TypeScript 1.0, IPython 2.0.0 and Rust 0.10 – Snippets


TypeScript hits 1.0: Microsoft’s take on reworking JavaScript, TypeScript, has hit version 1.0 and is now accepting pull requests on the open source compiler (though it’s bug fixes only for now.). Meanwhile, Microsoft have embarked on an open source fest with the creation of the dotNet Foundation, now home to a .NET compiler, micro frameworks, Couchbase for .Net, various SDKs, ASP.NET modules and other stuff. And to top it all off there’s WinJS, a set of UI controls and scaffolding for making Windows applications. Microsoft may be changing, but how effective that change will be is the big question. In the meantime, TypeScript gets to fight it out in the crowded playground that is JavaScript complements/replacements with Dart, CoffeeScript and, lets not forget the next generation of JavaScript, ES6.

IPython 2.0.0: The interactive Python environment IPython, has been updated to version 2.0 and adds interactive widgets, directory naviagation, persistent URLs, a modal UI and security model to its idea of Notebooks as a container for projects. Under the hood, the codebase is now native for Python 2.7 and 3.3 which are also the minimum required versions. There’s lots more changes listed in the release notes or you can just go install it and get into the tutorial which gets you going with the rather clever world of Python powered notebooks.

Rust 0.10 oxidises: Away from the controversies at Mozilla, the Rust developers have rolled out a new Rust release, version 0.10, which continues the steady development of the systems programming language. Changes include the libextra package being broken down (‘misc’/’extras’ libraries are always a bad sign so good to see it go), cross package (crates in Rust terminology) syntax extensions, better smart pointers and I/O handling. As things kick up a notch towards a final version, there’s now a RFC process for changes and nightly releases of binary installers. It’s all still alpha but progress is good – it was recently reported that Servo, the web engine being built on Rust, has passed the Acid 2 test.

LibreOffice and Mercurial update while Firefox steps back – Snippets


LibreOffice 4.2: The LibreOffice folks have rolled out their latest release, LibreOffice version 4.2 which includes a decent selection of new features, with the headliners being improved OOXML roundtripping, a GPU/OpenCL utilising Calc engine, enhancements to Windows installation and management and better Windows 7/8 integration, an expert configuration window and a more optimal start screen. Download from the usual place.

Mercurial shines: The other other distributed version control system (DVCS), Mercurial, has just has an update to version 2.9. The update adds infinite scroll to the web interface, hardens up the rebasing process, adds support for git delta hunks and various other fixes and enhancements. Mercurial’s a great DVCS but lacks a mind-share-winning “GitHub” equivalent which has helped push git to the fore. Despite that git-mind-share, Mercurial is the DVCS used by Mozilla and Facebook among others.

Mozilla backtracks Sync: One of the interesting features of Mozilla’s sync service for the Firefox browser was it didn’t need username/password combos, instead going for a pairing approach to use the services. Clever, but… it appears Mozilla are pulling that idea out of service as it tests a new Firefox Accounts strategy which it hopes to harden up with multi-factor authentication and more over time. Which shows, if anything, that users will define, by erosion, your security’s shape, no matter how neat your solution is. The changes are in test now so within a couple of months should be landing in your stable browser.

Firefox 26, Netflix’s Suro, Vagrants and Dockers and Websockets for all – Snippets


  • Firefox 26 digs in: Today we’ll see the release of Firefox 26, latest in the overly regular Firefox release cycle. From the (currently beta) release notes, we can see the big changes. All but the Flash plug-in are now click-to-play by default, Windows users can update their Firefox without having to write into the Firefox folders, the password manager can handle password fields generated by scripts and on Linux, if the installed gstreamer can handle h264, so can Firefox. A couple of fixes, some developer enhancements and thats about it. There’s also a Firefox for Android update due today. The release notes note some performance improvements, the same password manager enhancement and some fixes. The developer page for Firefox 26 covers changes of interest to developers in more detail. Firefox 26 will be turning up in updates and for download later today.

