Linux Solutions

Ed Colligan, CEO of Palm, has said that his company’s new operating system of the future will centre on the internet, and will be distinct from the current Palm OS that’s available at the moment.

In a recent interview, Colligan described the Nova OS (or Web 2.0 – possibly) as a “next-generation operating system with much more capabilities, driven around the Internet and Web-based applications.” Scheduled for release next year, Nova will be based on a Linux core.

Talk of new capabilities sounds good but with Apple’s dominance amongst others, how will Palm compete in an already crowded market?

“Palm’s got maybe 15 million customers and 50 million devices around the world, it’s brand that’s globally recognised. We sold a million Centros in the first five months of it going on sale with one carrier in the US, so to say were not an active player in the market is not really accurate.”

“There will be 1.2 billion new handsets sold this year, there’s billions of users around the world, so there’s a huge opportunity. And it seems to me that when there’s a billion of anything sold per year – well, we don’t have to have Apple, RIM or Nokia be unsuccessful for us to be enormously successful,” said Colligan.

Palm are focused on executing their own system, “mostly because we really believe that to create the most compelling solution it should be an integrated package much like we started with the Palm OS and doing the original Palm Pilots: we did the operating system, we did the hardware and we did the whole synching architecture and the desktop tie-in, which is equivalent to the Web these days.”

Colligan claimed one of the things Palm wanted to do is to make sure that they had an “end-to-end solution we really controlled and could deliver the end-user experience we want to deliver. We think it’s going to be stunning and breakthrough in its execution, and we’re working on some very exciting new devices to go with it”.

That ‘next generation’ Palm OS will slot in between the Centro and Treo lines under a new ‘prosumer’ brand that’s yet to be decided, Colligan explains. “We’re going to continue to look at those three line areas – consumer, prosumer and enterprise. Treo is today more of our mainstream prosumer product which is extended into the enterprise, but over time you’ll see some branding work done on the top two to make sure they’re really well delineated.”

Microsoft, the global computing giant has begun private beta testing of a new tool known only as “Windows Advisor”.

The tool is aimed at helping consumers figure out if their computer has got what it takes to run certain applications as well as diagnosing any problems your computer may have, then providing solutions.

Microsoft officials are firm believers in Windows and claim that their operating systems are not to blame for every problem that arises for users. They say that faulty drivers and poorly written apps are generally the cause of all problems. Microsoft has constructed Windows Advisor so that users can get to the core of the any problems, and then fix them.

Someone who had access to the new program had this to say: “While in the past support was limited to a help desk, today the lines are becoming blurred between the various technologies. When a user has a sluggish Internet connection, is it due to a connectivity issue, spyware, a virus, an outdated or poorly maintained computer, the router, a failing hard drive, or simply the customer’s impatience?”

The source believes that to be effective in today’s environment, “computer care and support services must be more comprehensive and accurate.”

The source goes on to describe how the program works: “Windows Advisor is an easy-to-use self-help tool that notifies users about problems on their PCs and helps fix them. Windows Advisor scans users’ PCs continuously, notifies them about important issues, and, when possible, suggests easy fix solutions.”

The program includes a 1-click check-up function “that enables them to check their PCs whenever they like.” Other features include; tips and tutorials that teach users how to perform certain actions on their PCs; and a toolbox that concentrates the important tools that are found in the operating system into one easy-to-find location.

Windows Advisor supports Windows XP Service Pack 2 (SP2) and Windows Vista. The beta is only available in English.

Microsoft were guarded as ever, when pressed for further details about the beta, “Microsoft is continually developing tools to help customers get the most out of their PC experience, and will keep you posted as we have more to share.”

This article was brought to you by Marble Media/Manchester Web design.

Yesterday, Google Inc unveiled it pricing details for the Google App Engine. The announcement comes on the eve of the company’s first-ever developer conference.

First announced in April, Google’s App Engine provides hosted dynamic web servicing, persistent storage, automatic scaling, a local development environment and authentication and load balancing aimed at making it easier for developers to build web applications.

