Internetnews Blog

Google laughs off the 'Osborne Effect'

2009-11-20T22:56:21Z

I’m guessing not many folks at Google are old enough to remember Adam Osborne (though CEO Eric Schmidt is one). Back in the ’80s Osborne’s namesake Osborne Computer Corp. introduced the first popular portable computer. In those days, a 25-pound... Google looks a year ahead

Another big reason not to pre-release details is it tips off the competition, but in the world of open source and Web services that isn’t always a priority.

Google’s Chrome OS preview yesterday is a case in point. The company showed off an early version of its Chrome OS, but said it wouldn’t be available till a year from now in time for the 2010 holiday season.

Sundar Pichai and Matthew Papakipos, engineering director for Google Chrome OS, talk up the new operating system at Google’s headquarters. (Photo by David Needle)

“We’re opening up the project a year ahead of release. A lot of the UI will change and one thing I can guarantee is it won’t look like it does today, but important concepts will carry over,”, said Sundar Pichai, Google’s vice president of product management.

While much of the media focus was on the news that Chrome OS will initially be available on a new class of netbooks, the company really wanted to get the word out that the OS is an open source project — an effort nicely detailed by my colleague Sean Michael Kerner yesterday. That means getting outside developers involved early and often.

Google said it’s working with netbook manufacturers to deliver a better consumer experience than the current models offer. This will include bigger screens, full-sized keyboards and solid state drives that will boot the system in seven seconds or less.

(Side note: Hallelujah. I’ve been hearing promises of fast PC startup times from Intel and Microsoft for over a decade. SSD drives finally deliver on that promise. They haven’t become a staple of mainstream notebooks or desktops due to their higher cost and relatively limited capacity, but it looks like the netbook market is a good fit).

Analyst Greg Sterling said the new Chrome OS notebooks will have to come in under $500 by next Christmas and probably under $400 to achieve significant sales.

Given that’s about what netbooks are selling for today, that could be a pretty enticing package — a 12- to 14-inch screen, near-instant on netbook that’s always saving my work to the cloud and runs any number of Web applications and games.

Maybe I should hold off buying a netbook this year.

]]>

Blue Coat securing local networks with the Cloud

2009-11-20T22:18:38Z

From the 'Faster' files:A big emerging trend in enterprise IT this year has been the move to the Cloud, for almost everything. One particular area where I'm seeing a strong use of a hybrid cloud/on-premise model is for security...
"The model for us in the cloud is to provide a real time extension of what the on box security does, so we get immediate visibility," Valimaki said.
He told me that by having a hybrid approach, the user gets the benefit of updates from the cloud service, but the speed and enterprise policies of a local on-premise solution.

From an infrastructure point of view, Valimaki said that Blue Coat now has 4 data centers and then some others that are used as security research centers supporting WebPulse. He added that he expects to continue to grow the service over time.

"In the cloud we see the collective trends of the Internet and we see the forest for the trees," Valimaki said.

It's a good idea and one that Blue Coat rival Cisco is also now advocating as well. While Blue Coat is a smaller company overall than Cisco, they're clearly showing that leveraging the cloud for security is the right way forward to really understand and defend against the evolving threats of the modern web.
]]>

PHP 5.3.1 released for 5 security flaws, 113 bugs

2009-11-20T15:28:53Z

From the 'Yum/Apt-Get Update' files:The first update to PHP 5.3 is now available providing 5 security fixes in addition a long list of bug fixes to the popular open source dynamic language.PHP 5.3 was released at the end of... There are 113 named PHP bugs that have been fixed in PHP 5.3.1.

On top of that there are an additional 28 improvements in PHP 5.3.1 that don't have an official PHP bug number attached to them. So the grand total of items addressed in the PHP 5.3.1 update is (5 security + 113 numbered bugs + 28 un-numbered bugs) 146 items. That's not a trivial amount of change in a code base.

And you wonder why pessimists like me NEVER update to the first new major point version of a PHP release.

Make no mistake about it PHP 5.3 is a major release up from PHP 5.2. Now with the availability of the first update to PHP 5.3, I think it's time for PHP users to take serious look at migrating from their legacy PHP 5.x installations.
]]>

Fedora 12 updates package installation policy

2009-11-20T15:06:22Z

From the 'Error Correction' files:The public milestone release of Fedora 12 this week had one big flaw in it that is now set to be corrected.One key standard practice on nearly every Linux system I have ever seen or... The problem with that system is it that its not usually a good idea to automatically remember the root permission password. So what Fedora developers wanted to do instead was to rework the permission setup such that users would be assigned roles based on what they need to do with a system and the type of system in use.

"The idea was that the change in PolicyKit would be accompanied by a default set of roles, and a nice user interface for assigning users to roles," Taylor wrote. "Unfortunately, with the constraints of time, it became clear that this all (and especially the GUI) wasn't going to be there for Fedora 12. So, PackageKit needed a fixed policy for all users."

The fixed policy that Fedora went with was to allow all users to install signed packages from the Fedora repositories.

In my own personal case, I'm running Fedora 12 on a single-user system so this is something that works for me. Yeaah I know, we should have a separation of root and user. But really all that means is just entering SUDO/pswrd doesn't it? Since the only allowed packages that non-root could install were signed packages from the Fedora repository, what is the risk?

In any event, Fedora 12 is now going back to its historical behavior, so no harm done.

Fedora listens to its community and it responds quickly. Unlike a proprietary software vendor where you'd wait weeks for such a patch, Fedora users get their changes extremely rapidly.]]>

Mozilla earned $78.6 million in 2008

2009-11-19T20:57:18Z

From the 'Free Software Making $$' files:Mozilla gives its software away for free, yet year after year they keep making money. For the 2008 year, Mozilla is just now disclosing how much revenue it generated and it was another... Why the expense increase?

Well Mozilla continues to invest in people. So while other commercial entities cut their cost by cutting employees, Mozilla is going the opposite route.

From an asset basis, Mozilla's 2008 tally was up by 17 percent to $116 million.

Overall, from a financial perspective, a decent year for Mozilla and I haven't even mentioned all their actual release either. But what is important to remember in my view is that it is the money that keeps the machine moving forward.

It is the money that helps to pay the leadership and engineering people to continue to advance Firefox and by extension the web itself. It's a virtuous circle whereby the more we all use Firefox, the more money they make, the more they can invest right back into making Firefox better for everyone.]]>

Google Chrome OS goes open source in Chromium OS

2009-11-19T18:58:28Z

From the 'Browser Operating System' files:Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project.The code is available now at: http://www.chromium.org/chromium-os/building-chromium-os - I'm currently in the process of trying to build a... Security is a big focus with the Security Verified Boot process. Basically ChromeOS checks to ensure the OS hasn't been corrupted on boot. If it has, it automatically re-images the users hardware. Another interesting idea, though how that will work in practical utility is another question. I can see it adding time to the overall boot process as time progress and what happens if the wireless driver (for Internet connectivity) gets corrupted?

Google didn't specifically say which version of Linux they were using inside of their ChromeOS build, but Pichai did specifically thank the Ubuntu community for their efforts. No ChromeOS is not an Ubuntu knock-off but it likely borrows some of the same Debian-based plumbing and as I noted earlier, there is a contractual relationship in place.

Overall, few surprises in ChromeOS from what they had originally led us to believe when they announced the effort a few months back. It's all about the web and the browser is the OS.

Chrome - the browser- will continue on its own development path and for current Linux, Mac and Windows users they'll get some of the benefits that ChromeOS will ultimately deliver as well.]]>

Schmidt, Otellini join tech lobby

2009-11-19T17:15:55Z

The chief executives of Google and Intel have joined the executive committee of TechNet, a lobbying group representing the technology industry. TechNet announced the appointments of Google's Eric Schmidt and Intel's Paul Otellini along with word that Rey Ramsey would...

Google Chrome Frame security flaw discovered by Microsoft

2009-11-19T15:55:18Z

From the 'I Told You So' files:Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure.Guess what?... The flaw was discovered by Microsoft security research superstar Billy Rios (who speaks regularly at Black Hat events) and was reported to Google.

If I read the notes correctly, all previous versions of Chrome Frame were at risk, meaning that since the day Chrome Frame launched in September until now, Chrome Frame users were vulnerable. To be fair, there were no public exploits that we know of, so it's not a zero day flaw by any measure.

It is still ironic to note that Microsoft was in some respects correct in their fears about Chrome Frame. What is even more ironic though is that it is Microsoft (and not Google) that took the lead here in ensuring that Chrome Frame is secure for IE users.]]>

Mozilla Firefox 3.6 Beta 3 released with 83 bug fixes

2009-11-18T17:09:14Z

From the 'Coming Soon, Very Soon' files:The third beta of Mozilla's open source Firefox 3.6 browser is now adding fixing 83 bugs and adding several new features.Of the 83 bugs fixed, 13 have been tagged as being critical. It... Nightingale commented that components were not as visible as add-ons, making them more difficult to track, update and disable. So now, Mozilla is disabling them all.

"If you're a Firefox user, this should be 100 percent positive," Nightingale wore. "You don't have to change anything, your regular add-ons should continue to work properly - you just might notice fewer crashes or odd bugs. If you do notice that something has stopped working, particularly a third party addition to Firefox, you might want to contact the producer of that addition to ensure they know about the change."

I think this is clearly a good move and frankly i'm amazed that such a loophole existed in the first place. I expect though that the change will have some impact, I've just started using Beta 3 myself and time will tell what (if anything) will break as a result of the component lockdown.

With these two new big items in Beta 3, I'd also expect there to be at least one more beta and then at least on release candidate prior to a final Firefox 3.6 release.]]>

Google Chrome OS: What to look for this week

2009-11-18T14:35:53Z

From the 'It's Not Vaporware' files:Google is holding an event on Thursday to discuss its Chrome OS open source operating system. Details are sparse at this point, though the official media invitation gives us some clues that we'll get... The other item that Google that is likely is a new Google engineered Windowing system and user interface. Chrome OS will not be using GNOME or KDE. Chrome OS will have its own windowing system. Seeing as Google is doing this all in open source, I'd expect that whatever the windowing system is, it will eventually be available on all distros as a rival to GNOME and KDE.

We also can expect that since Chrome OS is browser based, and Chrome used Gears as its HTML 5 offline storage base, that Chrome OS will include all the major Google Apps. That is, I'd expect to see Gmail, and Apps available as desktop shortcuts with full offline storage (via Gears) built-in to the OS.

Instead of Skype, we'll see Google Voice for VoIP.

Overall, I think many of the components that make up Chrome OS are already known.

What isn't known is how they'll all be put together and what the actual interface will look like. But after nearly 6 months of anticipation, I'd expect that on Thursday, we won't have to guess any longer.]]>

Mozilla Weave nears release

2009-11-17T18:00:45Z

From the 'Open Source Sync' files:Mozilla this week released the first beta for its browser data synchronization service, Weave 1.0.I've been tracking Weave for nearly two years now and it sure has been a long and winding road for...

SSL at risk (again), this time Twitter is the first target

2009-11-17T14:18:03Z

From the 'Not a Hoax' files:SSL is of critical importance to all web users as the most commonly used method for securing websites. There is now a new publicly posted exploit technique available for SSL that takes advantage of... The good news is that SSL vendors and standards makers are aware of the issue and are working on a fix. The open source OpenSSL project has already pushed out a new version that removes the ability for a TLS/SSL renegotiation in the first place.

Going a step further the IETF standard body is working on an effort to solve the problem in a more definitive manner.

The IETF solution is similar in some respects to how DNS is getting secured with DNSSEC by way of a cryptographic signature to provide an additional layer of integrity and authentication.

"SSL and TLS renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client," the IETF draft states. "The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. This draft defines a TLS extension to cryptographically tie renegotiations to the TLS connections they are being performed over, thus preventing this attack."

Unlike DNSSEC which is difficult to roll out on a global basis, the new TLS extension would be an incremental update for existing TLS users to implement. I suspect that it will take some time till the entire web is secured as the first official patches roll out from vendors and users around the world upgrade their software.]]>

Obama takes Internet freedom message to China

2009-11-16T23:07:28Z

In a town hall meeting with university students in Shanghai Monday morning, President Obama tried to strike a diplomatic tone when asked about his views on China's less-than-stellar record on Internet censorship. "I've always been a strong supporter of open... The two-part question asked both about China's firewall that restricts access to sites the government deems objectionable, and to a more recent manifestation of online censorship, and here was where Obama really made news.

In response to the query, "Should we be able to use Twitter freely?" Obama told his audience:

"Well, first of all, let me say that I have never used Twitter. I noticed that young people -- they're very busy with all these electronics. My thumbs are too clumsy to type in things on the phone. But I am a big believer in technology and I'm a big believer in openness when it comes to the flow of information."

So there you have it: the president has never used Twitter.

As for the other message, the one about free and open access to Internet content, Obama is expected to broach the subject when he meets with Chinese President Hu Jintao today.

]]>

Linux dominates top 500 supercomputer list

2009-11-16T19:47:37Z

From the 'Beefy Penguin' files:The latest Top 500 Supercomputer list is now out (see my colleague Andy Patrizio's story on InternetNews.com), with the top rig doubling its performance to 1.75 petaflops.Of particular interest to me is the fact that... Back in November of 2000, Linux (generic) represented nearly 11 percent of the top supercomputer list, while AIX dominated at 42 percent. Times do change.

Bottom line is that Linux is now the most capable operating system for the world's most powerful computers, not Unix.

Linux is the operating system of choice for super computers for a number of reasons, most notably in my view is the simple fact that it can be adjusted and customized for the very unique clustered/grid setups used by supercomputers. Linux also has excellent interconnect stacks for Infiniband and Ethernet which is also critical.

Over the last 9 years, Linux has gone from being an important part of supercomputing to being the dominant OS.]]>

Cisco blinks and increases Tandberg offer

2009-11-16T15:21:47Z

From the 'Kroner, Corona' files:Over the last several weeks, Cisco executives have publicly said on a number of occasions that their offer $3 billion for Tandberg was a fair and that they'd walk if they didn't get it. To...
Cisco knows how to make acquisitions, they've made more than anyone else in the technology market over the last 5 years. Chambers said during the AGM last week, that making acquisitions is a core competence for Cisco.

It's clear that Cisco really wants Tandberg and is willing to pay a premium for the business, but we'll see on December 1st how far Tandberg shareholders will push Cisco.

With an extra $400 million, Tandberg shareholders should be ecstatic today. I'd be surprised if they don't all down a few Coronas as they count their Kroners in celebration.]]>