MORE ENTRIES

TAG: Open Source

July 10, 2007 | Comments: (0)

With all the iPhone hype, I've just got to wonder just how open the iPhone platform is going to be? While I've been hearing about java sdk's for it, I've not seen a download link yet on the Apple site. Is this really a Mac OSx machine under the covers, and just how well will it support java app porting? (*NOTE: the Interop NOC team has been grabbing the iPhone up all over the world and so far all the Interop NOC team folks love it. I just can't justify that much coin on a phone when I have a mortgage to pay)

Openmoko.org Portal Site

The NEO1973 is the answer for those that want a cool looking communications platform, but either don't like Apple, don't like the iPhone, hate locked phones, etc, etc, etc...

So while the NEO1973 and the iPhone may look similar, the hardware under the hood isn't. Some key technologies on the iPhone are: Multitouch, and Sensors (accelerometer, etc) missing in the first development platform on the NEO.

So before we jump to conclusions and outright say the iPhone is superior, let me point out that the NEO is currently in a "reference design" that developers can use as a starting point. Like most embedded Linux systems, the NEO uses a toolchain to manage its applications and core functions, however because of its openness we should see a huge collection of legacy Linux apps ported to the platform if developers really do get on the bandwagon.

So anyway, Linux geek that I am, I'm in line for a demo unit available this coming sept/oct timeframe with a classroom full of wireless java geeks drooling at the opportunity to hack at a new platform. A friend at the UH Department of Information and Computer Sciences has been involved with the Japanese DoCoMo revolution, and has been packing her classroom with kids all wanting to write the next killer wireless app.

So I mentioned some key technologies in the iPhone. Multitouch is huge...instead of a single touch point, multitouch allows you to use multiple fingers to resize, reshape, etc. If you really want to see a demo of just how different multitouch can be...check out the YouTube video on Jeff Han at the TED conference in Monterey. His demo is nothing short of breath taking.

Next, the sensors in the iPhone include accelerometers, and to understand just how significant that is, just look at how much fun those games are on the WII! My nieces and nephews don't care that the graphics are primitive and plastic; that bowling game is outstanding, and tennis was a hoot. Though their favorite game is still pile on uncle Brian.

No the NEO isn't going to kill the iPhone, yet...but because it's open, and community developed, I wouldn't count it out anytime soon. I'm really looking forward to playing with it this fall, and have been lurking on the development site to see what kinds of cool things I can download for it or cobble together myself. Who knows, since the design is open, we may see multipoint touch screens and accelerometers for it yet.

/brian chee

Posted by Brian Chee on July 10, 2007 12:48 PM

May 20, 2007 | Comments: (0)

Apatar Data Integration Tool

You MUST check this tool out. Simply put, this is not just a one time data migration tool! You can literally have your high power sales folks on SalesForce.com and then your calling center on something like SugarCRM do a join and send an RSS feed to the mobile sales force. This startup with offices outside of Boston and also Belarus is creating a shift in the way we look at data. Tools like this should go a long way towards commoditizing metadata in your company.

Apatar, Inc.
195 Meadow St., FL2
Chicopee, MA 01013
www.apatar.com

This open source java product can be downloaded from their web site (beta version) lives on sourceforge and already has a small but growing community of supporters. Through a cooperative effort, the Apatar developers have worked with their community to release connectors for data sources like: AmazonS3, MySQL, MS-SQL, Postgres, SalesForce.com, SugarCRM, Oracle and many more.

Included in the Windows download, this JAVA application also has a scheduler so that data transforms don't have to be a one time solution. You could for instance, run a script once an hour that synchronize two normally incompatible databases based upon filter rules. Literally a poor man's federation.

So in this sample (off their website) data from Salesforce.com and an inhouse Oracle database are joined and then output to both Microsoft's SQL and MySQL at the same time. Simply dropping the data connector on the screen and then double clicking on the icon will bring up a screen prompting you for access credentials to the datasource.

So in this example, you can drag data items onto the screen from both sides of the data transformation and do operations like lookups, appends or simply migrate data to the correct fields on the other side. Notice that these data connectors have dots on BOTH sides, since the data transformation isn't just a one way affair.

Just think, I've paid LOTS of money for custom programming to do all of the above and have really felt the pinch of my wallet. Not only that, I've had projects that would have been a terrific help to my customers, but the return on investment was so small that I just couldn't justify it. Now I can give folks readonly access to my company database and let them pull data out and push it into their desktop contact tool. The mind boggles at the possibilities.

Their CEO Renat Khasanshyn and I visited with each other while at the Interop trade show in Las Vegas and soon drew a small crowd of the other Interop Team Members (ITM's) oohing and awwwing over this super cool tool. One of the ITM's figured he could pull data from all his legacy applications in the courts and be able to do test migrations while he works out the bugs. Another gent told a story about how he has a customer on an AS/400 that would so love to migrate some of their DB2 data into SugarCRM. I could smell the burning rubber as the gang brainstormed over how they would use this tool when they got home.

Renat and I had a great conversation, and we had a chance to polish the crystal ball on where he thinks the open source world is moving. Give me a little time and I hope to post an audio file withthe highlights.

