Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

July 2009
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT

July 2, 2009, 12:21 PM

Linux devs strike back at Microsoft patent claims

 tux.jpg
From the 'cutting the FAT' files:

In 2007, Microsoft shook up the Linux community with claims that open source allegedly infringes on as many as 235 of Microsoft's patents. Until this year, Microsoft had not actually filed any kind of legal suits on those patents - which changed with the TomTom case.

With TomTom, Microsoft showed its hand, and identified some of its IP issue with Linux as being related to FAT (Define:FAT). At the time, I thought the legal challenge was a great thing for Linux because it finally showed devs where Microsoft had some issues. Developers have long said they would simply replace or code around Microsoft's IP, but they first needed to know where that IP resides.

Now Linux developer Andrew Tridgell has developed a patch that could potentially help out Linux users to get around the FAT issue.
"Both the original patch and the new patch that we posted today have been through legal review by several lawyers who specialize in this area," Tridgell wrote in a mailing list posting.

(more) |

Posted by Sean Michael Kerner at 12:21 PM | Comments (4) | TrackBack (0) | Share

July 2, 2009, 11:43 AM

Will AES crypto go the way of MD5?

 security-200x180-redlock_small.jpg
From the 'no lock is secure' files:

The AES (Advance Encryption Standard) (Define:AES) is a standard encryption mechanism in use by the US Government and many others -  and it is now at risk from a very theoretical attack.

The attack is what is described as a cryptanalytic attack, by the researcher who have proposed that attack vector. AES is an extremely complex cryptographic algorithm and is something that to the best of my knowledge has not been hacked (successfully) before.

The key (no pun in intended) with this new approach is that it involves massive compute power in order to potentially decipher the AES encryption.
"While this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation," Security researcher Bruce Schneier blogged. "The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse."
Schneier is absolutely right - all you need to do is look at how the MD5 cryptographic hash went from being a standard to being dropped by the US Government (and everyone else) as secure mechanism.

Back in 2004, security researcher Dan Kaminksy wrote a paper titled, "MD5 To Be Considered Harmful Some Day." Theoretical collisions were discovered in that case, that were within three years, enough to give MD5 a black eye.

Posted by Sean Michael Kerner at 11:43 AM | Comments (5) | TrackBack (0) | Share

July 2, 2009, 9:37 AM

Firefox 3.5.1 update coming this month

 sr-firefox3.jpg
From the 'but I just downloaded a new version...' files:

Firefox 3.5 has been out for barely two days - but an update is already being planned for later this month.

The Firefox 3.5.1 update will fix at least three key bugs that didn't get fixed in time for the official Firefox 3.5 release.

According to a Mozilla meeting wiki post :
"The goal of this release (3.5.1)should be a quick-turnaround that: fixes topcrashes and bugs we almost held ship for...can be shipped to 3.5 users in mid-to-late july, so narrow scope, small change."
Some of the top crash bugs in the upcoming update include one to fix for a bug where Arabic letters are disconnected in edit fields.

At present, I personally don't see any major security items that are tagged for the 3.5.1 update, but that is likely to change for a few reasons. One reason is that on July 10th, Mozilla has scheduled a Firefox 3.5 Security Testday.
(more) |

Posted by Sean Michael Kerner at 9:37 AM | Comments (0) | TrackBack (0) | Share

July 1, 2009, 12:29 PM

Red Hat Enterprise Linux 5.4 beta released with KVM

 redhat.png
From the 'some point releases are bigger than others' files:

Red Hat today officially announced the beta availability of Red Hat Enterprise Linux 5.4 (RHEL), which in my view is a lot more than a typical point release. Sure we're all waiting for the big RHEL 6 release, but there are some major changes in RHEL 5.4.

The most obvious change is the shift to the KVM hypervisor (as opposed to Xen). Xen is still in RHEL, but with RHEL 5.4, Red Hat is signaling its intention that KVM (eventually) is to be Red Hat's preferred Hypervisor. It's a preference that Red Hat execs have indicated at multiple points this year and should be no surprise since Red Hat now owns lead KVM vendor Qumranet.

RHEL is Red Hat's flagship platform and the inclusion of KVM is the first really big shift for Red Hat's new virtualization roadmap which favors KVM. Red Hat also has - in private beta - a standalone KVM hypervisor product as well as new server and desktop virtualization management application.

While KVM is the big new item in RHEL 5.4, there are also a few other goodies for users to try out.
(more) |

Posted by Sean Michael Kerner at 12:29 PM | Comments (3) | TrackBack (0) | Share

July 1, 2009, 9:35 AM

Month of Twitter Bugs begins with bit.ly flaws

 bitly_small.gif
From the 'public disclosure' files:

Security research Aviv Raff has followed through on his promise of starting the Month of Twitter Bugs (MoTB). His first target? The popular bit.ly URL shortening service.