  • Netfix’s Suro goes open: From the people who brought you a cloud full of monkeys… Netflix’s latest open source release is Suro, an application monitoring system used by the video stream vendor to track the behaviour of their Amazon AWS deployed applications. Originally based on Apache Chukwa and adapted to fit Netflix’s demands, Suro pulls the company’s monitoring data from the various app clusters and pushes it to S3 (for Hadoop based analytics), to Apache Kafka (and on to Storm, Amazon ElasticSearch and Druid and to other event processors. There’s a lot more detail in the announcement including in production stats and how the pipeline is used to analyse errors.

  • Vagrant meets Docker: The latest update to Vagrant, version 1.4 has been announced and the big improvement in system that has traditionally been used to create automatically reproducible development environment is the addition of Docker support. The Docker provisioner can install Docker and then lets Vagrant cirtual machine pull and configure Docker containers within it. There’s also some enhancements to the scriptability of Vagrant itself, the ability to require a particular version of Vagrant and support for standalone file sync plugins.

  • websocketd: And finally, have you wanted to make a shell script or other app into a WebSocket server but lacked a library or access to the code to do it? Websocketd might be the answer as it turns anything with console I/O into a WebSocket server in a style rather reminiscent of CGI. Remember, most command line applications are not suitable for being exposed to the raw web, but the app could get you out of a hole when prototyping.

And, for reference, everything mentioned today is open source software.

Multiprocess Firefox, Kexec and Secure Boot, Poisoning GCC and OpenNebula 4.4 – Snippets


  • Firefox goes multiprocess: Some years back, Mozilla embarked on the Electrolysis project to give Firefox a multiprocess architecture, where each web page ran in its own process. This idea isolates web pages from crashing each other and should have performance benefits too; Google’s Chrome, for example, was built with such an architecture. Unfortunately, a year later Mozilla put that effort on hold to work on things which would give quicker returns. Well, now it’s 2013 and the project in back and already in the nightlies. A full write up on Multiprocess Firefox is available in Bill McCloskey’s blog which explains there’s no release date for this work yet, how to enable it if you want to try it out and how things will break and how add-ons are affected.

  • Kexec and Secure Boot: Matthew Garrett has written up why kexec is disabled in Fedora when booted with Secure Boot enabled. Worth a read as it shows why being able to swap kernels in such an environment is a bad thing.

  • Poison for GCC: One thing Microsoft have done well is providing red lights for dangerous function calls (like strcpy and sprintf) in their tools (by adding a header file banned.h). Now, Leaf Security Research are creating a version for GCC with a Github project to create a “gcc-poison.h” file. Using it could help developers find those nasty vulnerable, error-prone functions hidden in their code base.

  • OpenNebula 4.4 goes “Retina”: The other other open source cloud platform, OpenNebula, has just been updated to version 4.4, codenamed Retina (after the Retina Nebula – this project has the best codenames). The update supports multiple datastores with scheduling policies to spread loads across different VMs and their associated storage. For more details, check the release notes.

H.264 is heading to Firefox… is it an EME dry run?

header-logoCisco and Mozilla have made an announcement – Cisco will open source an H.264 implementation and Mozilla will incorporate support for a binary version of that open source code in Firefox in 2014. But what’s behind this move…

Firefox has wrestled with the H.264 video bear for some time now. Initially Mozilla took the position that there’d be no patented royalty-bearing standards implemented in Firefox and eschewed H.264 support in HTML5’s <video> tag for Google’s VP8-based WebM. This idealised position didn’t really get traction though and slowly the resistance to H.264 dropped, first on Android and then on Windows, with the removal of blocks which stopped system-level H.264 codecs that were already installed on the host operating system being used to play H.264 content. But on Linux, for example, where there was no system-level codec for playing H.264 by default and design, there was still no way to play H.264…

So that left Mozilla in an odd position of having a browser that may or may not be able to decode H.264 depending on platform. What would work is if Mozilla could lay its hands on an open source implementation of H.264 and then incorporate that into Mozilla. But that would trigger MPEG LA’s royalty gathering. And so Mozilla was at an impasse.