/brian chee

Posted by Brian Chee on May 20, 2007 03:55 PM

March 12, 2007 | Comments: (0)

The Business Case for Open Source Software

With all the hype regarding Open Source Software (OSS), we sometimes forget logic in the excitement of trying to get on board with this latest trend. What we really care about (or should care about) is making a sound business decision regarding software. Think you should be hopping on the OSS bandwagon just because the software is free? Think again. There's a lot more to making a business decision for OSS than just the up front cost. As the Open Source zealots like to say, "Free as in freedom, not as in beer."

Of course, there are the financial benefits! With an Open Source license which does not restrict your use of the software, you can install as many copies of the software as you want. Since there are no licensing fees, you could install two or two hundred seats with no additional costs beyond the labor required to do so. Without licensing fees, you pay only for hardware and support costs. So not only the upfront costs are lowered, so are the ongoing costs of software ownership.

So what else is there to Open Source Software? Why does my company q!Bang Solutions try to pursuade our clients to use OSS when possible? It's the end of licensing restrictions that tell you how you can use your software. Tired of obtaining license keys from your software vendors every year or even every month just to keep your software running? Feel like your vendor is holding you hostage via your software licensing? With OSS, you never have to enter another annoying license code ever again. They just don't exist in the world of OSS. You don't even have to keep track of silly license validity seals or your purchasing paperwork to prove ownership. Never again will you fear the BSA (Business Software Alliance, not the Boy Scouts!) knocking on your door wanting to perform a software audit. The BSA even takes out advertisements on Google search pages for and up to $200,000 reward a disgruntled ex-employee can receive for reporting your company to the BSA! That's quite a powerful motivator.

My favorite benefit of Open Source Software is one that most people don't even think about. What happens if something happens to the software vendor? What if the vendor gets bought by its big competitor and that new owner wants nothing to do with supporting you? What if the vendor is affected by a natural disaster in some other part of the country (or world) and can no longer function? A perfect example is a small auto insurance company that we recently did some work for. They use a custom CRM application that is designed for small independent auto insurance companies. It's a special application that nobody has the source code for other than the vendor, whose technical division is located in Alabama. Our client has to get a license key from the vendor each month and enter that into the program, or else it will stop functioning. So what happens if a tornado rips through the vendor's offices? That horrible tragedy would put a huge burden on our client the insurance company. The insurance company would not be able to use their custom application which has all their customer data including payment information. They could pay an IT consultant big money to extract their data and import it into another program. For the money that it would cost them to save their data, they could just hire us to write a new OSS application that performs all the same functions as their proprietary one.

Or how about the vendors who just abandon a not-very-successful software product? It's not good business, but it happens. Maybe the software is not profitable and requires a lot of resources to maintain, so the vendor just stops development and no longer supports the software. Of course, that software vendor thinks about all the money that it spent in developing and supporting that software, so they feel that it's theirs and nobody else should get it for free. So instead of releasing the software and its code to the public, the software just dies off because the vendor couldn't let go of something it had spent its money on. And now your company is stuck with no support, no updates, no new features, and no bug fixes. Maybe you're even stuck with non-functioning software like in my example of the auto insurance company. Open Source Software does not die because the developers stop working on it. The software is still available for download so anybody can make new features or fix bugs and security problems. Nobody is left without the software that their company needs to function.

And since this is Open Source Software, you can choose anyone you want to support the software. You might be able to pay the developers for support. You can certainly find a third party to support the software. With OSS, if you are not happy with the support you are getting, you do not have to get rid of the software. You just get rid of the vendor who is providing the support and pay a different vendor for support. Of course, if you find that the software is not doing the job for you and you want to use a different application, go ahead and do so. Open Source Software almost always uses Internet standards for data storage, so it's simple to migrate your data out of one application and into another. The same cannot be said for a lot of proprietary software applications. Just like our auto insurance client above, pulling data out of the proprietary application and getting it into a new application can be quite a time consuming hassle!

I know that we've all been in the situation where you're waiting on a new feature to be released from your proprietary software vendor. They promised it would be available two months ago, and they've been "working around the clock" to finish it, blah, blah, blah... In the world of Open Source Software, if you can't wait on someone else's schedule for a new feature, then you add that feature yourself. What? You don't have programmers on staff? You can always outsource to a programming company and have them do it for you. Even better, you can pay the software project's developers to add the feature. Many OSS developers aren't accustomed to being paid for their efforts, so money can be a great motivator. The point is that you always have some options.

Sure, the cost savings of Open Source Software is a great benefit and a strong reason to choose OSS over proprietary software. However, you now have a few more points to consider as you mull over your software decisions. I hope that I have convinced you that the "freedom" benefits of Open Source Software are just as important as the "free" parts, if not more so.

High Mobley
Co-owner of q!Bang Solutions
February 26, 2007

Posted by Josh Kuo on March 12, 2007 10:53 PM

February 23, 2007 | Comments: (0)

Southern California Linux Expo (SCALE) 5x exhibitors: non-profits

There was a great variety of exhibitors at the SCALE 5x (5th annual Southern California Linux Expo) event in the LAX Westin Hotel. There were Linux User Groups (LUG), non-profit groups, companies making money by improving and supporting Open Source Software (OSS), companies selling hardware, several companies selling hybrid OSS/proprietary software, and even one or two companies who sold proprietary-only software. I have the news on the interesting mix of non-profit exhibitors at this year's SCALE event!