Finding flaws in URL shortening services is not an entirely new phenomenon, just two weeks ago Cligs disclosed that upward of two million of its shortened URLs had been hacked.

For bit.ly, Raff found four vulnerabilities of which in his view three are now patched (I have not yet been able to independantly get comment from bit.ly to confirm the fourth though Raff has a decent working proof of concept publicly posted that worked when I tried it).

All four of the issues were Cross Site Scripting (XSS) related flaws.

Though Raff is the research bundling up the issues under the banner of Month of Twitter bugs, at least one of the flaws was publicly disclosed before today.

Raff reports that there is a flaw that involves a reflected Cross-Site Scripting in the keywords parameter - which was first reported by security researcher Mike Bailey on June 24th 2009.
"I found an XSS hole in the popular URL shortener, bit.ly," Bailey wrote in his advisory last week."This can be used to compromise browsing history, tamper with a user's bit.ly settings, and even abuse Twitter accounts (they have a Twitter API)."
(more) |

Posted by Sean Michael Kerner at 9:35 AM | Comments (0) | TrackBack (0) | Share

June 30, 2009, 4:35 PM

Juniper pulls ATM Jackpot talk from Black Hat

 juniperwhite.jpg
From the 'Black Hat mythos grows' files

The Black Hat security conference is one that has a certain mystique surrounding it - which has been fuelled in recent years by controversial talks that get pulled. This year will be no different.  A presentation on how to hack ATMs, titled, 'Jackpotting Automated Teller Machines' has been pulled from the 2009 event set for July.

The session was going to be delivered by Barnaby Jack, a Juniper Networks security researcher. Juniper (which is a vendor I cover in both the enterprise and service provider networking space) decided after getting some pressure from the at-risk ATM vendor to have Jack pull his talk.

Juniper however is still standing by Jack and his research.
"Juniper believes that Jack's research is important to be presented in a public forum in order to advance the state of security," Juniper said in a statement emailed to InternetNews.com. "However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected."
That doesn't mean we won't eventually get to hear Jack's talk -- it's just that it won't be disclosed at Black Hat this summer.
(more) |

Posted by Sean Michael Kerner at 4:35 PM | Comments (0) | TrackBack (0) | Share

June 30, 2009, 12:27 PM

GPLv3 use growing but GPLv2 still dominates

 GPL.v3.jpg
From the "GPLv2 and later' files:

It was two years ago on June 29, 2007 that the GPL version 3 was finalized. The GPL is the cornerstone free/open source license in use, and at the time of the version 3 update there were many questions raised about how widely the new license would be adopted.

According to new data from Black Duck, GPLv3 use has quadrupled since 2008, though overall use of GPLv3 is still dwarfed by GPLv2 usage.

Black Duck reports that there are now 9,500, GPLv3 licensed applications. That's up from 2,345 GPLv3 applications in 2008. GPLv3 now represents 5.10 percent of open source licenses currently in use.

In contrast, GPLv2 represents 50.06 percent of all open source licensed software.

Clearly GPLv3 has a very long way to go to catch up to GPLv2 - if it ever will.

Back when debates around the GPLv3 were very active, Linus Torvalds publicly stated on numerous occasions that the Linux kernel would not move from GPLv2 - and so far it hasn't. As long as that position remains the same - and I see no reason why that will ever change - GPLv2 will remain a critically important license.

That doesn't mean that GPLv3 isn't important.

With the new Black Duck data, it is clear that GPLv3 is important.

While GPLv2 still dominates, GPLv3 is just marginally behind the BSD license which sits at 6.32 percent. Black Duck is estimating that GPLv3 will actually pass the BSD license in about 6 months time.

Posted by Sean Michael Kerner at 12:27 PM | Comments (0) | TrackBack (0) | Share

June 29, 2009, 5:58 PM

Google launches new open source Sputnik for JavaScript

 sputnik.png
From the 'sun spider says what?' files:

A key feature of Google's Chrome browser is its V8 JavaScript engine. But is it actually faster than other JavaScript engines? How do you measure that and is V8 compliant with all of the JavaScript specifications?

