RealTime IT News

Blog Archives

Ubuntu 16.10 named Yakkety Yak

By Sean Michael Kerner   |    April 24, 2016

Ubuntu founder Mark Shuttleworth has always provided colorful codenames in alphabetical order and the 16.10 release, due out in in October 2016 will be no exception. Last week, Ubuntu 16.04 the Xenial Xerus, debuted so its now time to pick the 'Y' name.

Unlike so many of the past African animal chosen as Ubuntu release mascots, Ubuntu 16.10 will actually be named for one i know - a Yak.

"Y is for …Yakkety yakkety yakkety yakkety yakkety yakkety yakkety yakkety yak. Naturally," Mark Shuttleworth announced.

No word yet on if Shuttleworth and crew will also double down on WebRTC and/or communications bits as a key release goal for Ubunut 16.10.

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

Oracle Updates VirtualBox 5.0.18

By Sean Michael Kerner   |    April 18, 2016


Full-disclosure I'm both a fan and an everyday user of VirtualBox and have been for many years. Simply put, as an easy-to-use desktop virtualization tool, it works without much hassle, setup or prior knowledge.

The new VirtualBox 5.0.18 update isn't a major milestone like the 5.x update, but it doesVirtualBox have all kinds of incremental fixes that make VirtualBox work better. There is one particular that is an interesting security related flaw.

There is a fix in VirtualBox 5.0.17 and prior that could have enable a user in the GUI to encrypt a hard disk with an empty password  - that's not good.

On a go-forward basis, cause VirtualBox is going forward, there are no fixes in place to support the Linux 4.6 kernel, which is currently only at its rc4 stage, so it's not even released yet.

Following are some of the other updates in the VirtualBox 5.0.18 update:


    GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226)
    GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan
     GUI: fixed a crash under certain conditions during VM shutdown
    GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group
    PC speaker passthrough: fixes (Linux hosts only; bug #627)
    Drag and drop: several fixes
    SATA: fixed hotplug flag handling when EFI is used
    Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812)
    Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used
    USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222)
    NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223)
    ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression)
    Guest Control: fixed VBoxManage copyfrom command (bug #14336)
    Snapshots: fixed several problems when removing older snapshots (bug #15206)
    VBoxManage: fixed --verbose output of the guestcontrol command
    Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296)
    Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209)
    Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698)
    Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks
    Solaris hosts / guests: properly sign the kernel modules (bug #12608)
    Linux hosts / guests: Linux 4.5 fixes (bug #15251)
    Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732)
    Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available
    Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled


Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

Apache Wookie Heads to the Attic

By Sean Michael Kerner   |    April 15, 2016

From the 'I thought Han Solo dies?' files:

The last time I wrote about Apache Wookie was May 2012, on the occasion of the open-source project's 0.10.0 release.

In a nutshell, the Apache Wookie project is a Java Application Server, for widgets that canApache Wookie be W3C compliant and work with the OpenSocial effort. Wookie never really caught on with users or developers and the project is now officially moving to the Apache Attic.

The Apache Attic is where dormant projects go, it's not quite dead, but it's mostly dead. An Apache board report from February 16, 2016 outlines why the project was going nowhere.

"As mentioned in previous reports, activity in the project has declined and is now at a minimum with some questions from users and implementers but little on the development side and also the community has not grown since 2013. The reasons for this remain the same, in particular the lack of non-proprietary adoption of the W3C widget specification. As a result we are currently holding a vote to move Wookie to the Attic."

To add further insult to injury only three votes were cast on the decision to move Wookie to the Attic (all were in favor).

 

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

Apache HTTP Server 2.4.20 Updated for HTTP/2

By Sean Michael Kerner   |    April 14, 2016


The Apache 2.4.x web server family continues to improve, albeit in incremental step forward. Apache 2.4 first debuted in February 2012, becoming the leading edge of Apache HTTTP server releases. With the Apache HTTP 2.4.17 update in October 2015, Apache apache httpadded support for HTTP2.

Now with the new Apache HTTP 2.4.20 update, there are some incremental improvements, most notably in HTTP2 support.



