Sean Michael Kernertag:blog.internetnews.com,2008-01-08:/skerner/212009-11-20T22:56:24ZNetstat -vat - A command line view of IT.
Movable Type Enterprise 4.25Blue Coat securing local networks with the Cloudtag:blog.internetnews.com,2009:/skerner//21.592332009-11-20T22:18:38Z2009-11-20T22:56:24Z From the 'Faster' files:A big emerging trend in enterprise IT this year has been the move to the Cloud, for almost everything. One particular area where I'm seeing a strong use of a hybrid cloud/on-premise model is for security...Sean Michael Kerner
From the 'Faster' files:A big emerging trend in enterprise IT this year has been the move to the Cloud, for almost everything. One particular area where I'm seeing a strong use of a hybrid cloud/on-premise model is for security...
"The model for us in the cloud is to provide a real time
extension of what the on box security does, so we get immediate
visibility," Valimaki said. He told me that by
having a hybrid approach, the user gets the benefit of updates from the
cloud service, but the speed and enterprise policies of a local
on-premise solution.
From an infrastructure point of view,
Valimaki said that Blue Coat now has 4 data centers and then some
others that are used as security research centers supporting WebPulse.
He added that he expects to continue to grow the service over time.
"In the cloud we see the collective trends of the Internet and we see the forest for the trees," Valimaki said.
It's a good idea and one that Blue Coat rival Cisco is also now advocating as well. While Blue Coat is a smaller company overall than Cisco, they're clearly showing that leveraging the cloud for security is the right way forward to really understand and defend against the evolving threats of the modern web. ]]>
PHP 5.3.1 released for 5 security flaws, 113 bugs tag:blog.internetnews.com,2009:/skerner//21.592292009-11-20T15:28:53Z2009-11-20T15:52:53Z From the 'Yum/Apt-Get Update' files:The first update to PHP 5.3 is now available providing 5 security fixes in addition a long list of bug fixes to the popular open source dynamic language.PHP 5.3 was released at the end of...Sean Michael Kerner
From the 'Yum/Apt-Get Update' files:The first update to PHP 5.3 is now available providing 5 security fixes in addition a long list of bug fixes to the popular open source dynamic language.PHP 5.3 was released at the end of...
There are 113 named PHP bugs that have been fixed in PHP 5.3.1.
On
top of that there are an additional 28 improvements in PHP 5.3.1 that
don't have an official PHP bug number attached to them. So the grand
total of items addressed in the PHP 5.3.1 update is (5 security + 113
numbered bugs + 28 un-numbered bugs) 146 items. That's not a trivial
amount of change in a code base.
And you wonder why pessimists
like me NEVER update to the first new major point version of a PHP
release.
Make no mistake about it PHP 5.3 is a major release up from
PHP 5.2. Now with the availability of the first update to PHP 5.3, I
think it's time for PHP users to take serious look at migrating from
their legacy PHP 5.x installations. ]]>
Fedora 12 updates package installation policy tag:blog.internetnews.com,2009:/skerner//21.592272009-11-20T15:06:22Z2009-11-20T15:28:30Z From the 'Error Correction' files:The public milestone release of Fedora 12 this week had one big flaw in it that is now set to be corrected.One key standard practice on nearly every Linux system I have ever seen or...Sean Michael Kerner
From the 'Error Correction' files:The public milestone release of Fedora 12 this week had one big flaw in it that is now set to be corrected.One key standard practice on nearly every Linux system I have ever seen or...
The problem with that system is it that its not usually a good idea to
automatically remember the root permission password. So what Fedora
developers wanted to do instead was to rework the permission setup such
that users would be assigned roles based on what they need to do with a
system and the type of system in use.