For the most part, developers have used the standard SunSpider test that helps to measure JavaScript performance. Now Google is launching a new open source JavaScript measurement tool called Sputnik. According to Google, Sputnik has more than 5000 tests to fully qualify JavaScript.
"The goal is not that all implementations should pass all tests," Christian Plesner Hansen, Google Software engineer wrote in blog post."V8 set out with that intention and we learned the hard way that sometimes you have to be incompatible with the spec to be compatible with the web. Rather, we want Sputnik to be a tool for identifying differences between implementations."
The Sputnik test suite requires python in order to run - and is already available as a free download. Whether or not Sputnik will become a new standard by which browser vendors will measure themselves is a question yet to be answered.
(more) |

Posted by Sean Michael Kerner at 5:58 PM | Comments (1) | TrackBack (0) | Share

June 29, 2009, 9:51 AM

SourceForge delivers 4 billionth open source download

 Thumbnail image for sourceforge_logo.png
From the 'that's a lot of downloads' files:

SourceForge.net, the big open source app/code repository has hit a major milestone: 4 billion downloads.

Since 1999, SourceForge has the 'go to place' for all open source downloads, but in the last couple of years, Google Code has put up a bit of challenge. Remember also for a while there was this constant thread in media about how SourceForge had 100,000 project, though most had been abandoned. SourceForge.net now has 230,000 projects and if downloads are an indication, they seem to be doing just fine.

According to SourceForge they move approximately 1.8 million downloads a day.
"Our technology enthusiast users are not simply 'clicking through'; SourceForge users are deeply engaged and interested in the entire experience," Jon Sobel, SourceForge's group president of Media said in a statement. "Not only are they downloading software, applications and tools, they are also regularly giving back by adding more content or providing feedback."
While SourceForge.net is a significant resource for the open source community, it's also important to note that SourceForge.net itself uses a whole lot of computing resources too. I spoke with SourceForge earlier this year about their new mirror with CDNetworks. At the time, SourceForge VP Jay Seirmarco told me that traffic can spike on ocassion, with one particular Wednesday in January, the SourceForge mirror network served 3.9 million downloads totaling 30.1 Terabytes of data.

Posted by Sean Michael Kerner at 9:51 AM | Comments (0) | TrackBack (0) | Share

June 29, 2009, 9:22 AM

Fedora Linux 12 named: Constantine

 fedora-logo.png
From the 'Roman Emperors of Sparta' files:

Red Hat's Fedora Linux community has now voted in a name for the upcoming Fedora 12 release. Constantine beat out four other rivals names including: Chilon, Orville, Rugosa and Umbria.

Fedora 12 succeeds Fedora 11's Leonidas (a Spartan King) with the name of a famous Roman Emperor. It's actually an interesting metaphor if you follow it through. Leonidas fought off the invaders with 300 men in a valiant stand. Constantine on the other hand is the Emperor that brought the Christian religion to the Roman Empire. As metaphor does that mean that Fedora 12 will bring the Linux religion to the masses?

In any event, Fedora 12 is still in very early development. The current release schedule pegs the release date at November 3rd 2009.

By that point Fedora 12 (for the desktop) will be up against Windows 7 (no cute codename there) and Ubuntu's Karmic Koala. I've blogged before how the different Linux distribution all have very different code names.

Ubuntu has its 'cute' animal names, openSUSE has its German philosophers, Debian is still stuck on Toy Story and Fedora seems to be fixated now on Kings and Emperors of antiquity.

*UPDATE 06/30 - Fedora Project Leader Paul Frields sent in a comment to clarify the connection between the Fedora release names - "Actually, the connection between Fedora 11 "Leonidas" and Fedora 12 "Constantine" is that both names are townships within St. Joseph County, Michigan."

Posted by Sean Michael Kerner at 9:22 AM | Comments (2) | TrackBack (0) | Share

June 25, 2009, 2:30 PM

PHP 5.3 coming June 30th

 php.gif
From the 'whatever happened to PHP 6?' files:

PHP 5.3 could be out as soon as Tuesday June 30th. The new open source language release is a big deal for a lot of reasons, not the least of which is the fact that by my count this is the first major update to PHP since 2006 and the PHP 5.2 release.

PHP 5.3 is also interesting in that it includes at least one key feature that was originally intended for PHP 6 (whenever -- if ever -- that release will be out).

I spoke with Zeev Suraski, co-founder and CTO at commercial PHP vendor Zend Technologies last month about PHP 5.3. He noted that one key feature backported from PHP 6 into PHP 5.3 is namespaces, which is a way to encapsulate classes and other PHP items more easily.

While the official release is on June 30th, support for PHP 5.3 is already present in development tools from Eclipse released this week.

*UPDATE JUNE 30TH - PHP 5.3 did get released - full story is up on the main site.
(more) |

Posted by Sean Michael Kerner at 2:30 PM | Comments (0) | TrackBack (0) | Share

June 25, 2009, 1:45 PM

Adobe updates Shockwave for critical flaw

 shockwaveplayer_logo.jpg
From the 'doesn't everyone use Flash now?' files:

Adobe is advising users of its Shockwave player to update to a new version to protect against a critical remotely exploitable flaw.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions and according to Adobe's advisory, "... could allow an attacker who successfully exploits this vulnerability to take control of the affected system."

