REALTIME IT NEWS
  |
|
REALTIME IT NEWS
|
|
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The BlogMay 2008 Archives From the 'look ma I just discovered Link Spam' files:I see a good number of bogus security announcements and pronouncements in any given day. Today I got one forwarded to me from a number of peers about an AOL hack 'discovered' by Roger Thompson, Chief Research Officer of AVG Technologies. The PR pitch that I got from the PR firm notes that Thompson, has discovered SURE that caught my eye. But when you actually read Thompson's post and see the issue, it's really a different thing all together. Unless I'm a total idiot, it simply looks like some spammer has put a bad link in a comment on a post. If a user clicks on the link it takes them to a seperate page where the codec issue might exist. Is this a hack? Is this AOL hosting 'bad codecs? HA!! No way! This is just link spam and who among us, even with spam filters, CAPTCHA and other mechanisms doesn't get hit by spam? Oh and the link? It's for the pervs who are looking for naked Paris Hilton videos (so it's not like it's even close to being something that could be considered a legitimate link or trackback for this story in the first place). Here's a copy of the image linked from the 'researchers' page:
 Mark Shuttleworth, the founder of Ubuntu lead sponsor Canonical has an 'interesting' idea.
In a blog post where he talks about the Ubuntu release cycle moving forward, he poses the surreal ideal of having synchronized Linux distribution releases across multiple Linux vendors. If two out of three of Red Hat (RHEL), Novell (SLES) and Debian are willing to agree in advance on a date to the nearest month, and thereby on a combination of kernel, compiler toolchain, GNOME/KDE, X and OpenOffice versions, and agree to a six-month and 2-3 year long term cycle, then I would happily realign Ubuntu's short and long-term cycles around that. I think the benefits of this sort of alignment to users, upstreams and the distributions themselves would be enormous. I'll write more about this idea in due course, for now let's just call it my dream of true free software syncronicity.While I have a great deal of respect for Mr. Shuttleworth and what he has accomplished in his life, I don't think distribution syncronicity is something that will ever happen - nor should it. Think about this for a sec. All distributions today get to pull from the same upstream Open Source projects like Linux, Firefox, GNOME, KDE and OpenOffice.org. Which means that each distribution today has the same opportunity at pulling the same applications at the same time. Linux in that way is an equal opportunity for all distributions. Yet equality and syncronicity stops there - as it should. Each distribution does different things with the Linux kernel (testing, patching etc) and each tries a slightly different tact at package integration since the application package landscape is a moving target. A Linux distribution is a snapshot of the broader Open Source development community at a point in time. If all Linux distributions took the same snapshot that wouldn't be terribly diverse and would serve to further commoditize Linux. My idea of true Free Software syncronicity is a lot more basic than Shuttleworth's. I'd like to see common packaging across distributions (sure the Fedora PackageKit thing is a good idea) such that users aren't stuck choosing a distribution based simply on whether or not there is a deb or RPM file for the app they want. Sure you could always go the Gentoo Linux route and build everything from source tarballs (but that's a bit painful sometimes). From a selfish journalist point of view - Shuttleworth's version of syncronicity would also be terribly boring. I mean instead of being able to write about Ubuntu, Fedora and OpenSUSE releases on their own specific release dates and give each their due - I'd have one release day for all and lump them all together. As it is, Fedora, Ubuntu and OpenSUSE release tend to occur within a nice 10 week span, just as a function of circumstance.  From the 'may require some assembly' files:The first 'public' release of Moonlight - which is the Novell led open source effort to replicate Microsoft's Silverlight on Linux - is now available, (though I'm not quite sure that it's production quality yet). You see the first public Moonlight build doesn't include media codecs by default. Sure you can compile stuff in yourself after the fact - but then again I could also just virtualize Windows and run Silverlight natively too. Too add further salt - it doesn't currently work on Firefox 3 either. Moonlight developer lead Miguel de Icaza blogged: Although Moonlight works on Firefox 2 and Firefox 3, recent changes in Firefox 3 prevent Silverlight and Moonlight from working (For details see #432371, #430965). There is a user contributed Greasemonkey script that will work around this bug for some sites (requires Greasemonkey). So yes Moonlight is out, but it's got a few rough edges and isn't a 100 percent apples to apples comparable technology to Microsoft's Silverlight (yet). As de Icaza and his team continue moving towards the Silverlight 2.0 profiles I'd suspect that Moonlight will improve and soon enough become a viable option. It kinda reminds of Mono in the early days, which also didn't quite work as it should in its first few releases but lately seems to be quite solid.  From the 'we're running out of addresses' file:
Google has announced that it is now available over IPv6. Specifically you can access Google search with the next generation Internet protocol. To hit Google on IPv6 you must first be running IPv6 though (ipv6.google.com). While this is 'good' news I suppose it also exposes the fundamental flaw and issue with IPv6 as it currently stands. Why aren't more sites available on IPv6? (and why is Google doing this now?). The problem is simple and complex at the same time. While the US Government itself is moving to IPv6, US based enterprises are not. (It's a problem that I've been researching for the last few weeks in fact). And why should they? Sure the 'chicken littles' of the world are saying the sky is falling and we're running out of IPv4 address space (which is true). But the reality in this part of the world is that we've got enough IPv4 to keep us from feeling any shortage. The reality is every organization in this part of the world has already figured out the IP address issues by using NAT and port forwarding scenarios that provide an abundance of addressing options. So YES, great to see Google jump publicly on the IPv6 bandwagon, but it would be better to see you (yes you dear reader!) jump on the IPv6 bandwagon too.