"The idea was that the change in PolicyKit would be accompanied by a
default set of roles, and a nice user interface for assigning users to
roles," Taylor wrote. "Unfortunately, with the constraints of time, it became clear that
this all (and especially the GUI) wasn't going to be there for Fedora
12. So, PackageKit needed a fixed policy for all users."
The
fixed policy that Fedora went with was to allow all users to install
signed packages from the Fedora repositories.
In my own personal case,
I'm running Fedora 12 on a single-user system so this is something that
works for me. Yeaah I know, we should have a separation of root and user.
But really all that means is just entering SUDO/pswrd doesn't it? Since
the only allowed packages that non-root could install were signed
packages from the Fedora repository, what is the risk?
In
any event, Fedora 12 is now going back to its historical behavior, so
no harm done.
Fedora listens to its community and it responds quickly.
Unlike a proprietary software vendor where you'd wait weeks for such a
patch, Fedora users get their changes extremely rapidly.]]>
Mozilla earned $78.6 million in 2008tag:blog.internetnews.com,2009:/skerner//21.592252009-11-19T20:57:18Z2009-11-19T21:51:53Z From the 'Free Software Making $$' files:Mozilla gives its software away for free, yet year after year they keep making money. For the 2008 year, Mozilla is just now disclosing how much revenue it generated and it was another...Sean Michael Kerner
From the 'Free Software Making $$' files:Mozilla gives its software away for free, yet year after year they keep making money. For the 2008 year, Mozilla is just now disclosing how much revenue it generated and it was another...
Why the expense increase?
Well Mozilla continues to invest in people. So
while other commercial entities cut their cost by cutting employees,
Mozilla is going the opposite route.
From an asset basis,
Mozilla's 2008 tally was up by 17 percent to $116 million.
Overall,
from a financial perspective, a decent year for Mozilla and I haven't
even mentioned all their actual release either. But what is important to
remember in my view is that it is the money that keeps the machine
moving forward.
It is the money that helps to pay the leadership
and engineering people to continue to advance Firefox and by extension
the web itself. It's a virtuous circle whereby the more we all use
Firefox, the more money they make, the more they can invest right back
into making Firefox better for everyone.]]>
Google Chrome OS goes open source in Chromium OStag:blog.internetnews.com,2009:/skerner//21.592242009-11-19T18:58:28Z2009-11-19T20:30:10Z From the 'Browser Operating System' files:Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project.The code is available now at: http://www.chromium.org/chromium-os/building-chromium-os - I'm currently in the process of trying to build a...Sean Michael Kerner
From the 'Browser Operating System' files:Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project.The code is available now at: http://www.chromium.org/chromium-os/building-chromium-os - I'm currently in the process of trying to build a...
Security is a big focus with the Security Verified Boot process. Basically ChromeOS checks to ensure the OS hasn't been corrupted on
boot. If it has, it automatically re-images the users hardware. Another
interesting idea, though how that will work in practical utility is
another question. I can see it adding time to the overall boot process
as time progress and what happens if the wireless driver (for Internet
connectivity) gets corrupted?
Google didn't specifically say
which version of Linux they were using inside of their ChromeOS build,
but Pichai did specifically thank the Ubuntu community for their
efforts. No ChromeOS is not an Ubuntu knock-off but it likely borrows
some of the same Debian-based plumbing and as I noted earlier, there is a contractual relationship in place.
Overall, few surprises in
ChromeOS from what they had originally led us to believe when they
announced the effort a few months back. It's all about the web and the
browser is the OS.
Chrome - the browser- will continue on its own
development path and for current Linux, Mac and Windows users they'll
get some of the benefits that ChromeOS will ultimately deliver as well.]]>
Google Chrome Frame security flaw discovered by Microsofttag:blog.internetnews.com,2009:/skerner//21.592222009-11-19T15:55:18Z2009-11-19T16:06:22Z From the 'I Told You So' files:Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure.Guess what?...Sean Michael Kerner
From the 'I Told You So' files:Back in September, Google launched Chrome Frame which embeds a Chrome-type browser inside of a Microsoft Internet Explorer(IE) browser. At the time, Microsoft claimed that Chrome Frame could make IE less secure.Guess what?...