Google has touted the App to developers as a way to take advantage of the most visited site on the internet’s own infrastructure, and to build, test and run their own applications.

The waiting list for the Google App Engine has 150,000 developers since it was announced, and as of today it is available to any developer without waiting.

The pricing of the App Engine has been a mystery but now Google have provided us with answers. The product is free to get started, and in the current preview release applications will continue to be restricted to the free quota of up to 500MB storage and enough CPU and bandwidth for about 5 million page views per month, Google said.

Once the preview period ends – later this year – developers will pay:

$0.10 - $0.12 per CPU core-hour
$0.15 - $0.18 per GB-month of storage
$0.11 - $0.13 per GB outgoing bandwidth
$0.09 - $0.11 per GB incoming bandwidth

Other announcements for the App Engine in the coming weeks include new developer APIs; a new image-manipulation API will allow developers to scale, rotate and crop images on the server, and a new memcache API is aimed at making page rendering faster for developers through a high performance caching layer.

This new announcement is part of Google’s continued effort to get cosy with developers. With the Google I/O developer conference taking part today in San Francisco, the company is expecting around 2,900 developers to attend.

With regard to the conference, Tom Stocky, Google’s director of product management for developer products noted, “The Web is really the de facto platform for application developers. We think this in many ways represents an inflection point for Web developers. The Web has brought a new level of interoperability for apps. Developers can choose between APIs and bring a new level of utility to end users.”

In related news, Google Web Toolkit Release Candidate 1.5 will be released at the end of the week, and will include Java 5 language support to help developers build AJAX applications without having to worry about common barriers like browser capability.

Google added that this next release includes a compiler for producing faster code and a growing set of libraries for building AJAX applications.

US computer Titans Microsoft have suffered a set back in the UK education sector after Becta, the government procurement quango, reformed its purchasing regime in an attempt to break the companies hold on education , and launched a program that will involve schools adopting open source software.

The Schools Open Source project, costing around £270,000, is being fought over by three open source software suppliers – the Open Source Consortium, The Learning Machine and Open Source Software Watch.

Each of the suppliers has submitted tenders to Becta this week. The company picked to move ahead with the program will spend two years building a community of schools which uses and develops its own open source alternatives to Microsoft software.

Becta has called on open source companies to join its £80 million framework list of certified suppliers of software to schools, contacts for which will be awarded in June. The previous list consisted entirely of Microsoft suppliers and drew Becta widespread criticism for taking the easy option and going with the monopolist rather than home-grown and cheaper alternatives.

None of the three companies involved were prepared to confirm their involvement, they did say that the competition was an indication that Microsoft’s stranglehold on the industry was waning in the UK’s public sector.

President of the Open Source Consortium Mark Taylor, said: “We’ve been telling Becta for a while that they need to help kick start open source in the schools market. They said that would be skewing the market, but we said, ‘it’s already skewed’. All we are asking for is an even chance.”

“The procurement list is biased against open source companies,” said Taylor, who is bidding for the work as head of the Sirius open source consultancy.

“We will have open source companies being official suppliers to education for the first time. Becta are at last taking practical steps to open up the market. ”

Ian Lynch, director of business development at The Learning Machine, said: “I think a lot of this stuff is indicative of the fact that Becta is changing. Five years ago, open source would have been a bigger risk.”

The Office of Government Commerce announced on Monday that competition for places on its Educational Software License Framework had opened. The invitation to tender it wrote jointly with Becta called for open source suppliers to take part for the first time.

“We are particularly seeking suppliers who can provide a comprehensive choice of software solutions including appropriate open source and free-to-use alternatives and advise users on best value licensing,” said the framework’s contract notice on the Official Journal of the European Union.

On Wednesday Both Novell and Red Hat updated their Linux operating systems, adding improvements to desktops, networking, virtualization, management and hardware support.

We spoke about Red Hat’s RHEL 5.2 yesterday, so it’s only fair Novell’s SUSE Linux Enterprise 10 service pack (SP2) gets a look in.