There were many Linux User Groups who had small booths at the event. A couple of IT organizations such as Usenix and the League of Professional System Administrators (LOPSA) were there as well. And of course there were numerous booths for various Open Source Software projects. One of the big hits at this year's event was Inkscape, an OSS vector graphics program, like Adobe Illustrator. Inkscape had an amazing demo graphic on display. They had created a vector graphics rendition of an electric blue Lamborghini which showed off their "blur" feature. The graphic looked more like a photo than an artist's rendition until you got right up close to look at the computer screen. Inkscape uses the SVG (Scalable Vector Graphics) file format. The SVG format is a W3C (World Wide Web Consortium) standard which allows 2D vector graphics to be defined in an XML formatted text file. So when saved to disk, that gorgeous blue Lamborghini was just a text file. Watch out Adobe, Inkscape is creeping up in the rearview mirror!

The usual OSS projects seen at Linux events were there of course. The folks at the KDE booth were showing off their excellent desktop environment for Linux and other OSS operating systems. The KDE group is working hard on KDE4 which promises a number of technological improvements, but is most impressive for its focus on Human-Computer Interface (HCI). The designers and developers will be working more closely than ever before to produce a remarkable user interface. And right across the aisle from the KDE booth was the Gnome Desktop. Gnome is the other outstanding OSS desktop environment that vies with KDE for the role of the most popular on Linux.

As is often the case at Linux events, some of the Open Source BSD projects had booths at the SCALE event. The NetBSD folks had a booth with their famous toaster running the NetBSD operating system. Interestingly, the toaster was powered by a Technologic Systems TS-7200 ARM-based SBC (Single Board Computer) that was about the size of a PC104 board, but runs an energy-efficient ARM processor. NetBSD tries to be the most portable operating system available. Its strong code base is easy to port and to use for embedded devices.

Curiously absent at SCALE was the OpenBSD group. OpenBSD is a BSD operating systems which focuses on security and is ported to an astounding 17 different hardware platforms, with 4 more hardware ports in the works. Open BSD has dropped ports for more hardware platforms than RedHat Linux and SuSE Linux support!

The FreeBSD booth was sponsored by iXSystems, a server hardware vendor who sells equipment pre-installed with FreeBSD, NetBSD, OpenBSD, or any of a wide variety of Linux distributions. FreeBSD was giving out several good pieces of literature on various aspects of FreeBSD, and they were talking up the PC-BSD variant of FreeBSD. PC-BSD is a special version of FreeBSD for use as a desktop operating system with an easy graphical installer. I found it interesting that iXSystems did not have their name or logo displayed in the booth at all. The only reason that I found out about the sponsorship is because I noticed the company name on the badge of one of the people in the FreeBSD booth who I was talking to about some technical issues. I recognized the name iXSystems because my company had recently purchased a server from them. The person I was talking to turned out to be iXSystems CTO Matt Olander, who is an energetic fellow and astoundingly knowledgeable about OSS operating systems and projects. iXSystems is very involved with the FreeBSD project. Not only does iXSystems help to sponsor the FreeBSD booth, they also sponsor development on FreeBSD projects, host a rack of the FreeBSD project's equipment along with bandwidth, and even donate cash and hardware to various developers and projects.

Cecil Watson was manning the KnoppMyth booth. KnoppMyth is a special Linux distribution that includes the popular MythTV project for Open Source DVR software. Where MythTV requires a running Linux system and some tweaking, KnoppMyth is a full Linux distro installer which includes the MythTV program installation and configuration, and even provides some extra functionality like backups, restores, and upgrades. To make things even easier, Cecil has identified certain pieces of hardware that work especially well with KnoppMyth, thus creating the KnoppMyth Reference Platform (KRP). StormLogic's MythicTV store sells lots of hardware for MythTV, and Cecil was demonstrating MythicTV's Dragon v2.0 which is based on the KRP hardware specs and thus makes KnoppMyth installation and use very easy. Cecil also had some literature on CommandIR remote controls and the pcHDTVTM HDTV tuner cards.

PostgreSQL had a booth at the show. Although the much improved version 8.2.3 has already been released, the fine developers of PostgreSQL are not resting on their laurels! I spoke with PostgreSQL Project team member Josh Berkus, who told me about the upcoming version 8.3, which they hope to have ready by the end of this summer. Josh said to expect big performance increases, and much improved data warehousing and OLTP (Online Transaction Processing) thanks to contributions by Greenplum and EnterpriseDB. New features are expected to include on-disk compressed bitmap indexes, SQL:XML syntax support, a PL/pgSQL debugger, and SQL-standard updatable views.

A curious booth at this year's event was Haiku. Haiku is an Open Source operating project that aims to be the ultimate desktop computer operating system. The developers respect the tenets of the famous BeOS and have even made the Haiku operating system binary backward compatible with BeOS binaries. Haiku does not have the Human-Computer Interface rough edges of Linux and other Open Source Unix-like desktop systems. Haiku is a beautiful, high performance desktop operating system that could be a serious player in the desktop market in the future if it can find a way to gain acceptance with commercial application developers.

