These up-and-coming storage companies from the 2008 CRN Emerging Vendor list have a winning view on the storage space.
Solution providers interested in a refreshing take on VoIP from young, up-and-coming companies need look no further. The 2008 CRN Emerging Vendor list includes six VoIP vendors on the rise.
We picked the top of the line. Check out the these companies, selected from our database of 178 emerging vendors.
On a Lenovo Thinkpad with Ubuntu 8.04 (Hardy Heron), Firefox 3 was nigh unusable for the past few weeks. The distro was released with Firefox 3 Beta 5 " and the instability was maddening " with Firefox crashing several times an hour. It didn't matter how many tabs were open, or what sites were running. Trying to close a tab (after reading my Dilbert comic for the day) often crashed the browser. At one point, we even downgraded to Firefox 2 to stop the crashes. (Crashes trump leaks when it comes to useability.)
With RC1 and RC2, the stability started to improve. With RC3, we are down to one crash a day. So far, we haven't isolated a particular web site culprit for the crash, but we suspect the pop-up ads. But is the stability thanks to the fixes made to the Firefox 3 core browser, or is it the third-party plugin AdBlock? At the moment, the add-on is doing more for this box's stability than the browser itself.
The add-ons have been slow in coming, but they are slowly trickling in (Google Toolbar! Firebug! Greasemonkey!), and will only make the browser more useable after the launch. The feature list is extensive, so it's easy to see why Firefox 3 is generating so much enthusiasm. However, one of its new features " the "smart bar" - just seems jam-packed with features that will never be used. We are ready to be proven wrong.
After almost three years of development, it seems a little silly to say that Firefox 3 feels like it was rushed out. But even with RC3, we worry about stability. We want the confidence of not having random crashes, and we want to know that memory leaks are a thing of the past. It's clearly come a long way, but with all the download hype, is Mozilla pushing out a not-quite solid product just for a publicity stunt? At least on this Ubuntu box, FF3 is not quite yet the World's Best Browser.
We don't begrudge developers their fun, but Exherbo made us pause. It shares a lot of concepts from Gentoo, but Exherbo's developers claim that it is not a true Gentoo fork. From the site, "Exherbo is a distribution designed for people who know what they're doing with Linux." In this case, that's just Exherbo's developers, apparently, since the site is very adamant the Exherbo is not intended as a user-distribution and a wide developer base is not desired. From the site: "A developer base polarised between those who make thousands of changes every month and those who make perhaps a dozen each year does not make it easy to push forwards the sort of improvements we want." Huh?
So in other words, Hi! We are playing in the open source sandbox with open source toys, but we play with only our friends. Nyah nyah.
It seems a little counterintuitive to say that users are "a detriment to the distribution's technical needs" since some of the best software features often are user-requested. It's okay -- we get it. As developers, we've created perfect applications that pesky users kept ruining because they couldn't appreciate the simplicity and elegance of our creation. All the whining for useability, error-checking, and formatting! And jealous rival developers clearly don't understand how to work with the perfect architecture.
Still, it's a little arrogant of the developers to write, "It's just that we have nothing to offer you, and you have nothing to offer us." It's the age-old tree in the forest question. If I can't get to look at the app, can't tinker with it, or even see what it does, who cares? And when (if?) Exherbo is ready for users, will anyone come?
SSH, or Secure Shell, is an encrypted protocol (using SSL) to connect to another machine. SSH also supports X11 forwarding to get graphical programs running on one machine to display on another. It is much more secure than telnet or other protocols to get to the shell prompt on a remote machine. A key generated by the server verifies that the user is connecting to the correct machine, and had not been diverted to a different (malicious) machine. Some systems assign a user-level key as its only authentication method -- no password required.
Discovered by security expert Luciano Bello, Debian's OpenSSL library was generating predictable random number sequences. This means that content encryption and authentication mechanisms using SSH were all weak, as anyone with free time could use brute-force tactics to break the keys.
The problem extends as far back as 2006, when Debian patched the OpenSSL library to fit the distribution better. The change removed the logic that seeded the OpenSSL random number generator. Without seeding, the random number generator was no longer random.
This isn't limited to only SSH, however, as the vulnerability extends to OpenVPN keys, DNSSEC keys, and key material used in X.509 certificates, and session keys used in SSL/TLS connections. All previously generated keys using OpenSSL versions starting with 0.9.8c-1 should be considered compromised.
The testing and current (etch) Debian versions are affected, but not the old stable (sarge) distribution. For Ubuntu, versions 7.04 (Feisty Fawn), 7.10 (Gutsy Gibbon), and 8.04 LTS (Hardy Heron) are all impacted.
To fix the vulnerability, all systems should download the patch to fix the OpenSSL library. Once the update is applied, weak user keys will be automatically rejected where possible so that new keys can be regenerated.
The known_hosts files should be updated with regenerated keys and old keys deleted. The update contains a ssh-vulnkey tool which can check for vulnerable keys. Unless there is a high degree of confidence that the key was generated on a safe machine (old Debian version), all keys should be regenerated regardless.
Subscribe To This Feed