From the 'I don't remember making an appointment with a spammer' files:
I get a lot of email over the course of any given day/week/month. I also tend to book many appointments for briefings and such (often driven by email calendar event requests). For the most part the only reason why my calendar is full is my own doing -- but there is a new risk that I've recently become aware of. Calendar SPAM. Yuup. Spam has evolved from just jamming your inbox to also polluting your Calendar too. The Calendar spam technique targets both Microsoft Outlook and Google Calendar users. Security vendor McAfee recently blogged that they've now seen Calendar Spam too. According to McAfee it's still a low volume threat. Apparently the way it works is by taking advantage of users who automatically accept incoming meetings (so just disable that if you're got it enabled) and then including the spam message in the event meeting details. Sure it's something that can be easily avoided with some filters and proper configuration, but still it's something that's annoying. After all who want to get a Reminder popup letting them know they've got an appointment with Spam (unless it's the lunch meat and you put that into your calendar as a reminder of what you're going to eat...).  I'm a fan of Michael Arrington and his work at TechCrunch, though I disagree with his assessment of Mozilla's new secret 'Data' effort.The plan is basically to collect data from Firefox users (who opt in) in order to provide a data set on site popularity and user trends. It's an interesting idea and one that might help Mozilla, but IMHO it's not a good one for the broader marketplace for a few reasons. 1) The data will always be biased because it will only be for Firefox usersI personally like what Red Hat's Fedora project is doing with users statistics. Fedora (by way of its Smolt technology) tracks how many IP addresses actually connect to Fedora Update servers. With that data Fedora know how many 'active' Fedora installations it has. How many active Firefox installations are there? Sure we know how many downloads, but wouldn't it be great to have real number on users too? **UPDATE 5:41 PM EDT - I'm wrong on the Firefox installations issue. Mozilla's Asa Dotzler commented below (thanks Asa!!) that Mozilla does have stats on this now and that current users number about 170 million ** So YES, getting stats is a good thing. And YES Mozilla Data will be a solid effort at understanding what Firefox users may be doing. But NO I will not personally participate myself and while I'll comment on their Data (when it's available) I'll always take it with a grain of salt.  From the 'what happens after keynotes go bad' file:
After 15 years, Cisco's Jayshree Ullal, SVP, Data Center, Switching & Services is leaving. Ullal managed a $10 billion business at Cisco. "Yes, I can confirm that after 15 years at Cisco, Jayshree has decided to leave the company to pursue other opportunities," a Cisco spokesperson wrote in an email to InternetNews.com. "At this time, Jayshree is in the process of exploring other opportunities and has not made any commitments."Ullal also wrote a blog post on the Cisco data center blog in which she provided some highlights of her career, though not much in the way of reasons as to why she is leaving now. Ullal will be replaced by John McCool who will assume Ullal's post alongside maintaining his current role of leading Cisco's Campus Switching Systems Technology Group. McCool will be reporting directly to Cisco CEO John Chambers. Without reading too much into this executive shift, I think McCool's new responsibilities tie in nicely with Cisco's overall business consolidation effort. Frankly I don't understand why Campus Switching should sit under different leadership anyways so this move makes great sense. Let's just hope for McCool's sake that if he ever takes the stage at a big IT conference, his presentation goes better than the one that Ullal recently did at Interop.  From the 'everything is getting more expensive' files:
The .org top level domain (TLD)is soon to become more expensive for those that want a domain. The Public Interest Registry (PIR) which manages the .org TLD has informed ICANN that they're hiking fees later this year. The wholesale price for a .org domain will rise to $6.75 effective November 9, 2008. Currently PIR charges $6.15 for a .org domain name registration (0.15 cents of whcih goes directly to ICANN as a transaction fee). The increase in .org pricing will come a month after .com and .net pricing (managed by VeriSign) get hiked. The wholesale price of a .com domain on October 1, 2008 will go from $6.42 to $6.86 while .net will rise from $3.85 to $4.23.    From the 'don't bet against the GPL ' files:Guess what? The GPL is not in violation of any type of German anti-trust laws. VoIP vendor Skype had argued in a German court that they didn't have to adhere to the letter of the open source GPL license, but the German court has now ruled against them. Harald Welte (who has been on a seemingly one man crusade in Europe against Skype) reported on his blog that: In the end, the court hinted twice that if it was to judge about the case, Skype would not have very high chances. After a short break, Skype decided to revoke their appeals case and accept the previous judgement of the lower court (Landgericht Muenchen I, the decision was in my favor) as the final judgement. This means that the previous court decision is legally binding to Skype, and we have successfully won what has probably been the most lengthy and time consuming case so far.So the lesson here is simple. Whether you're Verizon in the US or Skype in Germany, if you use GPL licensed code, then the terms of the GPL license apply to you.  