*) core: Do not read .htaccess if AllowOverride and AllowOverrideList
     are "None". PR 58528.
     [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]

  *) mod_proxy_express: Fix possible use of DB handle after close.  PR 59230.
     [Petr <pgajdos suse.cz>]

  *) core/util_script: relax alphanumeric filter of enviroment variable names
     on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
     unadulterated in 64 bit versions of Windows. PR 46751.  
     [John <john leineweb de>]

  *) mod_http2: incrementing keepalives on each request started so that logging
     %k gives increasing numbers per master http2 connection.
     New documented variables in env, usable in custom log formats: H2_PUSH,
     H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
     [Stefan Eissing]

  *) mod_http2: more efficient passing of response bodies with less contention
     and file bucket forwarding. [Stefan Eissing]

  *) mod_http2: fix for missing score board updates on request count, fix for
     memory leak on slave connection reuse. [Stefan Eissing]
     
  *) mod_http2: Fix build on Windows from dsp files.
     [Stefan Eissing]


Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

Google Chrome Hits 50

By Sean Michael Kerner   |    April 14, 2016

From the 'They Grow Up So Fast..' files:


In September of 2008, the first Chrome browser debuted and now nearly 8 years later, Chrome 50 is now available. Over its life, Chrome has gone from an interesting Google project, to now dominate the web, being (arguably) the most used web browser in the Google Chromeworld.

Chrome at 50 isn't a browser with a mid-life crisis, it's a technology that is accelerating toward infinity - always getting better and more secure.

Chrome 50.0.2661.75 which was officially released on April 13 has 20 security fixes, including eight that Google is highlighting and rewarding external researchers a total of $17,500 in bug bounty awards.

[$7500][590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
[$5000][589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.
[$1500][589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
[$1500][582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
[$500][570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
[$1000][567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
[$500][573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.


Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

Docker 1.11 Debuts with runC, Supports IPv6

By Sean Michael Kerner   |    April 13, 2016

Docker Engine 1.11 is out today and the most noteworthy piece is a complete refactoring of code to make use of new model, that used the containerD daemon to spin up new container instances with runC.

All of that work is all about being complaint with the Open Container Initiative's (OCI) Dockercontainer specification, which are an effort to create a standards based approach for containers.

The Github PR for the containerd explains:



"Docker Engine 1.11 will use containerd for container supervision. Because containerd ultimately relies on runC and the OCI specification for container execution, this will open the door for the Engine to be able to use any OCI compliant runtime."

This new architecture will also open the door for potentially making it possible to upgrade the daemon without shutting down all running containers in the future, and will bring a significant performance boost when handling a big amount of containers. Following the plumbing philosophy, a great aspect of this design is that Docker Engine execution layer will be entirely relying on well delimited tools that can be used independently, with the drawback that it won't ship as a single binary anymore."


Beyond the shift to OCI, Docker 1.11 is a big release for networking as it now supports and can create IPv6 enabled networks.



Docker learned to create ipv6 enabled networks (docker network create --ipv6). This show up as a new EnableIPv6 field in docker inspect. (#17513)


As is the case with all Docker Engine releases, I suspect there will be an incremental update, a Docker 1.11.1 update within the next 10 days, so I personally won't run Docker 1.11 in production till then.

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

SUSE Linux Gets a New CTO

By Sean Michael Kerner   |    April 04, 2016

SUSE named a new CTO today, with Dr. Thomas Di Giacomo taking on the the role of Chief Technology Officer, reporting to CEO Nils Brauckmann.

The last time I personally ever spoke to a SUSE CTO was way back in 2009, when Markus SUSERex (now CEO of OwnCloud) held the job, and SUSE was still part of Novell.

Giacomo joins SUSE from Swisscom Hospitality Services, where he was  CTO and vice president of innovation. Giacomo has as a Ph.D. in computer science from the University of Geneva, where he was a senior researcher

“IT leaders around the world face the challenge of ensuring business continuity and reducing costs while constantly improving business agility and innovating to create a competitive edge," Di Giacomo said in a statement. "We’re now in the middle of a software-defined IT revolution powered by open source innovation that will deliver the enterprise technology paired with the economic scalability they need to meet that challenge. At SUSE, our proven ability to adapt open source innovation for the enterprise and our focus on strategic partnerships across the industry makes this new CTO role very exciting for me."

 

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist