables devices and browsers.
It's interesting to see how Flex has progressed and it is no small achievement that the project has become a Top Level Project at Apache.
30 Years of TCP/IP Dominance Began with a DeadlineBy Sean Michael Kerner | January 03, 2013
From the 'flag' day files:
Thirty years ago, something that we could never do today in the networking world, changed our world.
On January 1st 1983, the 'old' Internet (aka ARPANET) shut down connectivity to all hosts running the NCP protocol. That's right, a total shutoff, a 'flag' day where one service just ended. NCP had to die for the modern Internet to be born.
In its place, TCP/IP became the networking protocol for ARPANET and the Internet itself.
Back in 1983 there were only some 400 host on ARPANET though, so it was only 400 hosts that had to change. Contrast that with today and tens of millions of hosts and it becomes very clear that the scale of the modern Internet precludes any immediate protocol evolution.
Simply put, today we can't just simply create a flag day, end one protocol and start another.
Just think about the transition to IPV6. If this was 1983, the powers that be would just declare a flag day (as they did with NCP) after which point we'd all be running IPv6. Instead, the problem of scale means that any change on the modern Internet at a protocol level is now evolutionary over a long period of time.
That's not necessarily a bad thing. It means stability and longer term resilience for existing systems.
I don't think that back in 1983 anyone could have possibly predicted that 30 years later, TCP/IP (in much the same form as it originally was born) still dominates network traffic today.
"I can assure you while we had high hopes, we did not dare to assume that the Internet would turn into the worldwide platform it’s become," Vint Cerf wrote in a recent blog post.
Open Source in 2013By Sean Michael Kerner | January 02, 2013
From the 'Crystal Ball' files:
2013 is now here and it is set to be yet another dominant year for open source technology and development.
The two leading trends in IT during 2012, namely mobile and the cloud, were both being led by open source and will continue in 2013.
On the mobile front, while Windows, Apple and Blackberry OS still exist, it is Android that is likely to hold the majority share of the world's smartphone deployments in 2013. Android will be joined this year by Firefox OS, Mozilla's open source HTML5/web based mobile operating system which should hit production deployment this calendar year.
The world of mobile development tools is also a robust one and while there is no shortage of proprietary tools, it is tools like PhoneGap (aka Apache Cordova) that have become the standards for cross platform smartphone development and deployment. That's a trend that will continue in 2013.
Whether it's OpenStack, CloudStack, Eucaplyptus or OpenNebula, when it comes to core cloud infrastructure, open source became the defacto standard in 2012. The same is true on the cloud platform as a service side, whether we're talking VMware Cloud Foundry based solutions or others like Red Hat's emerging OpenShift platform.
The incredible momentum behind OpenStack on the infrastructure side in particular will make it a juggernaut that will continue to hurtle forward in 2013 as real production deployments accelerate. My optimism about OpenStack in particular isn't blind faith, but rather is driven by the simple fact that nearly every major IT vendor that I write about is in some way shape or form, involved in OpenStack. In many ways it has the broadest set off cross-sector IT vendor participation of any project I know ranging from every major Linux vendor, to big names like Cisco, Dell, HP, Intel and IBM.
No, 2013 will not be the year of the Linux Desktop, though innovation in the form of improved Gnome and KDE based desktops will continue. The desktop is not the place where open source will dominate in 2013. Open source will continue to dominate at the infrastructure layer as it always has (hurray Apache HTTP!) and at the very edge of the network with consumer devices that are based on open source technology.