REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The BlogNovember 20, 2009, 5:18 PMBlue Coat securing local networks with the Cloud From the 'Faster' files:
(more) |
A big emerging trend in enterprise IT this year has been the move to the Cloud, for almost everything. One particular area where I'm seeing a strong use of a hybrid cloud/on-premise model is for security and one of the chief proponents of that model is enterprise IT vendor Blue Coat (NASDAQ: BCSI). This week Blue Coat announced the release of new ProxySG and ProxyAV web gateway appliances and the Web Pulse cloud service that complements them both. The Blue Coat ProxySG network gateway appliances now support up to 60,000 users in a single appliance which is a whole lot of power and overall they're claiming a 5x performance gain over their previous generation. The bulk of the improvements in speed come by way of multi-core related threading and optimizations. I spoke with Blue Coat's Chief Scientist Mikko Valimaki about the new releases and he was keen on pointing out how important the cloud element is to the overall solution. Blue Coat has a cloud security service called WebPulse which does some interesting real time threat analysis. In addition to being part of Blue Coat's enterprise products, it's is also freely accessible by home users by way of Blue Coat's K9 security service. Posted by Sean Michael Kerner at 5:18 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article  Digg
 Del.icio.us
 furl
 StumbleUpon
 BlinkList
 Newsvine
 Magnolia
 Facebook
 Tailrank
 Slashdot
 Technorati
 Google
Bookmarks
 Yahoo
Favorites
 Windows
Live
 Ask
November 20, 2009, 10:28 AMPHP 5.3.1 released for 5 security flaws, 113 bugs From the 'Yum/Apt-Get Update' files:
(more) |
The first update to PHP 5.3 is now available providing 5 security fixes in addition a long list of bug fixes to the popular open source dynamic language. PHP 5.3 was released at the end of June, so the 5.3.1 point update has been in the works for five months at this point. On the security fix front two of the bug fixes are for safe mode items which could have left a PHP system at risk:
Among them is a new "max_file_uploads" INI directive, which according to the PHP 5.3.1 release notes, "...can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion." Sanity check are added to exif processing and there is a fix for an open_basedir bypass in posix_mkfifo(). While the security fixes are obviously an important reason for PHP users to migrate immediately, the long list of non-security items is also noteworthy. Posted by Sean Michael Kerner at 10:28 AM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 20, 2009, 10:06 AMFedora 12 updates package installation policy From the 'Error Correction' files:
(more) |
The public milestone release of Fedora 12 this week had one big flaw in it that is now set to be corrected. One key standard practice on nearly every Linux system I have ever seen or used is the separation of root and user roles. New software installation that affects an entire system typically can only be installed by the root user. That's a behavior that was modified with the Fedora 12 release such that a local user could install signed applications without root authorization. Now Fedora is reversing that policy. "After more discussion and thought, though, the package maintainers have posted to the fedora-devel-list mailing list agreeing to provide an update to Fedora 12's PackageKit," Fedora Project Leader Paul Frields wrote. "The update will require local console users to enter the root password to install new software packages."Makes sense to me. What doesn't make sense is why the new policy was put into Fedora 12 in the first place. Fedora developer Owen Taylor though has put together a lengthy post about the developer rationale for the initial policy change and I can kinda/sorta see why at first it might have made sense for some people (but not all). "In Fedora 9, 10, and 11, the first time a user tried to install a package from the Fedora repositories, they would be prompted for a root password, with a checkbox to remember that permission for the future. (Before Fedora 9, you had to enter the root password every time.)," Taylor wrote. Posted by Sean Michael Kerner at 10:06 AM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 19, 2009, 3:57 PMMozilla earned $78.6 million in 2008 From the 'Free Software Making $$' files:
(more) |
Mozilla gives its software away for free, yet year after year they keep making money. For the 2008 year, Mozilla is just now disclosing how much revenue it generated and it was another growth year for the open source group. Revenue at Mozilla was reported at $78.6 for 2008 which is a 5 percent increase over the $75.1 million reported in 2007. The revenue growth rate appears to have slowed somewhat in my opinion. Back in 2005, Mozilla's revenues were only $53 million. As has been the case over the last several year the bulk of Mozilla's revenue is driven by search revenues generated from Firefox by Google, Yahoo, Amazon and eBay. So whenever you search using the default start page in Firefox, you're actually helping to support Mozilla. Digging deeper into Mozilla's financial report shows some other interesting tidbits of information. For example, Mozilla actually lost $7.8 million (which is taken into account as part of the revenue calculation) from its investments. As well Mozilla's expenses in 2008 skyrocketed by 48 percent to $49.4 million up from $33.3 million in 2007. Posted by Sean Michael Kerner at 3:57 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 19, 2009, 1:58 PMGoogle Chrome OS goes open source in Chromium OS From the 'Browser Operating System' files:
(more) |
Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project. The code is available now at: http://www.chromium.org/chromium-os/building-chromium-os - I'm currently in the process of trying to build a full system now (so more to come from me soon). Right now the gziped Tarball is 232 MB (pretty small for an OS) and the official build milestone number is 0.4.22.8. Google is working with Canonical, the lead sponsor behind the Ubuntu Linux project on part of the underlying OS. Chris Kenyon VP of OEM services at Canonical blogged today Canonical is contributing engineering to Google under contract. So, that means that there IS a link between Ubuntu and Chrome OS! That's a surprise. But hey it's still all open source. By making the project fully open source,Google is opening the project up to participation and comment from interested developers. It also means that they'll be contributing code back to the open source community, which ultimately means that other vendors could benefit as well. Aside from the Chromium OS announcement today, Google has provided a whole lot of interesting information about Chrome OS. During a live event (that was also webcast) today Google detailed what we should all look for in their new ChromeOS. Basically it's all about the web. Apps are in the cloud as well as users' data. Sundar Pichai, VP of Product Management at Google explained that the local hard drive in Chrome OS should just be thought of as a local cache for syncing with the cloud. That's cool. Going a step further, by design Chrome OS will specify a reference hardware architecture which will require Solid State Drives (SSDs) instead of regular hard drives. The idea is to provide for a faster overall user experience. "Every application is a web application so users don't have to install program," Pichai said.  Pichai also showed off how Chrome OS would have a new apps tab to make it easier to load and access apps. The screenshot (left) gives us a glimpse of how that new apps tab may look. Those apps are basically just url shortcuts, organized in a window. There is also an Mac OS 'fish-eye' type of interface for scrolling between open windows which looked pretty interesting as well. Posted by Sean Michael Kerner at 1:58 PM
| Comments
(3)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 19, 2009, 10:55 AMGoogle Chrome Frame security flaw discovered by Microsoft From the 'I Told You So' files:
(more) |
Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure. Guess what? Turns out Microsoft was right. Late Wednesday, Google issued an update to Chrome Frame with version 4.0.245.1 for a cross-origin bypass security vulnerability. "An attacker could have bypassed cross-origin protections," Google warned in its advisory. "Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue."What's also particularly interesting about this Chrome Frame vulnerability is that it was not discovered by Google itself. It was discovered by Microsoft. So to recap, Microsoft was worried months ago that Google Chrome Frame put IE at risk and now they've proven it. Posted by Sean Michael Kerner at 10:55 AM
| Comments
(1)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 18, 2009, 12:09 PMMozilla Firefox 3.6 Beta 3 released with 83 bug fixes From the 'Coming Soon, Very Soon' files:
(more) |
The third beta of Mozilla's open source Firefox 3.6 browser is now adding fixing 83 bugs and adding several new features. Of the 83 bugs fixed, 13 have been tagged as being critical. It looks to me like the majority of those critical flaws are crash related items. One particularly interesting critical bug fix is one for the crash reporter itself. According to Mozilla".., the updater crashes when trying to update with crash reporter open." One of the key goals overall for the Firefox 3.6 release is to increase performance. To that end, there is at least one new feature in Firefox 3.6 Beta 3 that will help to support that goal. From a technical perspective, Firefox 3.6 Beta 3 now implements the async attribute of script elements. Basically its a way run scripts asynchronously to improve overall page load times. Another new change is the component directory lock-down for add-ons. "In addition to the standard mechanism for extending the browser via add-ons and plugins, though, there has historically been another way to do it," Mozilla developer Johnathan Nightingale wrote. "Third-party applications installed on your machine would sometimes try extend Firefox by just adding their own code directly to the "components" directory, where much of Firefox's own code is stored."That's a problem for a number of potential stability and security reasons, but it's a problem that is being eliminated with Firefox 3.6 Beta 3. Posted by Sean Michael Kerner at 12:09 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 18, 2009, 9:35 AMGoogle Chrome OS: What to look for this week From the 'It's Not Vaporware' files:
(more) |