The flaw was discovered by Microsoft security research superstar Billy
Rios (who speaks regularly at Black Hat events) and was reported
to Google.
If I read the notes correctly, all previous versions
of Chrome Frame were at risk, meaning that since the day Chrome Frame
launched in September until now, Chrome Frame users were vulnerable. To
be fair, there were no public exploits that we know of, so it's not a
zero day flaw by any measure.
It is still ironic to note that
Microsoft was in some respects correct in their fears about Chrome
Frame. What is even more ironic though is that it is Microsoft (and not
Google) that took the lead here in ensuring that Chrome Frame is secure
for IE users.]]>
Mozilla Firefox 3.6 Beta 3 released with 83 bug fixestag:blog.internetnews.com,2009:/skerner//21.592092009-11-18T17:09:14Z2009-11-18T17:30:39Z From the 'Coming Soon, Very Soon' files:The third beta of Mozilla's open source Firefox 3.6 browser is now adding fixing 83 bugs and adding several new features.Of the 83 bugs fixed, 13 have been tagged as being critical. It...Sean Michael Kerner
From the 'Coming Soon, Very Soon' files:The third beta of Mozilla's open source Firefox 3.6 browser is now adding fixing 83 bugs and adding several new features.Of the 83 bugs fixed, 13 have been tagged as being critical. It...
Nightingale commented that components were not as visible as add-ons,
making them more difficult to track, update and disable. So now,
Mozilla is disabling them all.
"If you're a Firefox user, this should be 100 percent positive," Nightingale wore. "You don't have
to change anything, your regular add-ons should continue to work
properly - you just might notice fewer crashes or odd bugs. If you do
notice that something has stopped working, particularly a third party
addition to Firefox, you might want to contact the producer of that
addition to ensure they know about the change."
I
think this is clearly a good move and frankly i'm amazed that such a
loophole existed in the first place. I expect though that the change
will have some impact, I've just started using Beta 3 myself and time
will tell what (if anything) will break as a result of the component
lockdown.
With these two new big items in Beta 3, I'd also
expect there to be at least one more beta and then at least on release
candidate prior to a final Firefox 3.6 release.]]>
Google Chrome OS: What to look for this weektag:blog.internetnews.com,2009:/skerner//21.592032009-11-18T14:35:53Z2009-11-18T15:15:48Z From the 'It's Not Vaporware' files:Google is holding an event on Thursday to discuss its Chrome OS open source operating system. Details are sparse at this point, though the official media invitation gives us some clues that we'll get...Sean Michael Kerner
From the 'It's Not Vaporware' files:Google is holding an event on Thursday to discuss its Chrome OS open source operating system. Details are sparse at this point, though the official media invitation gives us some clues that we'll get...
The other item that Google that is likely is a new Google engineered
Windowing system and user interface. Chrome OS will not be using GNOME
or KDE. Chrome OS will have its own windowing
system. Seeing as Google is doing this all in open source, I'd expect
that whatever the windowing system is, it will eventually be available
on all distros as a rival to GNOME and KDE.
We also can expect
that since Chrome OS is browser based, and Chrome used Gears as its
HTML 5 offline storage base, that Chrome OS will include all the major
Google Apps. That is, I'd expect to see Gmail, and Apps available as
desktop shortcuts with full offline storage (via Gears) built-in to the
OS.
Instead of Skype, we'll see Google Voice for VoIP.
Overall,
I think many of the components that make up Chrome OS are already
known.