Novell has added support for Xen 3.2 to its server platform, SUSE Linux Enterprise Server (SLES), and support for fully virtualized Windows Server 2008 and 2003 platforms. In addition, Novell now supports live migration of Windows guests across physical machines.

Novell’s support of the Windows platform is due to the cross-licensing patent deal it signed with the computer giants in 2006 and an interoperability lab the pair opened in 2007.

Novell has also updated its YaST (Yet another Set-up Tool) to ease boot-ups and add network module support for new devices.

The desktop’s had an overhaul too. Novell has added local NTFS file support to improve interoperability with Windows and Office, improved integration with Active Directory and upgraded Open Office.org 2.4 Novell Edition, a set of productivity applications. This now includes a technical preview of an Office Open XML (OOXML) translator.

Novell have also added plug-and-play support for wireless broadband (UMTS, 3G) and Network Manager enhancements.

To help users manage distribution of updates, Novell has added a new tool called Subscription Management Tool for SUSE Linux Enterprise. The SP2 release also includes updates to Heartbeat2 and OCFS2 for high availability and storage management, support for IBM cryptographic hardware, support for IPv6 and enhancements to network, storage and other drivers for better hardware compatibility.

New real-time support features include OpenFabrics Enterprise Distribution 1.3, adaptive locking and the Precise Timing Protocol.

Novell also updated several tools in its SUSE Linux Enterprise Software Development Kit, including KIWI, YaST2 Product Creator, YaST2 Add-on Creator and YaST2 Image Creator.

Red Hat Enterprise Linux (RHEL) version 5.2 was released yesterday with six areas that have been given a major overhaul; Desktop, Security, Virtualization, clustering and storage, networking and Ipv6 and serviceability.

Not only that there is now broader hardware and architecture support. In particular, RHEL v5.2 provides enhanced capabilities for x86/x86-64, Itanium, IBM POWER and S/390 architectures. These improvements are mainly in the performance, power usage, scalability and manageability. For example, Red Hat claims that RHEL will support Intel’s Dynamic Acceleration.

RHEL v5.2 can support virtualization on systems with up to 64 CPUs and 512 GB of memory per CPU. Virtualization support for Non-Uniform Memory Access (NUMA) is also included. The new virtualization features also include virtualization-aware, PV (para-virtualized) device drivers. This gives the VM more direct access to the hardware, which in turn gives improved I/O performance.

This can only be used by guest instances of RHEL on the x86 and x86-64 architectures. Still, on these systems, if Red Hat is correct, administrators will see better overall throughput. To manage all this, RHEL 5.2 uses an improved version of Libvirt, a Red Hat-sponsored open source hypervisor-agnostic virtualization management framework.

Besides including newer versions of common desktop applications like Evolution 2.12.3 for email and groupware, Firefox 3 for Web browsing and OpenOffice 2.3 for office work, Red Hat has also added Suspend/Hibernate/Resume enhancements for laptops. Finally, Red Hat has updated many of its graphic drivers.

For better security, Red Hat has backported the new asynchronous kernel crypto hardware driver APIs from the upstream 2.6.22 Linux kernel into RHEL 5.2’s 2.6.18 kernel. This will enable developers to create drivers for cryptographic hardware devices. Red Hat has also added SHA-256/SHA-512 password encryption support and RFC4303 compliant auditing support.

On the clustering and storage front, Red Hat Cluster Suite, which comes with the RHEL 5 Advanced Platform, now has a Resource Event Scripting Language. RHEL 5.2 also has better iSCSI support for storage area networks (SANs).

In networking, Red Hat claims it has greatly improved its IPv6 support. In particular, RHEL 5.2 now supports OpenSwan 5.2. This means users will be able to run IPv6 IPSec virtual private networks (VPNs).

Last, but not least, RHEL v5.2 also fully supports SystemTap kernel tracing for developers. SystemTap user-space tracing is also available but only as a technology preview. In addition, all earlier individual software fixes have been consolidated into the RHEL 5.2 release.

RHEL v5.2 became available on May 21st. Red Hat Network subscription owners will automatically get this update.

DeviceVM have announced that its quick-booting Splashtop Linux implementation is being installed in ROM (read-only memory) of four new Asus motherboards. Asus claims it will be shipping over a million Splashtop-ready motherboards a month – which makes this one of the largest Linux deployments ever.

Branded by Asus as, “Express Gate”, Splashtop stores a lightweight Linux environment in flash ROM that enables PC users to instantly and securely browse the web without booting Windows. It is said to boot up a prompt within five second, letting users either continue booting Windows or load a stripped-down Linux environment featuring the Firefox browser, Adobe Flash, Skype and a photo viewer.

After the initial five-second boot-to-prompt, the technology allows the user to enable Firefox browser within a few seconds. Asus hope’s that the ten second from ‘off-to-online’ inspires users to switch off their computers to reduce power usage. Since Splashtop uses less power than Windows, the technology should offer another way to extend battery life, DeviceVM claims.

According to a company blog, DeviceVM recently demonstrated a future version that offers a virtualization option that loads Windows in the background while also quickly starting and using Splashtop. DeviceVM positions itself as a virtualization company, so it seems likely the company is moving toward a truly virtualized environment that lets users quickly switch back and forth between the two operating systems. Potentially, the technology might also be modified to support storage via a USB storage key when wishing to transfer files between the two environments.

According to DeviceVM, Asus is not an exclusive provider of the technology, and further announcements should be forthcoming. The company has received $10M in Series A funding, from investors that include AsusTek, Storm Ventures, DFJ DragonFund China, Tim Draper, iD Innovation (described as a “venture arm started by Acer Group founder Stan Shih), Harbinger Ventures, and “angel investors affiliated with major PC manufacturers Lenovo, Foxconn, Quanta, Compal, etc.”

Joe Hsieh, the general manager of Asus Motherboard’s Business Unit said, “In response to great user feedback, our plan is to proliferate Express Gate across our entire motherboard product portfolio, starting with over one million motherboards per month. Consumers want to turn their PCs on and off like any other appliance, and Express Gate has made that possible.”

The newly appointed head of Microsoft’s global Linux and open source team, Sam Ramji hopes the company will have a clear and comprehensible open source strategy by 2015.

He wants people to clearly understand what projects the company is contributing to, and what code Microsoft plans on making available on a routine basis.

“We don’t have hard rules… right now, it’s still careful judgment case by case.

“It’ll be understood, woven in to the fabric and in product-development cycles, so it’s well understood: ‘Here is the parts of our product that will be open source.”

To the outside observer, it would appear Microsoft is operating in its support of open source on a case-by-case basis. For example: in March it sponsored the Open Source Business Conference, but not EclipseCon.

Microsoft has moments of “openness” at times. Take the six hundred thousand pages of documentation for its implementation of Extensible Application Markup Language that were released this spring under its Open Specification Promise. The company also released 30,000 pages on its Windows APIs and protocols.

With the company publishing these massive technical documents, developers believe it could be a royalty and rights landmine. They are concerned that individuals might be forced in to paying Microsoft for inadvertently using techniques that are already ‘owned’ by Microsoft.

For Microsoft to release its infrastructure-level-code – tools, APIs, Protocols - free to read is a big step, but they are unlikely to open up Windows and Office for all to see.

Ramji claimed there is little value in opening Windows or Office. ISVs and systems integrators “rely” on a consistent platform and openness leads to forking.

It’s a strategy of practical engagement with open source that’s at least moved on from the early days, with Microsoft’s “Get the facts” campaign. Designed to convince IT buyers to pick Windows over Linux and open source products. However, it failed to take into account what those building the applications were really doing with their code.

2015 is seven years away and why Ramji picked this date is not clear. The challenge for Microsoft - thanks to its size, product diversity and an unpredictable management stance on open source - is to use the next seven years to not just pull level with IBM, Oracle et al by 2015 in its corporate policy, but to actually overtake them.