The Linux Terminal Server Project (LTSP) had a booth at SCALE 5x. LTSP makes use of low end hardware for desktop systems by making them simple display terminals, while all the real computing power is housed in the server where applications are actually run. An LTSP setup is similar to the Sun Microsystems Sun Ray systems. This project has been around for a while and has matured quite a bit. The centralized computing model that LTSP uses makes updates and maintenance significantly easier and more efficient. The minimalist hardware requirements for the client workstations helps reduce costs. LTSP is used often for computing labs and training environments, and there is even a special sub-project of LTSP for K-12 education.

All of the major non-profit Linux distributions were represented at SCALE 5x. Fedora had a steady stream of foot traffic to their booth all day, where they were handing out install disks. Freespire was promoting their Linux desktop operating system which allows you to easily incorporate proprietary drivers and codecs if desired. Gentoo Linux is the ultimate Linux operating system for the advanced user who wants to customize just about any thing in the entire distro. Gentoo is famous for compiling applications instead of installing pre-built binaries. It's a long process but allows the user to tweak compiler settings to make the resulting binaries optimized for the system's processor and thus a bit faster than a pre-built binary installation. The venerable Debian had a booth and they were selling shirts, install disks, and other goodies. Blars Blarson and some of the other Debian maintainers were manning the booth. Many of the more popular distros that have popped up in recent years (Ubuntu, Knoppix/Morphix, KnoppMyth, Xandros, etc.) are based on the Debian GNU/Linux operating system.

An unusual exhibitor at SCALE 5x was Wikipedia. I found out that Wikipedia runs on Open Source Software, in addition to being a community built and maintained encyclopedia of assorted knowledge. They run Linux and Apache and have made some code contributions, particularly to the mod_perl extension to the Apache web server.

Another unique exhibitor was the Linux Astronomy project. Volunteers with an interest in astronomy and Linux work with teenagers who need some leadership or guidance and get the teenagers focused on astronomy projects to keep them out of trouble. The booth had their newest project on display: a mechanized telescope that will be remotely controlled via Linux computers. I had a nice discussion with Eugene Clement, the organizer of the Linux Astronomy group. FYI, the group goes out into the desert between Los Angeles and Las Vegas for night sky viewing. If you live near the area and would like to join them, contact Eugene through the Linux Astronomy site maintainer Pixo.

Myself and q!Bang Solutions co-owner Josh Kuo have written a couple of articles recently about home-grown Linux-based appliances. So I was drawn to the booth for NSLU2-Linux, an embedded Linux distribution for ixp4xx-based devices such as the Linksys NSLU2. The NSLU2 is a low cost Network Attached Storage (NAS) device which will make your USB-based storage disks available on a network. This project holds special interest for me because it solves the memory and storage limitations of a Linksys WRT54G device with the OpenWRT Linux OS installed. A Linksys NSLU2 running the NSLU2-Linux operating system and with a USB thumb drive or hard drive attached provides a low cost embedded Linux appliance with enough storage space to install extra software needed to make it perform most any task. $150 for the Linksys and a USB thumb drive makes for a cheap SIP proxy server!

Open Source Software is moving into all sorts of industries, and the arts is no exception. The booth for Cinepaint was representing OSS in the photography, movie and animation industries. Cinepaint is used for frame-by-frame retouching on movies, removing wire rigging in action sequences, photo retouching and 3D model texturing. It has been used on many feature films such as The Last Samurai, the Harry Potter series, Spiderman, and many others.

The CAcert project was on hand in their own booth. The CAcert project issues trust certificates to the public at large for free. Their goals are to be included in popular web browsers as a certificate authority, and to provide a trust mechanism for encryption security. No more high prices to certificate authorities!

I was pleased to see the booth for Ulteo at the show. Ulteo is essentially a Linux spin on Microsoft's Terminal Services server. Ulteo is created by Gaël Duval, a creator of Mandrake Linux (now Mandriva Linux). At the booth I got to see an informal demonstration of the Ulteo remote access in action. It looked very good and could help to advance Linux acceptance in enterprises as a desktop OS. The SCALE web site lists Ulteo as a non-profit organization in its list of exhibitors, but in the description of Ulteo it indicates:

Ulteo intends to contribute a portion of its profits to humanitarian and ecological organizations. We believe that every company which benefits from the market place should help fight against child malnutrition and current ecological disasters.

I did some research on Ulteo's web site, but did not find any conclusive indication one way or the other regarding Ulteo's non-profit status. I have contacted Ulteo and will update this entry once I have heard back.

So there you have it. There were plenty of exciting and interesting exhibitors at SCALE 5x - and this was just the non-profits! I'll put together another article for the commercial companies who were exhibiting.

High Mobley
Co-owner of q!Bang Solutions
February 26, 2007

Posted by Josh Kuo on February 23, 2007 09:59 AM

February 17, 2007 | Comments: (0)

Open Source Network Monitoring at SCALE 5x

[Authors Note: Corrected factual error about Zenoss. I had originally indicated that Xenoss was a bundle of other OSS projects, but Mark Hinkle from Zenoss corrected me that it was written from scratch by Zenoss]

More news from last week's SCALE 5x event in Los Angeles! There were three network monitoring systems represented at the event. Zenoss, OpenNMS, and GroundWork all had booths at SCALE. These are definitely 3 of the heavy hitters in Open Source network monitoring. Zenoss and OpenNMS are pure Open Source applications, while GroundWork uses a hybrid model where the basic application is Open Source, but to get the extra nice icing-on-the-cake features you pay for an annual subscription. We hope to get all three of these (and more) setup here at q!Bang Solutions in the future for a full-on comparison of Open Source network monitoring systems.

