Mozilla Set to Revive Electrolysis for Firefox Process ThreadingBy Sean Michael Kerner | February 26, 2013
From the 'Mobile to Desktop' files:
With all the hype today surrounding the FirefoxOS launch, it's important to note that Mozilla's mobile efforts may well have a positive impact on the desktop browser too.
Phones (Android or FirefoxOS) are resource constrained devices and as such Mozilla developers have done alot of great work to get the memory footprint and overall memory and process utilization to be highly optimized.
Now contrast that with my typical Firefox desktop experience, where on any given day, on any given OS (Linux, Mac or Windows) and Firefox is the top memory hog. I recently spoke with Brendan Eich, CTO of Mozilla and I asked him about that disconnect.
“We have been moving carefully toward a multi-process model in Firefox and I think we have better memory usage at scale than other browser,” Eich said.
Eich explained that FirefoxOS is multi-process, much like Chrome but even moreso. There is a difference in how the core Gecko rendering engine is mapped into processes across the different platforms.
On the desktop, Firefox relies on XUL, which is something that is now set to evolve. The way it will evolve is with the reborn version of the Electrolysis project which Mozilla first attempted in 2010 with Firefox 3.X. The core idea behind Electrolysis is to create a multi-process architecture, which is intended to be more efficient with system resources.
“One of the things that cause us some grief the first time around with Electrolysis was the belief that we could somehow wave a wand and all the add-ons could be replaced with Jetpacks,” Eich said.
Instead of just going after the process isolation model, Mozilla has also focussed on memory usage through the MemShrink project.
Whether or not full process isolation will come to Firefox or not, for me the bottom line is that Firefox on mobile in some way shape or form is helping to inform and push Mozilla into new paradigms that will ultimately improve the desktop too.
Red Hat Enterprise Linux 6.4 Gets Active (Directory)By Sean Michael Kerner | February 21, 2013
From the 'Microsoft Interoperability' files:
Red Hat Enterprise Linux 6.4 (RHEL 6.4) is now generally available after first appearing in Beta back in December of 2012.
Since RHEL 6.x is still in the first phase of its lifecycle, Red Hat is still adding new features. For me the biggest pile that stand out are the new host of Microsoft interoperability features that I wrote about when the beta debuted.
RHEL 6.4 included support for the Microsoft Hyper-V Linux drivers. The idea is that it will enable RHEL to be a beta guest on a Windows Server (and potentially vice-versa). There are also interoperability improvements with Microsoft Exchange in the Evolution email system that Red Hat includes in RHEL.
An updated version of the System Security Services Daemon (SSSD) in RHEL 6.4 now makes it easier to authenticate to Active Directory.
RHEL 6.4 also introduces a new filesystem (as if Linux didn't have enough already..) with the parallel Network File System (pNFS) industry standard.
"NetApp and Red Hat are seeing considerable demand for pNFS capabilities from customers looking to modernize their data center environment to address the extreme requirements around scale, performance and manageability," said Patrick Rogers, vice president, solutions and integrations, NetApp in a statement. "With Red Hat Enterprise Linux 6.4, Red Hat has achieved a significant milestone advancing pNFS client support, which reflects their continued leadership and innovation in enterprise-class open source solutions."
With RHEL 6.4 now out the door, my attention is now going to turn to RHEL 7 which I strongly suspect will be out this year, but we haven't yet seen a public beta.
Canonical Ubuntu Linux is STILL not profitableBy Sean Michael Kerner | February 19, 2013
Back in 2008, when Canonical was still ramping up as big Linux player - Mark Shuttleworth told me that his company was not cash flow positive. At the time, that made sense, after all what startup is immediately profitable.
Fast forward to 2013 and during a call announcing Ubuntu for Tablets and Shuttleworth once again said that his company was still not profitable.
That's right folks after over four years of desktop, server and cloud innovation and talk - Shuttleworth is still not actually making money from Linux. If you were to look back and see how long it took Shuttleworth to make money on his first company -- Thawte (for SSL certificates)- I strongly suspect the road was not as long.
Does it matter?
Shuttleworth said during his tablet press conference call today that his company's push into mobile is over and above what they have been doing on desktops and servers. He expects that mobile will help to power his company to profitability.
