It looks like a security hole that was reported many many month ago, but considered minor by Microsoft and therefore never corrected, turns out to be a remote arbitrary code execution flaw. My question is why IE holes go uncorrected for this long – this isn't the first time something like this has happened. One thing I found scary is that a full third of the visitors to the SANS site are vulnerable to the problem. Keep in mind that anyone who has even heard of SANS is more security conscious than the average user, so if that amount of people actually visiting the site are vulnerable..well, the situation is bad. In other news, Firefox 1.5 has been released.
–jeremy
Microsoft, IE, Firefox, SANS
Archive for November, 2005
Another issue that I've posted about before. It looks like MySQL AB may be developing their own transactional database engine for MySQL. From the article: “Obviously because Oracle made that acquisition we are evaluating options to replace that functionality in some way,” said Richard Mason, vice president of MySQL for Europe, the Middle East and Africa (EMEA). “We're not at the point yet where we can go public with what that plan is but we will be shortly.” So, still not a ton of concrete information available, but it's now clear which way MySQL AB is going to go with this. One still has to wonder why they didn't acquire Innobase OY themselves, when they had the chance. Whether MySQL AB will attempt to write the new engine from scratch or use one of the exiting ones as a base remains to be seen. This could also just be posturing as an attempt to get Oracle to renegotiate the InnoDB deal, but considering the size and histories of the companies involved that seems extremely unlikely. I still find it interesting that Oracle considers MySQL AB a direct competitor – I always considered them an indirect competitor. One thing is becoming clear though, and that is that MySQL AB is in a tough space right now. With SQLite, firebird and PostgreSQL gaining popularity on the Open side and free or extremely inexpensive releases of Oracle, MS SQL and DB2 available on the proprietary side, MySQL is in that sometimes dangerous middle ground. They do however have one significant advantage though, and that is application support. If they can continue the current trend of many popular apps only containing support for MySQL, that could be the wild card they need. As the other DB's gain in popularity though, that may be a tough thing to do.
MySQL, Oracle, GPL, InnoDB, Innobase, database
–jeremy
This is a topic I've covered quite a bit recently and one that I think is extremely important. The main problem I see with this press release is the lack of details. I've seen rumors that only the information to write will be included, which would seem odd, considering MA's main concern was people being able to read Government documents. It should be noted that this is at least 12-18 months off (an eternity in this industry). It should also be noted that this is going to be an ISO standard, not a completely “open” standard. This could get Microsoft the ability to say their documents are a “standard”, without being beneficial to others in the way a standard developed transparently in the open would. How? Let's say they release office version X and then submit to ISO. 12-18 months later the standard is available and people like OOo can properly implement. By the time that is done though, Office version X+1 will be nearing release. Microsoft could completely change the format, submit to ISO and then the waiting game begins again. In reality, the competition's access to the format lags so far behind that it's nearly useless. Sneaky. This is something I'll be watching closely and I'll be sure to post updates as more information becomes available.
OpenDocument, OASIS, Microsoft, Office
–jeremy
Been a long time coming, but the new LQ site is now in an internal sort of beta and the mods are having at at. What's this mean if you're an LQ member that has been waiting for the upgrade? We have set the tentative date for public release at December 3rd, which is less than 2 weeks away. The changes are significant and pretty much no part of the code remains unchanged. Despite that I think you'll find the LQ look and feel, which focuses on data and information – not being too flashy or fancy. I'll probably leave a few more breadcrumbs here and there and I'll give more upgrade info as the date draws closer. Stay tuned – I think you'll find it worth the wait.