Zenoss

Zenoss is a 100% Open Source application for network monitoring written in Python using the Zope framework. How does Zenoss (the company) make money? They provide support, consulting, and training for Zenoss (the software project). This is one of the common business models in the Open Source community and seems to work quite well for many companies.

Zenoss has all of the usual features you would expect in a monitoring application such as an on-call schedule, notifications (including paging), auto-discovery of network nodes, to name just a few. It also automates the graphing of network node performance data, and can generate alerts when certain user-defined thresholds are exceeded.

One of the features of Zenoss that I find particularly appealing as a systems administrator is that Zenoss logs changes to network nodes and can alert me if I desire. So if someone with access to one of my servers decides to setup a notoriously insecure FTP service without my permission, Zenoss will promptly notify me about this and I can go give the offending individual a long lecture on network and system security.

Second up on my favorite features list is the ability to monitor configuration changes on systems. If anybody messes with my carefully planned out config files, I'll know about it! The downside to this is that it requires a daemon to be installed and running on the target servers, but you'd have to do this anyway to monitor configuration changes on remote servers regardless of the monitoring system you use.

Rouding out my top three favorite features of Zenoss is the company's claim that it will run on most any Unix with a reasonable GNU build environment. That means that it runs on any Linux distribution, MacOS X, and likely Solaris and FreeBSD/OpenBSD/NetBSD as well.

Zenoss looks like an excellent project, and I am looking forward to getting my hands dirty with the latest version so that I can make a full report here later.

The OpenNMS Group

OpenNMS is another 100% Open Source application. Everyone here at my company, q!Bang Solutions, has experience with OpenNMS. This is a Java based program that runs on Apache's Tomcat Java server. The rough edges of OpenNMS were ironed out about a year ago when they got all the developers together in one place for a week-long coding marathon. Since then the good application became a mature one. It has been very stable and the features all seem to work as advertised.

Like Zenoss, OpenNMS is a complete monitoring application with standard features like automated network node discovery, event severity escalation, service level monitoring, performance graphs with threshold monitoring, and much more. OpenNMS also accepts and processes SNMP traps, and OpenNMS events can trigger scripts which connect to other systems - for example to open a help desk ticket. Of course this is the world of Open Source, so you can always create your own scripts to perform whatever functions you want.

One of the interesting new features of OpenNMS is distributed polling servers. So for instance I might have my primary OpenNMS server here in my hometown of Las Vegas, but also have a remote OpenNMS polling server hosted in a co-location cabinet in Atlanta. Then if I have customers reporting slow access times to their web servers but everything looks fine in my OpenNMS performance graphs, I can select the Atlanta polling server from the OpenNMS web interface and get a view from the "outside world". So maybe the Atlanta polling server shows bad latency or dropped packets when trying to reach my customer's web server here in Las Vegas, and I know to call my tier1 provider and report the problem.

When I was speaking to the OpenNMS folks in their booth at SCALE, they told me that there is another developer coding marathon coming up later this year. I'm looking forward to seeing what new features they crank out from this year's code-a-thon. OpenNMS is a great monitoring system that continues to improve at a rapid pace!

The OpenNMS Group is the company built around OpenNMS (the application). The OpenNMS Group provides support, custom programming, training, and professional services for OpenNMS. The OpenNMS community uses a wiki to provide news, documentation, and access to the source code.

GroundWork

GroundWork is one of the many hybrid Open Source companies who were displaying at the SCALE event. These hybrid companies provide a basic version of their product under an Open Source license, while the more advanced version with the latest bells and whistles is only available as a commercial product which costs money.

According to GroundWork's comparison sheet on their web site, the Open Source version includes:

availability monitoring
monitoring servers, devices, and applications
web-based configuration
alarms, notifications, escalations
documentation

However, in order to get the following features, you need to pay for their Professional version via an annual subscription:

reporting and exceptions analysis
profiles encapsulate monitoring "best practices"
integrate multiple monitoring data (traps, logs)
integrate performance monitoring
custom groupings
integrate event console views
support with regular maintenance/updates
deployment options and services
executive-level dashboards
reports with custom report creation

Groundwork also offers a small business edition of their commercial product, which limits your monitoring to 50 devices, and is missing a few reporting and dashboard features.

Southern California Linux Expo (SCALE)

See what you missed out on? Keep an ear to the ground for next year's SCALE event. It was a steal at $70 for the exhibit and three days of seminars. See you there in 2008!

High Mobley
Co-Owner of q!Bang Solutions
February 17, 2007

Posted by Josh Kuo on February 17, 2007 09:17 AM

February 15, 2007 | Comments: (0)

Southern California Linux Expo 5x

The 5th annual Southern California Linux Expo (SCALE 5x) was hosted at the LAX Airport Westin this past weekend. It was a relatively small affair, nothing as extravagant as LinuxWorld in San Francisco. The show floor was small and there were no large, fancy booths from big companies. The classes were short one hour sessions that flew by while the speakers presented at an almost frantic pace sometimes. Yet this was a surprisingly good conference. I will absolutely attend again next year.