"I would expect it (mobile) will expand Ubuntu as a brand and platform," Shuttleworth said.
In light of Red Hat's stellar success ($1 Billion plus in revenues), we know that a Linux vendor can generate revenues and be profitable. What's not clear is whether Canonical will be as financially successful as Red Hat, or perhaps even more successful thanks to its consumer mobile activities (or whether Canonical will run out of money).
Time will tell.
PHP 5.5 to Include Open Source Zend Optimizer+ ?By Sean Michael Kerner | February 14, 2013
PHP 5.5 is now in its development cycle, currently at the Alpha 4 release. According to the initial release roadmap for PHP 5.5, this is the point where the feature freeze was supposed to happen, but that's not necessarily going to happen, as at least one key feature may yet still land.
Zend co-founder Zeev Suraski has proposed that the Zend Optimizer+ Opscode cache be directly integrated into PHP 5.5. The TL;dr version is that the Opscode cache makes PHP run faster.
The idea of a PHP Opscode cache isn't a new one, Zend Optimizer has been around since 1998 (and I've personally been using it since then), and other options like APC are widely deployed on many live production sites.
Suraski argues that Optimizer+ has a consistent performance edge over APC. The general idea is that by including Optimozer+ by default as something that is fully integrated with the core of PHP, PHP as a whole will be faster by default.
As part of the push to include Optimizer+ into PHP 5.5, Zend has now also fully open sourced the code under the PHP license and publicly posted the project on github.
The impact of including Zend Optimizer+ in PHP 5.5 could be a two month delay in the final release. PHP 5.5 is currently roughly scheduled for general available in the first quarter of 2013.
"It should be noted that if we don’t integrate it in 5.5.0, based on the current timelines and versioning rules, the integration won’t happen before late 2014," Suraski warned.
Personally, I think this is a great idea…BUT it has to be implemented in a modular way (which of course it would right?) such that if a user still wanted to use another Opscode cache, they could.
Open Source OpenStack Grizzly Cloud Set for Major Nova Compute Security OverhaulBy Sean Michael Kerner | February 12, 2013
From the 'Database De-Integration' files:
At the core of the OpenStack cloud platform is the Nova compute project. Nova (which began it's life at Nebula at NASA) is set for what I see as its biggest evolution yet in the upcoming Grizzly release.
Since its creation, Nova has had its own direct database access, which has left OpenStack with an unacceptable level of risk. Since at least August of 2011, a bug has been publicly known and listed in Nova that is so critical, that if exploited it could corrupt an entire cloud.
"Although the nova.conf file's permissions are restricted to 640, giving every compute server the MySQL root password, as according to the cactus documentation, does not follow the principle of least privilege," bug #823000 warns. "If an attacker successfully exploits a flaw in the hypervisor (as have been found in KVM and XEN in the past), the attacker can easily tamper with the MySQL database, wreaking havoc on the OpenStack Cloud."
The answer is to de-couple the database from direct Nova access, which is no easy task. It's a task however that was officially completed on February 8th and will be a core part of the OpenStack Grizzly release in April.
What enables the database decoupling is the new Nova conductor component which was first proposed by Red Hat developer Russell Bryant in November of 2012. Bryant proposed that the basic idea for the conductor service is for nova-compute to use it as a a proxy to accomplish certain tasks, such as targeted operations that need database access.
"The nova-conductor service is key to completing no-db-compute," Bryant blogged. "Conceptually, it implements a new layer on top of nova-compute. It should *not* be deployed on compute nodes, or else the security benefits of removing database access from nova-compute will be negated."
Make no mistake about it - this is a major architectural shift and one that has profound security, scalability and performance benefits for OpenStack.
Open Source LibreOffice 4 Debuts - This Isn't OpenOffice AnymoreBy Sean Michael Kerner | February 07, 2013
From the 'Fork that Lives' files:
LibreOffice 4.0 is now generally available and in my mind, it truly marks the end of OpenOffice.org legacy.
Though LibreOffice started out as a fork of OpenOffice is has evolved to become so much more. The new LibreOffice 4 feels faster, because it is. It has more features than before too. Though to be honest my biggest pet peeve with OOo was also the speed of startup, which is no longer a problem with LibreOffice.
LibreOffice 4.0 is intended to be the first of a new generation - breaking from the 3.x series, which grew up in the shadow of its OpenOffice originator.