Mozilla Corp. has brought out the release candidate for Firefox 3.0, bringing the open-source browser one step closer to its first major overhaul in almost 19 months.

No-one expected Firefox release candidate 1 (RC!) came earlier than expected with even Mozilla’s chief engineer saying just last week that they would publicly launch the build in “late May.”

Firefox RC1 is available now for download from Mozilla’s servers, and is being offered as an update to users running the Beta 5 version of the browser – the final beta edition that was released six weeks ago.

Mozilla’s interface designer made users aware that, “The Firefox 3 Release Candidate is a public preview release intended for developer testing and community feedback.”

Beltzner touted user interface changes, stability and compatibility fixes, and additional performance improvements made to RC1 since the last beta – mentioning that some add-ons may not work with the candidate.

Although Mozilla has run through multiple release candidates in the past — three before moving on to final for Firefox 2.0 in late 2006 — Mike Schroepfer, vice president of engineering, said a week ago that RC1 might be the sole build prior to calling the browser done.

Schroepfer has said several times that Firefox 3 will ship in June.

Firefox currently accounts for about 17.7% of the browser market, according to the most recent data from Net Applications Inc. Microsoft Corp.’s Internet Explorer remains the most wide-used browser, with a 74.8% share, while Apple Inc.’s Safari comes in third with 5.8%.

Firefox 3 RC1 can be downloaded for Windows, Mac OS X and Linux in 41 languages from Mozilla’s site.

A security researcher recently disclosed vulnerability in widely used Linux distributions where attackers can guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information.

HD Moore, best known as the exploit researcher who creates the Metasploit penetration testing framework, called the vulnerability in Debian and Unbuntu systems “ugly” and said it would be a big job for administrators to find every flawed key, and then re-issue them.

The bug, which was noted on Tuesday by the Debian Project, is in the random number generator used to produce a variety of digital keys, including SSH (Secure Shell) keys and SSL (Secure Socket Layer) certificates.

In Moore’s blog yesterday he boasted that it was relatively easy to “guess” keys and claimed he was able to generate 1024- and 2048-bit keys in about two hours. However, He estimated that an 8192-bit RSA key set would take some 3,100 hours (about 129 days) to generate.

Moore also published several key-generating tools - collectively dubbed “Toys” - that included a shared library and a key generation script.

With this news hitting the internet, other researcher’s began to post notices on their web sites. Bojan Zdrnia, an analyst at the Internet Storm Center (ISC) said, “This is very, very, very serious and scary.”

“The development of automated scripts exploiting keys looks like a real threat to SSH servers around the world,” he added.

Symantec Corp. also warned customers of its DeepSight threat network of the vulnerability noting that, another hacker “Markus M” published a tool that automates brute-force attacks of the key weakness to the Full Disclosure security mailing list.

It’s not just users running Debian-based systems who are at risk, Moore cautioned, but virtually anyone. If data copied to other platforms has been secured by keys generated on a Debian distribution, that data could be snatched.

“There’s a lot of different areas that you’re going to have to look, not just within Debian,” Moore said. “Administrators will have to audit every single key. Even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.”
Moore, ISC’s Zdrnja and others have recommended that Debian and Ubuntu users patch their systems - updates are available - and that users and administrators regenerate all keys produced on a Debian system between September 2006 and May 13, 2008. The September 2006 date, said Moore, was when the first builds that included the flaw were made available.

Although he said the situation is serious, Moore doubted that there would be general and widespread attacks. Instead, he said the most likely outcome would be targeted attacks on systems that administered large numbers of Debian users.

Moore also discounted any connection between the Debian vulnerability and his disclosures, and brute-force attacks some vendors, including Symantec, have been tracking the last 24 hours.

“The timing is definitely funny,” he acknowledged, but said the difference - the attacks have been against user-generated passwords, not authentication keys - means the two events are probably just coincidental.