–jeremy
As promised, an update on this post. As of a couple hours ago, Google Analytics is finally consistently both reasonably fast while also having reports populated with data. My first impression is that this is very slick. The data you get is presented in a useful manner and the amount of data available is significant. It has all the reports you'd expect such as visits, pageviews, etc. It also has some extremely powerful functionality such as conversion tracking, campaign integration, funnels, goals and a slew of other things that marketers will love. Also some slick features such as the Geo Map Overlay. One thing that I noticed is missing now that there is actually data in the reports is the site overlay. It's still in the help section, so I hope it returns soon. I know Web Trends makes a fairly big deal out of that feature. One thing that's either a glaring omission or I just can't find is full referrer info. You can see that foo.com sent N number of visitors, but you don't get the full URL – just the domain. Someone please point out that I am just missing this info 
All in all a decent offering that should make most happy, especially if you use AdWords. On that note, when I logged into my AdWords account today it asked me to convert my login to an existing Google one. In the end it looks like Analytics, AdWords and AdSense will all use the same login. The amount of correlation Google can do at that point is significant. The amount of data mining Google can do with Analytics alone is significant in fact. With AdSense, they could do a far amount of mining but a large part of the puzzle was missing – they didn't know what % of your pages you ran the code on. If it were 1% vs 100% it would have a significant impact on the information gathered. Since they didn't know, some assumptions couldn't be made. By definition you are usually going to run Analytics on 100% of pages, at least in a given area (which is defined in the control panel). If you didn't, the data would be a bit useless to you. Now, it's not that I don't trust Google. In fact, I trust the Google of today to an extremely high degree. Larry and Sergey have proven their morals and direction IMHO and I think they'll do the right thing. But, what about the Google of tomorrow… or the next day? They sure do have access to a significant amount of data and have shown they know how to use it. They have deep pockets, lofty goals and a huge number of really smart people. In the wrong hands, the data they have could be extremely damaging. Even on the fairly innocuous side of things, how tempting will it be when times get lean (and they will) to see who spends on lot on AdWords and then send them less organic traffic in the hopes that they'll bump up their ad dollars to make up for it. That one seems unlikely as Google clearly gets that having the best search engine is tantamount to their plans, but you get the idea. Let's hope they do the right thing.
Google, Google Analytics, Urchin
–jeremy
I mentioned in a previous post that I hoped Greg's comments on OSDL technical management were just an anomaly or simple miscommunication. Greg was kind enough to point out to me that this is unfortunately not the case. Currently they seem to be still ignoring us, as nothing has changed (yeah, lots of talk, but no real actions…) But, we have a slot on the board meeting in January to discuss our point-of-view, so we are not giving up yet. As I also mentioned in my last post, I'd hate to see OSDL drop the ball here. Their distribution agnostic employment of Linus, Andrew and others as well as some of the additional projects and initiatives they have going have become not only extremely important, but woven into the current framework. It's not like either Linus or Andrew would be hurting for a job if something happened to OSDL – companies would be waiting in line to be the ones that sign those checks. But, would that company offer the kind of vendor neutral, distro agnostic, non-commercial setup that they currently have? Who knows… but Linus has certainly shown that this is something that's important to him (and for good reason). FWIW, I'd be happy to help in whatever capacity I can. LQ was an OSDL Linux Summit sponsor last year and we're working on it for this year also, so I may be able to get somebodies ear from that angle. Additionally, I'd by happy to work with OSDL in any capacity that they think could help them with their “community building” skills. LQ has grown to over 200,000 members and 2,000,000 posts so I'd like to think I could help in some capacity. If anyone is interested, don't hesitate to contact me – even if it's just to chat or throw ideas around. This is sometimes that is important and worth working on to do correctly. Now, I'm sure there is plenty on both sides that I'm not aware of – but I'm more than willing to listen and learn.