I mostly use Writer and it has felt pretty stable and feature rich to me for at least a year. The new CMISstandard integration is interesting as it will enable users to collaborate with systems such as, Alfresco, IBM FileNet P8, Microsoft Sharepoint 2010, Nuxeo, OpenText, and the SAP NetWeaver Cloud Service. There have also been some improvements to interop with DOCX and RTF documents, though i've not had much difficulty with the majority of files i've received in those formats either.
The continuous evolution of LibreOffice - getting rid of all the cruft and legacy decay that was OpenOffice truly is the big story for me here.
"During the last seven months, since the branch of LibreOffice 3.6 and during the entire development cycle of LibreOffice 4.0, developers have made over 10,000 commits," Italo Vignoli of TDF wrote. " On average, one commit every 30 minutes, including weekends and the holiday season: a further testimonial of the incredible vitality of the project."
To be fair, OpenOffice has moved on too - Under Apache, it's doing much better than it was under Oracle alone, but it's vitality is still not nearly as widespread (esp in the Linux community) anymore and perhaps ever again.
Mozilla Updates to Firefox 18.0.2 For Facebook 'Tickle'By Sean Michael Kerner | February 06, 2013
Mozilla is now out with Firefox 18.0.2, the second incremental update for Firefox 18 in the last two weeks. Firefox 18 was first released at the beginning of January and was followed a few weeks later with the 18.0.1update fixing 7 bugs.
Apparently those 7 fixes were not enough.
One of them is identified in bugzilla as, crash in SuppressDeletedPropertyHelper (#806820). The TL;dr version is that this is a flaw that was primarily affecting Firefox behavior on Facebook.com URLs
"We're going to be on the lookout for actionable leads (there were none during the beta cycle), and I'll reach out to peeps at FB about the possibility of a recent FB change tickling IonMonkey," Mozilla developer, Alex Keybl wrote in a bugzilla comment.
The stability flaws are also fixed via bug #831626Switch cx->enumerators from a stack to a weak list.
"cx->enumerators is a balanced stack of active iterator objects. In practice, it is really difficult to keep it correctly balanced, because the JS engine has so many different ways of leaving execution modes, and the try-note-iter mechanism itself is fairly delicate," Mozilla developer David Anderson wrote. "Since the enumerator list is unrooted, when it becomes unbalanced, its items can become garbage collected and later crash. This is likely behind topcrash bug 806820."
What does this whole 18.0.1 and 18.0.2 update train tell me?
Well for one, even though Mozilla is on a rapid release cycle of new major releases of every 6 weeks, Mozilla is still very active in making sure that each and every stable release is in fact, stable. When issues come up that hit the top crasher list, Mozilla digs deep until the issue is found. As a user, that's all you can really ask for.
Open Source OpenStack Folsom Cloud Updated for 51 BugsBy Sean Michael Kerner | February 01, 2013
From the 'Update or Fail' files:
A simple truth that many open source platform users know well is that often initial releases still have (a few) bugs. Real world usage tends to shake things out better than any beta or dev process ever could.
With the open source OpenStack cloud platform, the most recent Folsom release debuted in September of 2012. It is now being updated to version 2012.2.3, fixing at least 51 known bugs and at least two serious security issues.
The top security issue in my view is one that affects the core Nova compute volume and is incredibly serious. Identified as CVE-2013-0208 - Boot from volume allows access to random volumes.
"Boot from volume allows a volume to be passed to the create method via the block_device_mapping parameter," the bug reportstates. "This parameter is not validated as having to be a volume belonging to the user creating the instance, so providing I know the valid ID of a volume belonging to another user I can create VM and gain access to that volume (c.f volume attachment which does make explicit checks for both the ownership and status of a volume)."
Yeah, that's right - an epic fail if this was ever weaponized or exploited in the wild.
The second high-impact security issue fixed CVE-2013-0212 - deals with a leaked Glance password risk.
"It appears that Glance can return a 404 message which contains the backend Swift store password when there are errors obtaining the image from Swift," the bug report states.
Umm hello? yeah another serious issue.
In any event that's why users of OpenStack and hey let's face it, any modern software, need to update regularly and be wary of initial releases for mission critical production workloads.