Adobe's new Shockwave Player 11.5.0.600 corrects the issue, though it requires users to uninstall their existing Shockwave player first.

While some might be alarmed by Adobe's disclosure, personally I don't see this flaw as a big issue at all -- though of course go and update now!

First off all, the flaw was responsibly disclosed first by way of the Tipping Point Zero Day Initiative (ZDI). The way that works is, ZDI pays the researcher for the flaw and then ZDI keeps the details under wraps until a fix exists.
(more) |

Posted by Sean Michael Kerner at 1:45 PM | Comments (0) | TrackBack (0) | Share

June 25, 2009, 9:04 AM

Google Chrome 3.0.190.x gets better on Linux, Mac

 googlechromologo.jpg
From the 'faster browsers for Linux' files:

Google's Chrome browser has only officially been available for Linux and Mac users since early June. Since then, Google has updated the browser once, keeping it at the same version number for Windows, Linux and Mac. That is now changing with the 3.0.190.x release for the dev-channel version of Chrome.

For this release, Google actually has three seperate numbers for each platform. The Mac is version 3.0.190.0, Windows is 3.0.190.1 and Linux is 3.0.190.2.

In my opinion, this new numbering is an obvious step as each platform is a little different. Looking over the release notes for the release, it's clear that a large part of the 3.0.190.x release is about bug fixes for Linux and Mac versions.

Among the issues fixed on Linux is the ability to import and export bookmarks. I know, seems simple enough, but remember the first Chrome for Linux release was barely stable loaded down with bugs.

For Mac users there are incremental bug fixes too including one that will now enable Mac users to download more than one item in a tab.

Beyond just bug fixes, Google is aggressively updating its V8 JavaScript engine in all version of Chrome too.

The release notes actually indicate not one but two version upgrades for V8 in the 3.0.190.x release cycle (versions 1.2.8.1 and V8 1.2.8.2).

It's important to remember that on Linux and Mac, Chrome is still just a dev-channel release and has not yet migrated to the stable-channel. Google has three development streams for Chrome: dev, beta and stable -- so it could be another few weeks by count until we see a stable release for Mac and Linux.

Posted by Sean Michael Kerner at 9:04 AM | Comments (0) | TrackBack (0) | Share

June 24, 2009, 2:45 PM

Juniper partners with NYSE for next gen data center

 juniperwhite.jpg
From the 'fastest trading platform on the planet' files:

NYSE Euronext is partnering with Juniper Networks (NASDAQ:JNPR) in the build out and consolidation of new data centers. As of the time of this post, I don't have the financial details on the transaction.

The real key for the NYSE Euronext exchange for their new data centers is all about lowering latency and being faster. During a press conference announcing the deal, NYSE Euronext CIO Steve Rubinow said that for the exchange, "latency is an obsession."

Rubinow commented that the new data centers could be thought off as a cloud, though they will not be entirely virtualized.
"Real cloud technology requires virtualization and overhead," Rubinow said. "That bit of movement introduces latency."
The key according to Juniper executives in reducing latency is the fact that Juniper has its own silicon and the JUNOS operating system.
(more) |

Posted by Sean Michael Kerner at 2:45 PM | Comments (0) | TrackBack (0) | Share

June 24, 2009, 9:15 AM

Movable Type gets forked into Melody

 melody.jpg
From the 'fork is a four letter word' files:

Movable Type has been forked -- at least the open source GPL version -- into a new project called Melody.

Yes this blog is powered by Movable Type too. Six Apart, the vendor behind Movable Type created an open source version of Movable Type in 2008. Usually a fork of open source code happens because developers are not happy with the direction of code development and the main project.

In the case of Melody -- at least so far -- this looks to be a 'friendly' fork. The creator of Movable Type, Benjamin Trott sees where Melody will fit in at a bleeding edge community level, whereas Movable Type will hold its position as the professional version.
"We see the Melody community focusing on the equally-valuable ideas of bleeding-edge community-driven ideas, rapid iteration, and integration with the code of other open source projects," Trott wrote in a blog post." It's great news for the entire Movable Type community, as this new project uses the same themes, the same templates, the same plugins and the same publishing engine as Movable Type. And since it shares the GPL license with MT, it's even a great way for these new developments to work their way back into the official versions of Movable Type itself."
While I respect Trott's position, I have to respectfully disagree with his long term view of how Melody will affect Movable Type.
(more) |

Posted by Sean Michael Kerner at 9:15 AM | Comments (1) | TrackBack (0) | Share

Add internetnews.com
to your browser search box.

IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news
via our XML/RSS:
feed