What isn't known is how they'll all be put together and what the
actual interface will look like. But after nearly 6 months of
anticipation, I'd expect that on Thursday, we won't have to guess any
longer.]]>
Mozilla Weave nears releasetag:blog.internetnews.com,2009:/skerner//21.592002009-11-17T18:00:45Z2009-11-17T18:22:56Z From the 'Open Source Sync' files:Mozilla this week released the first beta for its browser data synchronization service, Weave 1.0.I've been tracking Weave for nearly two years now and it sure has been a long and winding road for...Sean Michael Kerner
From the 'Open Source Sync' files:Mozilla this week released the first beta for its browser data synchronization service, Weave 1.0.I've been tracking Weave for nearly two years now and it sure has been a long and winding road for...
SSL at risk (again), this time Twitter is the first targettag:blog.internetnews.com,2009:/skerner//21.591982009-11-17T14:18:03Z2009-11-17T14:49:16Z From the 'Not a Hoax' files:SSL is of critical importance to all web users as the most commonly used method for securing websites. There is now a new publicly posted exploit technique available for SSL that takes advantage of...Sean Michael Kerner
From the 'Not a Hoax' files:SSL is of critical importance to all web users as the most commonly used method for securing websites. There is now a new publicly posted exploit technique available for SSL that takes advantage of...
The good news is that SSL vendors and standards makers are aware of the
issue and are working on a fix. The open source OpenSSL project has
already pushed out a new version that removes the ability for a TLS/SSL
renegotiation in the first place.
Going a step further the IETF
standard body is working on an effort to solve the problem in a more
definitive manner.
The IETF solution is similar in some respects to how
DNS is getting secured with DNSSEC by way of a cryptographic signature
to provide an additional layer of integrity and authentication.
"SSL and TLS renegotiation are vulnerable to an attack in which the
attacker forms a TLS connection with the target server, injects
content of his choice, and then splices in a new TLS connection from
a client," the IETF draft states. "The server treats the client's initial TLS handshake as a
renegotiation and thus believes that the initial data transmitted by
the attacker is from the same entity as the subsequent client data.
This draft defines a TLS extension to cryptographically tie
renegotiations to the TLS connections they are being performed over,
thus preventing this attack."
Unlike
DNSSEC which is difficult to roll out on a global basis, the new TLS
extension would be an incremental update for existing TLS users to
implement. I suspect that it will take some time till the entire web is
secured as the first official patches roll out from vendors and users
around the world upgrade their software.]]>
Linux dominates top 500 supercomputer listtag:blog.internetnews.com,2009:/skerner//21.591962009-11-16T19:47:37Z2009-11-16T20:16:41Z From the 'Beefy Penguin' files:The latest Top 500 Supercomputer list is now out (see my colleague Andy Patrizio's story on InternetNews.com), with the top rig doubling its performance to 1.75 petaflops.Of particular interest to me is the fact that...Sean Michael Kerner
From the 'Beefy Penguin' files:The latest Top 500 Supercomputer list is now out (see my colleague Andy Patrizio's story on InternetNews.com), with the top rig doubling its performance to 1.75 petaflops.Of particular interest to me is the fact that...
Back in November of 2000, Linux (generic) represented nearly 11 percent
of the top supercomputer list, while AIX dominated at 42 percent. Times
do change.
Bottom line is that Linux is now the most capable operating system for the world's most powerful computers, not Unix.
Linux is the operating system of choice for super computers for a
number of reasons, most notably in my view is the simple fact that it
can be adjusted and customized for the very unique clustered/grid
setups used by supercomputers. Linux also has excellent interconnect
stacks for Infiniband and Ethernet which is also critical.
Over the last 9 years, Linux has gone from being an important part of supercomputing to being the dominant OS.]]>
Cisco blinks and increases Tandberg offer tag:blog.internetnews.com,2009:/skerner//21.591942009-11-16T15:21:47Z2009-11-16T16:07:17Z From the 'Kroner, Corona' files:Over the last several weeks, Cisco executives have publicly said on a number of occasions that their offer $3 billion for Tandberg was a fair and that they'd walk if they didn't get it. To...Sean Michael Kerner
From the 'Kroner, Corona' files:Over the last several weeks, Cisco executives have publicly said on a number of occasions that their offer $3 billion for Tandberg was a fair and that they'd walk if they didn't get it. To...