Google is holding an event on Thursday to discuss its Chrome OS open source operating system. Details are sparse at this point, though the official media invitation gives us some clues that we'll get some real technical insights. "This event is a follow-up to the announcement we made in July, and Sundar Pichai, Vice President of Product Management will be speaking along with Matthew Papakipos, Engineering Director for Google Chrome OS," the Google media invite states.Though the official briefing is tomorrow, there is a whole lot that we know today about Chrome OS. There are also a few items that we can speculate on, (which is always good fun in the absence of the official specs). We know that Chrome OS uses the Chrome Browser, most likely built from the dev-channel for Linux Chromium build. I use Chrome for Linux everyday now and it is a solid, capable and fast browser. We know that Chrome OS will be Linux based. We don't know which distro (if any) it will be based on. Chromium is available in the .deb packaging format (used by Debian based distribution including Ubuntu), so one obvious guess would be that Chrome OS will in some way shape or form be Debian based as well. That said, Android (Google's other open source operating system) is not Debian based, so perhaps Google will just build their own Linux distro from the kernel up for Chrome OS. Personally, I think that's the better route for Chrome OS, though they really should stick with a common packaging format (.deb or .rpm) in order to enable some degree of easy packaging for applications. Posted by Sean Michael Kerner at 9:35 AM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 17, 2009, 1:00 PMMozilla Weave nears release From the 'Open Source Sync' files:
Mozilla this week released the first beta for its browser data synchronization service, Weave 1.0. I've been tracking Weave for nearly two years now and it sure has been a long and winding road for this interesting project to get close to it's 1.0 release. At its core, Weave is services backend. Initially the services are all about basic browser data synchronization with support for bookmarks, history, passwords, tabs, add-one and preferences. So yeah, it's more than just a del.icio.us knockoff. With the Weave 1.0 beta, Mozilla developers note that the new release, "...marks a significant step towards making Weave Sync a production quality add-on." Aside from being more stable and usable (in my own limited usage so far), the 1.0 beta includes some functional improvements as well. For one, data is now backed up via an incremental sync behavior. Basically that means the system can sync data more intelligently and in chunks instead of sucking up all of your local system resources. From my perspective it is critical that Mozilla gets Weave 1.0 up to full release status sooner rather than later at this point. Looking at the competitive landscape, bookmark sync is part of latest Google Chrome builds and it is a compelling feature to have. Right now Weave is an add-on to Firefox, but I would also hope that sooner rather than later it gets baked into the mainline of Firefox development. Having an add-on directly integrated into Firefox will no doubt increase the adoption and perhaps the practical utility of Weave. Posted by Sean Michael Kerner at 1:00 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 17, 2009, 9:18 AMSSL at risk (again), this time Twitter is the first target From the 'Not a Hoax' files:
(more) |
SSL is of critical importance to all web users as the most commonly used method for securing websites. There is now a new publicly posted exploit technique available for SSL that takes advantage of a renegotiation flaw with TLS <DEFINE:TLS>. As a proof of concept, security researcher Anil Kurmas has blogged about how TLS/SSL renegotiation can be used to exploit Twitter's HTTPS (that is SSL secured) API. "All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website, and CSRF protections do not apply here," Kurmas wrote.This is extremely serious and in my opinion represents perhaps the single biggest threat to the integrity of the Internet today. Without SSL, ecommerce becomes insecure and the vast majority of the web's population cannot login securely to any website. Sure there have been SSL threats before. Most notably, I've seen security researcher Moxie Marlinspike present his ideas at Black Hat on SSLstrip in February, then again in July. Marlinspike however wasn't directly attacking SSL itself, though. His attacks involved a man in the middle type attack as well, but where a regular HTTP user is tricked into thinking they are actually on an HTTPS (SSL) protected site. The new attack (if I understand it correctly) actually intercepts legitimate HTTPS traffic. It's a subtle but very significant difference. Posted by Sean Michael Kerner at 9:18 AM
| Comments
(2)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 16, 2009, 2:47 PMLinux dominates top 500 supercomputer list From the 'Beefy Penguin' files:
(more) |
The latest Top 500 Supercomputer list is now out (see my colleague Andy Patrizio's story on InternetNews.com), with the top rig doubling its performance to 1.75 petaflops. Of particular interest to me is the fact that while multi-core CPU's are the hardware components enabling the fastest computers, it is Linux as the operating system the powers the software. Just over 78 percent of the top 500 supercomputers run some type of Linux. The official Top 500 Supercomputer site lists 391 of the top 500 supercomputers as using 'Linux'. Digging a little deeper, there are 32 additional machines that identify themselves as running some version of Novell's SUSE Linux Enterprise Server. There are some 16 that identify Red Hat Linux or one of its derivatives including CentOS. So doing a little bit of math, at least 88 percent of the list is using some form of Linux, generic or otherwise. That's astounding. The only other operating system that is even noteworthy beyond Linux is IBM's AIX Unix at 22 systems (or just over 4 percent). It's also interesting to see how the list has changed over the past nine years. Posted by Sean Michael Kerner at 2:47 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 16, 2009, 10:21 AMCisco blinks and increases Tandberg offer From the 'Kroner, Corona' files:
(more) |
Over the last several weeks, Cisco executives have publicly said on a number of occasions that their offer $3 billion for Tandberg was a fair and that they'd walk if they didn't get it. To me it looked like a high-stakes game of chicken as Tandberg shareholders held out for more to see who would blink first. Cisco blinked. Today Cisco upped their offer to $3.4 billion. That's right, a $400 million increase on a bid that CEO John Chambers had previously said was already fair. The problem is that under Norwegian law, 90 percent of shareholders need to approve the deal and Cisco didn't have the required percentage. With the $3.4 billion bid, Cisco said it now has 40 percent of shares agreeing to the bid, which still leaves a big outstanding amount. "Cisco believes that this revised offer remains consistent with the principles of prudence and financial fairness," Cisco said in a statement. "If Cisco does not achieve the desired level of acceptances, the company will withdraw the offer and evaluate alternative ways to expand our activities in the video communications market. As a result of the revised offer, Cisco has extended the acceptance period until December 1, 2009."Once again Cisco is making this a take it or leave it offer, but seeing as they have already blinked once, who is to say they won't do it again. Posted by Sean Michael Kerner at 10:21 AM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 13, 2009, 5:04 PMDoes Mozilla's Jetpack gallery spell the end of add-ons? From the 'Future of Browsing' files:
(more) |
I've been a fan of Mozilla's open source Jetpack since it publicly launched this past May. Like millions of other people, I use browser add-ons, and like millions of people I suffer with their numerous shortcomings. Jetpack represents a new way to do add-ons, they're easier to develop and easier for users to consume. They update on their own and they don't require a browser restart to work. But until this week there was no easy way to actually find Jetpack extensions. That has now changed with the launch of Jetpack Gallery which is kinda/sorta like the add-ons Mozilla site already has for its (soon to be) legacy add-ons. "The gallery makes it easy for developers to host and promote their Firefox Jetpack add-ons, and makes it even easier for users to find those great new features," Mozilla developers wrote in a blog post."For developers, the Jetpack gallery makes it easy to host and promote Jetpacks."I agree with Mozilla, but I still think there is one MAJOR element missing. Jetpack is still not directly integrated into the mainline for Firefox browser development. Posted by Sean Michael Kerner at 5:04 PM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 13, 2009, 9:37 AMGoogle patches Chrome for Apple WebKit flaw From the 'Shared Security Risk' files:
(more) |
Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google's Chrome was vulnerable to the same WebKit issue that Apple patched. Turns out I was right. Late Thursday, Google released Chrome stable 3.0.195.33 which fixes the same Cross Site Request Forgery (CSRF) issue that Safari 4.0.4 fixed. In fact, Google doesn't even have its own specific advisory on the Apple WebKit issue, they just point to Apple's support notice. Does this mean that Chrome users were potentially at risk for a period of time longer than their Safari cousins? Well yes, but for a very slim amount of time and for a flaw that Google says has a very low risk. That said, as I wrote yesterday, it's still very interesting to take note of the shared WebKit flaws between Apple and Google. While both vendors actively contribute to WebKit development they both also share its risks. Posted by Sean Michael Kerner at 9:37 AM
| Comments
(0)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
November 12, 2009, 5:45 PMGoogle to make the web SPDY with new web protocol From the 'More Google Goodness' files:
(more) |
Google is trying to speed up web pages with a new open source application layer protocol called SPDY (pronounced speedy). Regular HTTP connections suffer from protocol overhead and latency -- which is why after all there is big business in WAN optimization from vendors like Citrix, Cisco, Juniper, Blue Coat and Riverbed. With SPDY, Google is aiming to provide web optimization for all with a target reduction of 50 percent in web page load times. That's a very tall order in my view, especially if they hope to do it in some kind of standardized way. But wait, Google is big enough that they don't have to wait for standards. Google can bake SPDY into their own Chrome web browser and then make Google servers optimized for SPDY. Google has already done some lab tests with a SPDY enabled Chrome browser and they achieved a 64 percent reduction in page load times. Posted by Sean Michael Kerner at 5:45 PM
| Comments
(3)
| TrackBack
(0)
| Share Share this Article Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
|
||||
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
IE 7
Firefox 2.0