OSDL, Linux, Open Source, kernel
–jeremy
Just a quick follow up to this post. The product looks extremely cool and at the price (free) some of the competing vendors had to be quite concerned. The WebSideStory stock fell almost 15% on the news, to give you an idea of the impact this is going to have. BUT, this has to be the all time worst Google rollout ever… and the product wasn't even released as BETA. I got in early in the morning and the site was almost unusable. Got a quick site set up and it said I'd have reports in 6-12 hours. Shortly after that the site went to completely usable and then into a “maintenance” mode. I tried a little after midnight and the site was up, but really slow, and still no reports. It's now been over 36 hours and while the site is starting to get more responsive, still no reports. I can appreciate that the product is new (but not BETA) and is gratis, but this is a bit unGoogle. You think they'd be used to the high demand for new products and plan appropriately here. This is probably the worst press I've ever seen Google get. What's worse is that they've been completely mum on the topic. A quick “Sorry, we under anticipated demand and will have things working in 48 hours” would have done a whole lot to quell the hard feelings. I'll post another update when things finally start working.
7PM Update: Stil no reports, but it looks like they're coming soon.
Google, Google Analytics, Urchin
–jeremy
Another “you probably saw it coming” from Google, but as usual they have gone above and beyond. Enter Google Analytics. From the page: Google Analytics tells you everything you want to know about how your visitors found you and how they interact with your site. You'll be able to focus your marketing resources on campaigns and initiatives that deliver ROI, and improve your site to convert more visitors. Basically they took the Urchin product they acquired in March, added AdWords integration and Google polish and then made it free. The site has been extremely slow or completely down for most of the day, but I was able to sneak in and sign up. I'll let you know what I think in a couple of days, but it does look pretty slick. Google once again gets access to more data about how people browse and use data. One interesting thing I noticed about the EULA was that it claimed the product was for non-commercial use only, which seems odd given the marketing verbiage on the product page (track ROI, track initiates, integration with AdWords). It may just be a typo or it may mean a for pay layered product is coming soon. One other limitation is that you get a max of 5 Million impressions a month, unless you have an AdWords account.
Google, Google Analytics, Urchin
–jeremy
Robert X. Cringely thinks the birthday memo may have been leaked on purpose. Some of the reasons he gives really make sense. Is Microsoft using this as a PR stunt meant to both entice Wall Street while painting Google as the bad guy (and itself as the good guy)? Here's a snippet from the article: These Microsoft memos look like a plan to do the same thing Microsoft “thinks” Google will be doing. By publicly stating their plans and putting those plans in the hands of Wall Street, Microsoft is giving the perception they are doing the same things as Google, so Microsoft will be as good an investment as Google.
The real questions to me are: 1) Is Microsoft sincere in its focus change (whether the memo's were leaked on purpose doesn't matter in this context) and 2) If it is sincere, will it be able to execute. Don't forget that, historically, Microsoft is not willing to do anything that even has a remote chance of in any way damaging their cash cows – Windows and Office. What are others saying about this? Scoble has a summary post. I find it interesting that mini-MSFT has been completely silent on this topic.
Microsoft
–jeremy
Suse Linux founder, and kernel maintainer for more then a decade, Hubert Mantel has announced his resignation from Novell. “Too late for me. I just decided to leave Suse/Novell, this is no longer the company I founded 13 years ago.” were his parting words. Novell has a terrible history of wasted opportunity with technically superior products, but poor marketing. I held high hopes for them this time, but with this news along with the layoffs and other high profile departures, one has to wonder. I think the following comment is extremely telling: “I have been the maintainer of the Suse kernel for more than a decade now,” Mantel wrote. “I'm very confident the Novell management will find a competent successor very quickly. After all, there are lots of extremely skilled people over there in the Ximian division.” Clearly there is more to this story. Does it have to do with the recent KDE announcement? Does it have to do with a different internal struggle that was lost by the Suse division? Hard to tell at this point, but the recent grumblings I've heard about “being noising” gaining more ground within the company than “being correct” may have some basis. Please Novell, don't screw this up. Having two solid Enterprise distributions is critical. Companies learned a lesson with Microsoft, and they don't want to be beholden to a single company anymore. I'd guess we'll hear more details and see more fallout from this turn of events quite soon.
Linux, Suse, Novell, Ximian
–jeremy
Subscribe