Cisco
knows how to make acquisitions, they've made more than anyone else in
the technology market over the last 5 years. Chambers said during the AGM last week,
that making acquisitions is a core competence for Cisco.
It's clear
that Cisco really wants Tandberg and is willing to pay a premium for
the business, but we'll see on December 1st how far Tandberg
shareholders will push Cisco.
With an extra $400 million, Tandberg
shareholders should be ecstatic today. I'd be surprised if they don't all
down a few Coronas as they count their Kroners in celebration.]]>
Does Mozilla's Jetpack gallery spell the end of add-ons?tag:blog.internetnews.com,2009:/skerner//21.591892009-11-13T22:04:07Z2009-11-13T22:22:02Z From the 'Future of Browsing' files:I've been a fan of Mozilla's open source Jetpack since it publicly launched this past May. Like millions of other people, I use browser add-ons, and like millions of people I suffer with their...Sean Michael Kerner
From the 'Future of Browsing' files:I've been a fan of Mozilla's open source Jetpack since it publicly launched this past May. Like millions of other people, I use browser add-ons, and like millions of people I suffer with their...
Sure you can add Jetpack to Firefox 3.5.x as easily as you can
add an add-on. But I also don't doubt that once it's part of the
release itself adoption will skyrocket.
It will also lead to a
very interesting problem, which is - will both the legacy and Jetpack
add-ons co-exist? And if so for how long?
I use both now and
don't see a big problem, but there could be resource issues over time
that develop. In any event, with both the older add-ons and now the new
Jetpack add-ons, Firefox users are ultimately the winners with a wealth
of options to easily extend their browsers.]]>
Google patches Chrome for Apple WebKit flawtag:blog.internetnews.com,2009:/skerner//21.591862009-11-13T14:37:11Z2009-11-13T14:50:07Z From the 'Shared Security Risk' files:Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google's Chrome was vulnerable to the same...Sean Michael Kerner
From the 'Shared Security Risk' files:Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google's Chrome was vulnerable to the same...
Chrome 3.0.195.33 is a stable-channel release which at this point is
just Windows. Google has not yet moved its Mac and Linux versions up to
the stable level. Though stable releases are likely in the near term
pipeline.
Google's Chrome OS which could get its first public
preview this month is based on Chrome and uses Linux as its underlying
operating system. It only makes sense in my view, that if Chrome OS is
gearing up for release, then so too is a Chrome stable release for
Linux.
From my own use case perspective, I've been running Chrome on Linux
(dev-channel) for several months and it's quite stable for daily usage.
No it hasn't replaced Firefox on my Linux desktop as my default
browser, but it is certainly now a viable alternative.]]>
Google to make the web SPDY with new web protocoltag:blog.internetnews.com,2009:/skerner//21.591852009-11-12T22:45:30Z2009-11-12T23:10:42Z From the 'More Google Goodness' files:Google is trying to speed up web pages with a new open source application layer protocol called SPDY (pronounced speedy).Regular HTTP connections suffer from protocol overhead and latency -- which is why after all...Sean Michael Kerner
From the 'More Google Goodness' files:Google is trying to speed up web pages with a new open source application layer protocol called SPDY (pronounced speedy).Regular HTTP connections suffer from protocol overhead and latency -- which is why after all...
open source participation and they want to make the web faster for everyone.
They also want to make the web more secure. SPDY works on top of SSL, to ensure security from the get go.
"Make SSL the underlying transport protocol, for better security and
compatibility with existing network infrastructure," Google states in its white paper on SPDY. "Although SSL does
introduce a latency penalty, we believe that the long-term future of
the web depends on a secure network connection. In addition, the use of
SSL is necessary to ensure that communication across existing proxies
is not broken. "