The state of Israel turns 60 today and I've seen all kinds of coverage on TV/newspapers/web. From a technology point of view there are a bunch of things that have come from that tiny country, but for this short blog post I'm going to highlight three vendor/technologies in particular.ICQ: I couldn't do my job without instant messaging today. If you're like me than you have ICQ to thank. Israeli based Mirabilis launched ICQ -- the first 'real' internet wide instant messaging app - in 1996. AOL bought them out in in 1998 for $407 million and to this day in the US, AOL is still arguably the largest IM network. Check Point : A number of different individuals 'claim' to have invented/pioneered the firewall, but it was Check Point that deserves a lot of credit and is the vendor that really took it main stream. Remember the mid 90's ? If you wanted a firewall you got Check Point, there really was no other viable choice. Zend : While Zend did not invent PHP (and certainly PHP was popular without Zend), it is Zend that has become the leading voice commercially for PHP on a global basis. Tens of millions of websites (including InternetNews.com) use Zend developed PHP code in some way shape or form. So if you use instant messaging, PHP or have a firewall, give thanks to the state of Israel today. From the 'many eyes don't necessarily mean better security' files:Open Source thrives on the idea that contributions help to grow development. Open Source thrives on the idea that many eyes looking at open code can provide better security than proprietary closed models. Unfortunately on the security side, it's not always the case. Mozilla's Chief Security person Window Snyder has publicly admitted that Mozilla was inadvertently allowing a virus infected Vietnamese language pack for Firefox to be distributed. Snyder noted that the infected code could result in users seeing unwanted ads and could be used as a launching point for other malicious actions. Mozilla is not aware of precisely how many users may be at risk, though they do know that there have been 16,667 downloads of the language pack since November of 2007. So how did this happen? Doesn't Mozilla do some kind of security scanning before they distribute code? Snyder explains: Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload. We are also adding after-the-fact scans of everything to address this sort of case in the future.IMHO, while it's NOT GOOD that this happened in the first place, it is good that Mozilla is being relatively open about this now and is taking the appropriate steps to make sure it doesn't happen again.  From the 'newer, better, faster' files:
After what seemed like an eternity (to me at least) OpenOffice.org 3.0 (OOo) is now finally in full Beta testing. Hurray! There are a lot of things to like about OOo 3, but on the surface it just 'looks better' with new icons. It also supports importing Microsoft's Office 2007 XML formats as well as OpenDocument Format (ODF) 1.2 standard. OOo's solid marketing team has listed a full list of new features in a nice high level document. OOo will also be the first OOo release to be distributed under the LGPLv3 open source license. OOo overall though has made some significant strides lately in smaller point releases. The OOo 2.4 release last month added a nice bunch of new charting improvements.  I'm not sure.Sun first announced OpenSolaris in 2005 but they keep finding ways to announce 'first releases'. Yesterday was one such release. I've written about a number of OpenSolaris releases over the years, often though under the guise of the Solaris Express Developer edition mantle as well as OpenSolaris based distributions like Nexanta (which uses Debian) Apparently though after three years of development, Sun is now finally ready to make an OpenSolaris branded release stand on its own. Why didn't OpenSolaris have a full release in the beginning
just like any other normal open source operating system distribution? Well I suppose you could argue that their new Project About 10 years ago I was really excited when RPM came
out. Isn't IPS just an RPM-type system for Solaris? And if so, isn't this 10
years late? I also think Sun is moving in the right
direction with OpenSolaris -- an open community approach to developing an OS is
the right way to drive innovation. What I question is how long it is taking to
get there and how they may lag behind Linux development in terms of adoption. After all OpenSolaris is licensed under CDDL and not GPL like Linux. Smarter minds than mine have noted that the GPL is the magic sauce that helped to make Linux more successful than the BSDs. CDDL does not require reciprocity so in practice a company could extend OpenSolaris code and not be required to contribute back. Well I think OpenSolaris matters to those
that would consider BSD. For Linux users, OpenSolaris is still playing a bit of
catchup and it will be interesting to see over time if it does in fact catch up
in terms of community and broad participation.