What made SCALE so special? For starters, they held a special Open Source Health Care Summit all day Friday. Health care is an industry where Open Source Software (OSS) has not yet made big inroads, but the industry would benefit greatly from adoption of Open Source software. We heard a presentation on what is wrong with the healthcare industry and how OSS can help to fix these problems. Fred Trotter told us about Open Source electronic medical record (EMR) applications. There were Open Source Software case studies from a major cancer center in the southeast, as well as a group of government funded clinics in California. And we even saw how a small Linux appliance can help disparate medical applications talk to each other and share data.

Also on Friday, SCALE held a special summit on women in Open Source. One set of statistics claims that while 25% of proprietary software developers are women, only 1.5% of Open Source developers are women! Several organizations are actively trying to make the OSS community more inviting to women.

As I said earlier, the booths were small. Even IBM, one of the gold sponsors of the event, had the largest booth - yet it was 10 feet deep and maybe 25 feet long. But appearances were deceptive here. There were companies present with some serious offerings and they meant business! And these big business players were standing side by side with small Open Source projects and community organizations. Everybody played nicely together as we've come to expect from the Open Source community at these events. The small size of this event gave me more face time with the big business tech experts as well as the Open Source community leaders and developers. I learned about new projects and products that impressed me beyond any expectations I might have had.

The one hour seminars/presentations went well and were included in the price of registration. The presentations were pretty fast and furious since they were only one hour long, but most of the presenters were well prepared with slides and notes so the classes were easy to follow and quite informative.

All in all, the $70 that I paid for the Open Source Health Care Summit and two days of presentations and show floor access was money well spent. Seriously, this conference was a complete steal at $70. So I'm sorry to hear that you missed the event. I hope that you sign up early for next year's show!

High Mobley
Co-Owner of q!Bang Solutions
February 15, 2007

Posted by Josh Kuo on February 15, 2007 06:13 PM

February 02, 2007 | Comments: (0)

High Availability with Open Source

When I build a network or a system, I try my best to make sure that everything is as redundant as possible: redundant power supplies, RAID for the drives in case of a hard drive failure, backup routes in OSPF in case someone trips over the network cable... you get the idea. But what happens if the CPU overheats in one of the web servers and causes it to crash? Or what if someone yanks the network cable from your LDAP server? Or if someone flips the switch and accidentally turns off the accounting database server? If you incorporate High Availability (HA) into your system design, the answer is "nothing". Your web site will still be running, your network users can still login, and the accounting department won't notice any glitch. You don't even have to leave your desk.

Open Source makes HA easy to implement, with offerings like heartbeat, keepalived, and CARP.

Let's say you have mostly static web content for your web server and you can fit everything on a 2GB compact flash card. Then you can build two solid state machines using the Debian Router Project. Using simple solid state hardware means less moving parts and less likelihood of a hardware failure. Then you can use heartbeat to create your HA web server cluster. If you have content which changes more frequently, like the leases file for a DHCP server, a database, or a file server, then you should look into using DRBD to synchronize the two file systems.

Heartbeat requires you to setup a private link for the two machines (nodes) to communicate, so they know the other node is still alive. While you can just use a crossover cable to connect the two nodes I would strongly recommend that you install two network cards in each node and setup a private VLAN or network just for the heartbeat communication. This will give you a little more flexibility later. You will need 5 IP addresses total, two for the private heartbeat link, two public ips - one for each of the nodes (if you wish to manage them remotely), and one more public ip for a "virtual" IP address that is held up by the heartbeat software. This virtual ip address is the IP address your users visit. (By the way, heartbeat supports IPv6)

Once you have heartbeat configured on both nodes and have designated one of nodes to be the master, the two will start "pinging" each other over the private link. Now to see it in action: Start a ping to the "virtual" IP address, and unplug the network cable for the master node or just shut it down to simulate a disaster. You should lose a few pings, but in just a few seconds, the backup node will realize that the master is no longer responding, and will take over the virtual ip address and reply to your pings. This means, if one of the nodes failed in production environment, users will only experience seconds of outage, instead of minutes, or dare I say, hours.

Now, if you have followed my advice about putting the heartbeat link on its own VLAN instead of just hooking it up with a crossover cable, you have the flexibility to move the backup server to a different location in the building (or however far you VLAN will reach). Why? This protects you from a bigger scale of disaster, say, a power outage for the entire room, fire, or flood (hey, I've seen it happen). If you have the two heartbeat hosts separated physically, you stand a better chance of surviving the disaster. Plugging both machines into the same network switch creates another single point of failure, so it is highly recommended that your backup machine be connected to a different network switch, and preferably a different power grid.

keepalived uses VRRP (Virtual Router Redundancy Protocol), a widely supported protocol amongst routers. This means it can be integrated nicely into your existing network infrastructure. keepalived was originally designed to work for multiple routers, and it works pretty much the same way heartbeat does, except keepalived does not need a dedicated private link, and it is easier to setup more than two nodes. (It is unclear whether or not keepalived currently supports IPv6)

So far you've achieved automatic fail-over. But don't you feel that all these back up nodes sitting around is a bit of a waste? Can you leverage all those idle computing power? You mean you want load balancing on top of your HA functionality? Open Source answers with CARP (Common Address Redundancy Protocol). The OpenBSD team released CARP in 2003 as a replacement and enhancement to VRRP, it features:

Secure "heartbeat" communication
No need for dedicated, private link for "heartbeat" communication
Basic load balancing functionality
Supports IPv6
Available for OpenBSD, NetBSD, FreeBSD, and Linux (implemented as ucarp)

You can also combine CARP with pfsync (OpenBSD's packet filter), and now you can build a cluster of firewalls/routers that are always online, load balances amongst each node, and in case of a failure, users do not lose any sessions or states.