Until today, when in the synchronised “dance of the contribution”, Cisco first announced that it was releasing an open source (BSD licence) implementation of H.264 called OpenH264. Cisco’s motivation here is to get H.264 as the standard for interoperable web video in WebRTC for conferencing, which is dear to Cisco’s heart and business. Open source gets you so far, but Cisco needs H.264 in browsers like Firefox without passing on the costs. Cisco has said it will do that work by releasing binary modules of the OpenH264 codec and it will take the royalty cost on.

Ah, but how will it know how much distributing those modules will cost it when the MPEG LA chaps turn up for an audit? Brendan Eich, Mozilla CTO, explained that Mozilla won’t be bundling this binary module with the code. When Firefox needs the module, it will download it from Cisco and save it. Other apps will also apparently be able to make use of this downloadable module too. Eich does note that Firefox will still need AAC codecs on similar terms to the H.264 codec to complete the “industry de facto” stack for video and audio.

But here’s an interesting point. The debate about EME, the Encrypted Media Extensions for HTML5, has centred around the idea that the open web, and open web browsers, would be harmed by the presence of possible patent bearing, definitely closed source modules to perform encrypted video decoding. Now, here’s Mozilla, albeit with a different area of technology, working on how to include a platform-appropriate binary module into Firefox at runtime, as needed. It’s almost like a dry run for how EME decoders could be transparently downloaded and run. And that would be one less road-block for EME. Of course, this could also be the last thing on Mozilla’s collective mind, but the incorporation of an automatically downloaded binary module into Firefox will be a landmark in the history of the staunchly open source browser.

Talend go Apache, Mozilla and Xiph, Oracle and Java and Virtualbox updates – Snippets


  • Talend go Apache: Talend, makers of integration, ETL and other data management products, have long been proponents of the GPL license for their products. I’ve asked them about this in the past and they’ve been robust in their reasoning about why the GPL is right for them. It appears though that that era has come to an end with an announcement that the company will be stepping towards more permissive licensing. They first plan to move to LGPL with version 5.4 of their products then to Apache in 2014. They’ve been steadily exposed to permissive licensing as they have built Talend ESB on Apache projects and when they went to release “Talend Open Studio for Big Data” they decided to go with Apache for better compatibility with the Hadoop ecosystem. That product, they say, is “arguably the most adopted product from Talend, ever” and that inspired a licensing rethink. An interesting change (and if you’ve not looked at Talend’s software, check it out… there’s some powerful integration mojo in there).
  • Mozilla’s new video hire: Xiph.org founder Monty Montgomery is off to Mozilla amicably leaving his current employer, Red Hat, for a chance to work at Mozilla with the other Xiph developers. Current work in progress is the Dalaa video codec which is setting out to be a free to implement and use, and technically superior alternative to h.265 and Google’s VP9. Mozilla is primary sponsor on the project and talking to Gigaom, Montgomery says progress on Dalaa is solid and there could be commercial products using it by the end of 2015. It looks like Mozilla are making sure that they aren’t caught again between a rock (h.264) and a hard place (VP8) in the future.
  • Oracle and Java fix time: It’s time for Oracle to drop its metric shedload of fixes for October. Short version, there’s a Java 7 update 45 (release notes) now available with security fixes for 51 vulnerabilities nearly all of which are remotely exploitable and with eleven scoring the full 10.0 on CVSS scores and nine scoring 9.3. Typically, most Java holes are around the sandbox, WebStart and applets, but two of the 10.0 critical holes affect servers too. Update your Java 7; if you are still on Java 6, you now have two problems.
  • VirtualBox 4.3: A new version of Oracle’s open source VirtualBox has arrived. The changes in version 4.3 are sufficient for it to be called a major update. The VT-x code and AMD-V code, the guts of the virtualisation, has been rewritten to fix bugs and improve performance. There’s a new instruction interpreter that can step in when hardware virtualisation isn’t able to handle something. New notifications, better keyboard short cuts and support for video capture have been added to the GUI while support for emulating USB touch devices, webcam passthrough and SCSI CD-ROM emulation have also been added. There is also a new virtual router mode which lets multiple VMs share one NAT service. And obviously, there’s oodles of bug fixes.