When and if Sun will ever be able to claim (like the Linux Foundation) that it has thousands of contributors from a wide spectrum of vendors remains to be seen. Participation alone does not dictate if an open source effort matters, but it sure does affect adoption.  I wish I knew! But as of this posting, Judge Kimball has not made his decision in the SCO versus Novell trial that occurred last week.
The ever vigilant Groklaw site has posted pdf/html transcripts of each day of the trial, which make for interesting reading if you've got the time. If you don't I'll save you the grief and make it easy. SCO, under the direction of CEO Darl McBride stuck to its guns claiming that Linux is a copy of Unix. Novell stuck with its argument that SCO never acquired all the rights to Unix. So where does that leave things? In my simple layperson, I'm-not-a-lawyer-and-don't-pretend-to-be-one-either view it leaves things in pretty much the same spot they were before the trial started -- with one major exception. Instead of Novell and SCO just making their respective cases, this time around the Judge will make a ruling based on the arguments and facts presented. Regardless of the outcome, I expect the losing side (Novell or SCO) to appeal. An appellate judge (if the appeal is granted) will be the final arbiter here. That said, it will be very interesting to see what Judge Kimball actually rules. He's already made a summary judgment against SCO that favored Novell's view of who owns what in terms of Unix. The key issue at this point is how much (if anything) will he award to Novell or will he somehow change his view based on the testimony? Frankly I'm still amazed that SCO has hung in this long.Though it is easy to paint SCO as the villain in this drama, it's also possible to see this as a Tragedy (Greek or Shakespearean) in many ways. McBride (the tragic hero?)really does believe in his view and he is sticking with it to the (bitter?) end.  That was fun.
Well Interop Las Vegas 2008 has come and gone and I'm still somewhat sane. With the addition of the Software 2008 conference into Interop this year, the volume of sessions was more overwhelming than past Interop events. Perhaps the biggest challenge I heard from many people was the challenge of deciding what session to go to, since so many overlapped. In fact the conference organizers even overlapped sessions with Keynotes -- which I personally think was a very bad idea. That said, there was lots to see and hear. On the show floor, there was the mix of everything that is networking (and at least one that wasn't with the Happy Feet booth...since networking pros have feet issues apparently) with big network vendors, acceleration, testing, power, security, wireless and connectivity booths. I always personally get a real kick out of the Interop Labs area where you can get hands on with stuff, this year I went hands on (again) with NAC and some Unified Communications stuff. On the news and trends side, sure 10GbE is there as is virtualization. The biggest thing though (and this may seem quaint) is the broader and continuing realization of what networking is all about. That is, networking exists to enable applications. Being application aware is incredibly important and is something that vendors of all sizes are now claiming to do. As always I wrote 'a few' stories from the show (18 in total), so for your reading enjoyment, and as one last look at Interop LV 2008, here you go... On InternetNews.com: Interop: Applications And Networks Need to Unite [May 01, 2008] Future of application delivery discussed at Vegas conference. Meeting The Challenge of 10GbE Is It Time to Rethink IT's Priorities?
Interop: How Comcast, Verizon Fight Spam
Interop: The Problem With NAC
Ethernet: Getting Faster, Getting Greener
Nortel Pitches Networks Revamp For Virtualization
'NAC 2.0' Takes Shape Under Networking Giants
Riding Out The Slowdown, Speeding Up Networks
Laying The Groundwork For 10GbE Networks On this Blog:
 PHP users -- time to update!
Ilia Alshanetsky PHP 5.2 Release Master has officially announced the availability of PHP 5.2.6. In his release announcement Alshanetsky noted: This release focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.On the security side there are at least five issues that are addressed in the 5.2.6 update which security vendor Secunia has rated as being 'moderately critical'. The issues if left unpatched could potentially lead to a denial of service (DoS) or unauthorized system access. One of the flaws was credited to security researcher Stefan Esser, who has been an outspoken critic of PHP security for years and was responsible for the month of PHP bugs effort in 2007. LAS VEGAS. At a show as big as Interop there are always a lot of different technologies on display, some of them being more interesting than others.
But what are users/attendees actually interested in? Network Instruments and NetQoS did an on-site survey of 117 network engineers and IT executives the other day which sheds some light. As you might expect, virtualization is an area of interest. Survey respondents reported that 50 percent of their apps will run virtualized now increasing to 82 percent within the next two years. In terms of WAN optimization, which is often something I hear alot of buzz on at an Interop show, respondents were split. 44 percent reported that they had no plans to implement while, 42 percent indicated that they did have plans to implement some form of WAN optimization technology. |
||