In conclusion, heartbeat (along with DRBD) is the easiest to setup for a 2-node cluster, Keepalived integrates well into your VRRP environment, and CARP brings security and load balancing to the table. In case you are wondering how mature this technology is, heartbeat has been around for years, and has a list of success stories.

Josh Kuo
Co-Owner of q!Bang Solutions

Feb 5, 2007

Posted by Josh Kuo on February 2, 2007 10:11 AM

February 01, 2007 | Comments: (0)

Beef Up Your Wireless Router

Sure you have one. Everyone nowadays has at least one wireless router at home, be it Linksys, NetGear, D-Link, or Buffalo. With new wireless products being released nearly every month, I am willing to bet that some of you even have a couple of the older wireless routers collecting dust in your closet. Well, it's time to take them out and put them to good use.

Check out the OpenWRT project. OpenWRT is a Linux distribution for embedded devices, and it brings a lot of exciting possibilities to your humble wireless router. Although still in its release candidate stage (currently at RC6), OpenWRT is very usable and feature-rich right out of the box. Be warned, you could void your manufacturer warranty by installing OpenWRT on your wireless routers.

So what can you do with an embedded Linux device running on limited RAM and very small storage? As it turns out, quite a lot actually. You can install asterisk, and have your personal, customizable PBX (private branch exchange). If you already have a SIP phone or some kind of VoIP phone interface (such as the Cisco ATA 186 adapter), you can have your very own VoIP system at home, all running out of your low power-consumption embedded hardware.

Put your router/firewall on steroids by installing packages like nmap (network security scanner), snort (intrusion detection), and tcpdump (packet sniffer). Together with iptables (which comes with the Linux kernel), you can turn your OpenWRT box into a powerful security tool. Install openvpn, and you have a very affordable VPN device. And if it strikes your fancy, you can install quagga and turn your dusty little Linksys into an OSPF and BGP-capable router.

Want to provide your own wireless hotspot? No problem. Install chillispot, and you are ready to go. You can even install FreeRADIUS on the OpenWRT for the authentication back-end, and WPA (wifi protected access) for the added security.

You can turn it into an all purpose office server by installing DHCP, cups (print server), lighthttpd (web server), NTP (time server) and OpenSSH or dropbear (secure remote administration). If your router has a USB port, you can also turn it into a file server by hooking it up with a USB hard drive and installing NFS.

And don't forget that this is a wireless router. It has a wireless card, so take advantage of it! Install kismet on it, and you have a wireless sniffer. This can prove to be invaluable if you ever need to analyze the airwaves at a remote location, but don't want to leave your expensive laptop on-site. Drop in place a $50 OpenWRT box loaded with kismet instead.

Here is one way to use your old wireless router: In the past, I had setup a few cheap Linksys WRT54g boxes with OpenWRT and vtun, and dropped one at each of our remote locations. This gave me the ability to have layer 2 tunnels to each of the remote sites. I kept one in my house, and if I ever needed to troubleshoot a remote network problem, I just setup the tunnel between the two OpenWRT boxes, connected my laptop or testing equipment to the OpenWRT sitting on my desk, and it was like being on the remote physical network! This saved me a number of times, being able to perform packet capturing on the remote network, observing the network traffic in real-time, requesting and obtaining DHCP addresses... essentially, I could experience exactly what the remote user was experiencing, all from the comfort of my own home.

This is just the beginning of what embedded Linux can do for you. To find out more what embedded Linux can do fo r your enterprise, check out Secure Linux Appliances in Your Enterprise. So dig up your old wireless router, check it against the hardware compatibility list, and see if your router is OpenWRT compatible, and open yourself up to a wrt of possibilities!

Josh Kuo
Co-Owner of q!Bang Solutions

Feb 1, 2007

Posted by Josh Kuo on February 1, 2007 03:34 PM

January 28, 2007 | Comments: (0)

Secure Linux Appliances in Your Enterprise

By now you've either seen them or read about them. Companies are selling all kinds of useful appliances based on embedded Linux. Some are for small tasks like wireless APs, mobile devices, or cell phones. Others are geared towards enterprise needs like load balancers, routers, and NAS (network attached storage) and SANs (storage attached network). They all run some version of Linux or BSD. You know you have a couple of Linux geeks working for you in the IT department. Why aren't they coming up with some of these cool Linux appliances for your own company to use? The excellent Debian Router project by Vadim Berkgaut is the help that your Linux admins need to develop their very own Linux appliances.

At my company, q!Bang Solutions, we provide all types of IT solutions, but our strong suit is our solutions built upon Open Source software. Our employees have used the Debian Router Project (which we refer to as "DebRouter") to build numerous solutions, including firewalls, OSPF and BGP routers, DNS servers, and even VoIP servers. DebRouter is a cornerstone of our technology solutions.

What's great about DebRouter is that you get a fully functional Debian Linux installation. So you can add whatever software packages you want to extend the functionality of the DebRouter. This is implemented through the usual Debian package management utilities, which means that you can change a DebRouter's functionality on the fly and in the field after it's been deployed.

Another important feature of DebRouter is that it boots from a flash device like a compact flash card (via an IDE adapter) or a USB flash drive. So if there are any problems with changes you've made, a reboot takes you back to the previous known-good version of your running system. Does this mean that you lose changes you've made when power to the DebRouter goes out? No. DebRouter implements a "write to flash" function much like a hardware router or manageable switch. So you can install and configure new packages, test them out, and write your changes to the flash-based boot media if everything went well in testing. If your tests revealed there was a problem, then just reboot without writing the changes to flash and you will roll back to the same state of the filesystem that you had before your changes. This makes it extremely easy to test potentially unstable software and configuration changes. If things don't work, just reboot, and voila! Your working system is back within seconds.

This also means that the machines are harder for crackers to abuse if they succeed in infiltrating the DebRouter. If you discover that your DebRouter has been compromised, you can reboot and be rid of the cracker. Then you check for security updates from Debian, install them, write your changes, and you're back up and running. I can tell you from experience that eradicating a cracker's presence from a normal machine with hard drives whose data persists across reboots is not this easy!

The boot process of the DebRouter provides another nice benefit. DebRouter boots from flash media, creates a RAM disk, copies the flash media's filesystem to the RAM disk and then unmounts the flash media filesystem and runs from the RAM disk. RAM is fast - lot faster than any hard drive. So now your filesystem I/O speed is absurdly fast. So if you install the Apache web server and put up some HTML and image files, you now have one of the fastest web servers available - without the hassle of a special configuration to load your pages into a ramdisk. It can also run web scripts (such as PHP, Perl, Python, Ruby, etc.) as fast as your normal hard drive based servers do.

What can you build with a DebRouter? Here are a few ideas to get you started:

Add the Quagga routing software package to make an OSPF/RIP/BGP router
Install the Apache web server with Perl/PHP/Python/etc scripting environments
Use the Asterisk software for a cheap VoIP server for a remote office
NAT/Firewall
Web content filtering via the Squid proxy package
Make a captive portal system for wireless networks in cafes or other public access areas
DNS server using the venerable and always popular BIND software
Create a network sniffer with the tcpdump utility which writes data to a remote NAS or other storage device
Combined with a NAS (Network Attached Storage) or an NFS server, a DebRouter can do most anything.

Since most enterprises will try to install all machines in racks, I checked a couple of online vendors to see how much it would cost to build a good 1RU DebRouter machine. I found that a 1RU machine far above the minimum specs can be had for $500, including shipping. This includes a 1RU case, motherboard with all essential functionality on board, a P4 2.8GHz CPU, 1GB ram, and a 512MB CF card and IDE-based CF reader.

So how about a $500 router that can do RIP/OSPF/BGP? Consider both the business and technology reasons that your company might want to use a DebRouter instead of a router from Cisco or one of the other routing big boys. The business side is easy. The hardware is cheap, even for a system with generous amounts of RAM and CPU. For the price of a typical router support contract, you can buy a couple of extra DebRouters to have sitting around as spares ready to jump into action if you have a hardware failure on your primary DebRouter. Subsequent years of support contracts you don't need to buy equal money that remains in your coffers helping to fatten up your Christmas bonus next year. Of course, let's not forget that most router vendors charge extra for the advanced software like OSPF or BGP routing, or encryption software so that you can use the more secure SSH instead of the gaping security hole called Telnet to remotely connect to your router. DebRouter has all that (and so much more) for free!

On the technology side, with the screaming fast processors available today, a DebRouter can pretty well hold its own against most of the major router vendors' offerings. And it's the versatility of the DebRouter that will likely interest your techies. Did I mention that Linux does 802.1q VLANs? How about an OSPF router that does double duty as a slave DNS server? Or perhaps an edge router that also acts as a VPN concentrator with strong encryption for hundreds of tunnels?

So walk on down to IT and find those two Linux guys tucked away in their cubicles and let them loose on a Debian Router project. They should be glad to have an interesting project to work on instead of trying to recover emails that Marge from Accounting accidentally deleted the other day, and you just might get some nifty devices from them that save you some cash on your bottom line. Your Linux admins are welcome to reach out to me if they need some help or just want to share their ideas on a new use for a Debian Router.

In the future, I'll touch on embedded Linux in extremely cheap devices that are excellent for smaller tasks.
[My q!Bang Solutions co-owner Josh Kuo beat me to the punch. Read his article "Beef Up Your Wireless Router", here on the Geeks in Pardise blog.]

High Mobley
Co-Owner of q!Bang Solutions
January 28, 2007

Posted by Josh Kuo on January 28, 2007 08:46 PM

Zenoss

The OpenNMS Group

GroundWork

Southern California Linux Expo (SCALE)

Technology White Papers

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert