- Comments on Release 1.0: Open Source Community
- Weekend Link Roundup
- Black Duck taps into Sourceforge repository
- BYO $2 per GB Storage
- Microsoft's Linux confusion
- Groundwork and Open Source marketing
- Security Expert on Open Source: Part 3
- The open source CEO question again
- Motorola RAZR-Q
- PwdHash: Open Source Web Password Hashing
July 31, 2005 | Comments: (0)
Comments on Release 1.0: Open Source Community
If you haven't already read my open source community manifesto over at Release 1.0 your life remains unfilled. In a terrifying exercise of searching the blogosphere I found a huge number of links both to the report and other things I have written recently and was overwhelmed by the efficiency of new blog search engines like IceRocket offers. Anyway, Zack at MySQL gave the report a thumbs up and suggested that the very reason that MySQL and open source in general are revolutionary is because of the community involvement. This is something I completely agree with (and a point I thought came across in the article) and would argue that open source is not only the most important technology movement of the last ten years but also the most important social movement. With the exception of the punk rock analogy (see Release 1.0 article) that I so enjoy, I can't find another example of an instance where community triumphs over big business.
Anybody have another example? Email me openresource(at)infoworld.com
Posted by Dave Rosenberg on July 31, 2005 11:01 AM
July 30, 2005 | Comments: (0)
July 29 is SysAdmin Day
Astronomers find a tenth planet
Bruce Schneier on the Cisco IOS flaw
Maybe Google is evil (maybe they will open-source it)
CISOs weigh in on open source
Posted by Dave Rosenberg on July 30, 2005 09:55 AM
July 29, 2005 | Comments: (0)
Black Duck taps into Sourceforge repository
Ever since SCO decided to sue pretty much anyone who ever attended a LinuxWorld event, much has been made of the need to keep enterprises safe from open source licensing snafus. On Monday, Black Duck Software, a provider of software compliance management solutions, and SourceForge.net, one of the world's largest open-source collaborative development sites, will announce that Black Duck will be able to use SourceForge's program repository to make its software compliance program more efficient.
This is a good idea, the more code that Black Duck has to test against the better its tools will be and as such should lead to less risk (real or perceived) and more adoption.
In case you were wondering, there are a few other interesting companies that do code reviews (Agitar for Java and Coverity for C and C++) to detect errors along with security vulnerabilities etc. Makes me wonder if Black Duck will open-source their "risk" database at some point.
Posted by Dave Rosenberg on July 29, 2005 10:18 AM
July 29, 2005 | Comments: (0)
Capricorn Technologies has crafted and released blueprints that allow someone to build Big Storage on the Cheap--multi-terabyte and multi-petabyte systems inexpensively-about $2 per GB. The story says the designs will be released under an open source licence, but I couldn't find any further information on the company website.
It's a great idea, storage systems are still absurdly expensive when you consider how inexpensive hard disk space is.
Posted by Dave Rosenberg on July 29, 2005 08:09 AM
July 28, 2005 | Comments: (0)
What a difference a few hours makes when talking about Microsoft's attitude toward Linux. First we have Microsoft warms up to Linux discussing Bill Hilf's presentation coming up at LinuxWorld and a few hours later Microsoft boosts efforts to beat Linux interview with Kevin Johnson.
I would love to say that the disparity in the two stories is a fantastic marketing ploy by MS to continue to the confusion and add more FUD, but I tend to think its more that none of the MS people actually talk to one another.
While I'm at it, here are two more that came out today...it's like Yogi Berra was reincarnated as a MS spokesman.
Microsoft: Low-cost Windows gaining ground
Ballmer: High-end Windows, Office coming
It's like deja vu all over again.
Posted by Dave Rosenberg on July 28, 2005 09:03 PM
July 28, 2005 | Comments: (0)
Groundwork and Open Source marketing
I had lunch with Will Winkelstein, VP of Marketing at Groundwork today and discussed some of the challenges in open source marketing. One particular issue that I found interesting (and really hadn't thought about before) is how open source companies should classify themselves. For instance, Groundwork develops and manages open source software, making it an open source company, but their products are for network and systems management. So which way should they position themselves? Open source or systems management?
Unfortunately for all you VPs of Marketing, it's not an either/or situation and therefore requires much more focused marketing messages depending on the audience. This is the case for pretty much all open source companies, you have to assimilate your products into the mainstream (to get customers) while still remaining a part of the open source movement (to engage developers.) Ultimately it comes down to solving a problem for IT staff or developers, open source may be the angle that gets a product in, but in the future I tend to think it will just become a checkbox in an RFP.
Previously:
Open Source Community: How to win friends and influence developers
The voodoo of marketing an open source project
Posted by Dave Rosenberg on July 28, 2005 02:33 PM
July 27, 2005 | Comments: (0)
Security Expert on Open Source: Part 3
Continuing my discussion with Doug Barbin from Verisign...
Is there a security or networking product that you think could benefit from an open source-esque model--for example, in many ways Snort is so successful because the community helps to test the rules.
I've actually seen this to a degree in the forensics community. EnCase, who is by far the leader in this space, has opened up its own imaging tool publishing how the tool does its imaging. Specifically, its uses small chunks of data that are each hashed using a cryptographic checksum. The advantage of this is that if there was a problem with an image (or a bad sector on a drive that could not be copied) you would be able to identify which small amount of data that was and know that the rest of the image was exactly the same as the source drive. The perceived disadvantage is that this is not a bit for bit image (because you are adding checksums to it). EnCase has countered this by 1) supporting dd images in their analytical tool (which they did over 4 years ago) and 2) making detail available on how their imaging tool works so that it can be validated.
I think one are that could use some help is vulnerability scanning. Now this is a tool where the open source community participates in actively so it doesn't need to be more open per se. However, the challenge I've seen comes back to accountability for the signatures. There is the issue of timeliness, which I addressed above. There is also the issue of confidence. "Confidence" is knowing how accurate your scanning signature is or more specifically, how often it will yield a false positive. I think the open source community does a great job of publishing new signatures, but we could probably do a lot more to study and rate the confidence of our signatures so that you know if you scan for a certain MS vulnerability, 90% of the time the nessus result has been accurate or vice versa where 90% of the time it is a false positive. Commercial vendors do this, and charge for it.
Intrusion prevention is probably an area that could be more open. We still see challenges in network IPS or IDP (Intrusion Detection and Prevention) in that customers are worried that a false positive will create a denial of service condition.
Note: Opinions expressed are those of Doug Barbin and not reflective of Verisign
Posted by Dave Rosenberg on July 27, 2005 08:12 AM
July 26, 2005 | Comments: (0)
The open source CEO question again
This article "Do you own everything in your software portfolio?" slipped by me. Basically what we have is Mark Tolliver, former Sun bigshot, now CEO of Palamida spewing a bunch of questionable comments on News.com. Stephen Walli took him to task for it and Matt Asay followed up.
This piece signifies a general misunderstanding of open source (that all projects should be considered commercial and consider the inherent liabilities) and instead attempts to instill fear and further support the anti-open stance. To the extent that he is trying to drum up business it's a great tactic. Palamida, just like Black Duck and OSRM basically sell insurance. Buy our product and we'll keep you safe. What's different is that Palamida seems to forget it's targeting a market that is much more informed on these issues than would be thought from this condescending article.
It goes back to my question a few weeks ago about the new cavalcade of CEOs who are running open source companies and appear to need some help communicating with the community.
The fear-mongering and general doubt cast by the piece feels alot like Microsoft. With friends like this does open source need enemies?
Posted by Dave Rosenberg on July 26, 2005 07:41 PM
July 26, 2005 | Comments: (0)
Despite the fact that it runs Windows Mobile, I still want this phone. Maybe Palm can make something similar by Q1 2006?
Read more here:
Engadget Hands-on
Press Release [Motorola]
Motorola Q Announced (pictures) [BargainPDA]
Posted by Dave Rosenberg on July 26, 2005 09:56 AM
July 26, 2005 | Comments: (0)
PwdHash: Open Source Web Password Hashing
I might be late to the game on this...open source web password hashing algorithm from Stanford.
PwdHash is an browser extension that transparently converts a user's password into a domain-specific password. The user can activate this hashing by choosing passwords that start with a special prefix (@@) or by pressing a special password key (F2). PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself. A break-in at a low security site exposes password hashes rather than an actual password. We emphasize that the hash function we use is public and can be computed on any machine which enables users to login to their web accounts from any machine in the world. Hashing is done using a Pseudo Random Function (PRF).
Posted by Dave Rosenberg on July 26, 2005 09:28 AM
July 26, 2005 | Comments: (0)
Security Expert on Open Source: Part 2
Continuing my discussion with Doug Barbin from Verisign...
What products do you use as part of your "toolkit" for security audit and analysis?
Some of the scanning and tools we use include:
- Nessus - the open source network vulnerability scanner which identifies network and host-level vulnerabilities
- nikto - an open source scanner for website vulnerability scanning
- achilles - an open source web proxy for examining web applications
- Scripts - Perl scripts are often used to test a specific vulnerability against a specific host. This is typically done in order to validate that scan results are accurate. Sometimes scripts can include an actual exploit, others are safe. For that reason we always test in a controlled environment with the customer's assistance.
We also use commercial tools for database and some web-application assessments. For our managed scanning service, we use nessus to obtain the scan, but that's about it. We have our own front end and backend processing that leverages the correlation and intelligence infrastructure as well as our Portal for detailed reporting. We see the true value of scanning is how it helps you evaluate IDS alerts, firewall configurations, and monitor for compliance.
For IDS, snort is the most commonly used open source application. We also manage large Cisco, ISS, and other deployments. We have written snort signatures, and often do so on the fly for specific customer requests. In addition, we have used plugins and tools such as sneeze which helps tune the sensor. However, once the data is collected, we run it through our own proprietary correlation and reporting infrastructure. Alerts then either automatically initiate tickets for investigation or they are posted to a Portal where the customer can review them. We chose to do his (as opposed to using ACID which I have used at home) so that we can better control the data from a reporting perspective, not to mention cross-reference it to our firewall and vulnerability scanning data.
In computer forensics, we use a combination of open source and proprietary tools. For disk imaging, we almost always use dd (disk dump) which has the ability to create raw bit stream images of disks. That means you're not just getting the files, you getting the deleted files and everything else sitting on used or unused components of the drive. dd is nice, its open and difficult for an opposing attorney to argue that you've altered the disk. In addition, we also use open source tools to grab network connection, process-listing, and other information that is useful during an investigation.
Like IDS however, it is what you do with that data after that matters. For disk analytics, EnCase (proprietary) is probably the most commonly used application. It is fast, thorough, and relatively easy to use. Some of our examiners (typically the more *nix friendly) use the SleuthKit (open source) which also allows you to analyze files, timestamps, and recover deleted data. Which you chose is more a matter of personal preference as both work quite well. I have often instructed the teams to use both as a means to check and validate findings. What you never want is someone blindly relying on any tool without understanding what is happening. That is a quick way to get discredited on the witness stand.
Note: Opinions expressed are those of Doug Barbin and not reflective of Verisign
Posted by Dave Rosenberg on July 26, 2005 09:11 AM
July 25, 2005 | Comments: (0)
Security Expert on Open Source: Part 1
Doug Barbin is a good friend of mine and a Senior Product Manager at Verisign, where he works in the Security Services Group. He and I discussed how a commercial security services company like Verisign utilizes open source tools and how they impact security in general. As a CPA and a CISSP Doug has extensive experience in dealing with risks and security audits and can also build insanely complex models in Excel and then encrypt them so that not even he can ever see the information again.
I asked Doug 3 questions which I will chronicle over the next few days.
How are you seeing open source security products being utilized in large-scale enterprises? What are the risks and benefits of deploying open source vs. proprietary products?
VeriSign uses and supports open source tools in both its consulting and managed security services businesses. Our customer base is large enterprises, mainly in the financial services, health care, and retail space. I would probably group the tools into three areas: vulnerability assessment; intrusion detection; and computer forensics. In addition, I would say that we see large enterprises using a combination of open source and proprietary products. Good examples would be someone using Cisco IDS outside their network and then installing snort sensors internally. The advantages of this approach are:
1) Cost - No technology open source or proprietary runs by itself. Scanners need qualified personnel to interpret the results and IDS sensors need qualified people to determine whether an alert is a credible threat. Labor should be an assumed cost for everyone doing this work. Using open source technology in specific places allows companies to save the capital expense of additional equipment and focus on the human element.
2) Layered Approach - Neither network vulnerability scanning nor intrusion detection is an exact science. Both disciplines take packets off a network and attempt to determine what they mean and what they are intending to do. False positives (and false negatives) are a reality. Cisco, ISS, Sourcefire, and the open source community do not share the same databank of attack signatures. Have both technologies in place provides some additional coverage in terms of "some" signatures that may be missed.
3) Signature Accountability - With signatures, there is a certain level of comfort knowing that you have a contract which defines SLAs around when new signatures will be available for installation. This is critical when a new vulnerability or exploit is in the wild. Commercial tools provide that as do subscriptions
Regarding risk, the key issues are typically data analysis and accountability for updates. Data analysis and presentation is key reason why many customers look to proprietary technologies. From a functional perspective all intrusion detection technology grabs network packets going across a wire. What differentiates the technologies (and services) is what they look for (signatures), how much data they grab (or store), and what detail they can provide to a user who is investigating an alert after the fact. In addition, the ability to show trending analysis, not to mention doing things like anomaly detection also provide a layer of value-add. As a security service provider, we believe this intelligence layer is our play. While we support the leading technologies, you won't see a VeriSign IDS or Firewall for sale anytime soon. We take the data in any form and provide it back to you in a manner that allows you to act. Last, each of these tools require maintenance. Not just signatures, but program updates, and any technical support that may be required. With a commercial solution, that is typically provided.
Note: Opinions expressed are those of Doug Barbin and not reflective of Verisign
Posted by Dave Rosenberg on July 25, 2005 04:09 PM
July 25, 2005 | Comments: (0)
Open Source Community: How to win friends and influence developers
The first part of my giant Release 1.0 article called "Open Source Community: How to win friends and influence developers" is live.
If you were to contemplate starting a software company in today's market, you might consider one of many open source models. Clearly the IT marketplace wants open-source applications. Why else would they keep moving up the stack and continue to take market share from proprietary software companies? Databases, ERP, CRM, business intelligence, mobile applications - there is no category that can't spawn an open-source counterpart. There's a low barrier to entry, adoption and business acceptance is on the rise and there is a huge developer community to help build your product. Ah yes, the revered open source community, the invisible mass that supports projects and leads to success! If only you could harness the power and interest of the community, this whole thing would be a cakewalk.
You have to login in to read it, but I can attest to the fact that they don't do anything with your email address. Special thanks to Rafe Needleman for hooking me up.
Posted by Dave Rosenberg on July 25, 2005 09:35 AM
July 25, 2005 | Comments: (0)
New Groundwork CEO Ranga Rangachari will be speaking at LinuxWorld. Come say hi and ask him for a job.
Posted by Dave Rosenberg on July 25, 2005 09:27 AM
July 24, 2005 | Comments: (0)
Microsoft renames Longhorn to 'Vista'
Financial companies lead Linux charge
Brazilians used Orkut as drug distribution network
An automatic human washing machine
Asashoryu wins August Sumo tournament
Posted by Dave Rosenberg on July 24, 2005 11:25 AM
July 22, 2005 | Comments: (0)
Development Decisions and Usability
eWeek asks the question Is .Net Failing to Draw Venture Capital Loyalty? Based on their discussions with several VCs the answer appears to be yes. Unlike open source or Java frameworks, I tend to think that .NET is a bit limiting in terms of choices; you either pick Microsoft or you don't. I spoke to a developer friend who told me they recently went with .NET for that reason exactly. Small businesses often don't have the time, money or expertise to be able to sift through all of the open source options that are available. Consider the open source Java app server-- you can choose JBoss, Tomcat, Enhydra, or Jonas just to name a few. Microsoft certainly makes it easier to make a decision, but when you are limited to just one choice you are forced to assume it's the right one.
I spoke with Mark Griffin, developer at financial services firm Glass, Lewis, and Co., who thought that you could essentially recreate anything that Microsoft offers with open source tools, but you would have to cobble them together yourself. Maybe there is a services business model that goes beyond just the certified LAMP stack and into the deeper issues of system management (something that Levanta is tackling), scalability (look to ActiveGrid) and further into the application and database manipulation space (like phpMyAdmin.) I don’t know what the business model looks like-some sort of hybrid professional services group, but wouldn’t it be great if a small-medium size business could choose Chinese-menu style the tools and applications they need to have a complete solution.
In terms of usability, the Microsoft tools all have nice GUIs and are pretty easy to administer (though at some point you have to be a little afraid of a SQL server point and click delete everything by a junior admin), something that we’re only beginning to see in open source. I am leaning more and more to the idea that the adoption of Linux and open source is only being held back by visual perception-the stuff looks scary so some people are hesitant to use it. I wonder how many vendors at LinuxWorld will have nice new GUIs for the apps? I am betting a lot, usability is the last frontier to be fought for open source adoption.
Posted by Dave Rosenberg on July 22, 2005 11:04 AM
July 21, 2005 | Comments: (0)
I spent some time this morning doing an interview with HPCwire on the impact and importance of Linux in high performance computing, and once again came to the same epiphany that I do every few weeks (and that Matt Asay showed me so long ago) that Linux and open source is about choice. So, when I stumbled onto this article regarding Microsoft's Eye on Open Source I realized that they still are missing the fundamental point, that using Linux and open source technologies is a choice.
Fortunately this group, including Rod Smith and Jonathan Schwartz get it.
I also dare say that Martin Taylors' examples of Linux not being up to par are almost insulting in their futility. As if the same thing wouldn't happen with Microsoft or Solaris.
They're also realizing they can't migrate and evolve (open-source technology) as much as they had thought. For example, U.S. company Flyi.com handles about 90 percent of travel reservations through their online portal, which they run on Linux and Apache.The systems were running fine until the company had a huge spike in traffic, and there were all kinds of downtime issues. So they did the upgrades, added a few servers, some hardware, some memory and new technologies around the Web site to do more customer relationship database tracking. It was all very complex, and some of the seams of the Linux architecture were beginning to show.
Side note: I contemplated not even mentioning this article, but Taylor's responses are such garbage I couldn't help but want to point out how lame MS's open source story continues to be. This is something for all you readers to bring up to Bill Hilf at LinuxWorld.
Posted by Dave Rosenberg on July 21, 2005 12:41 PM
July 20, 2005 | Comments: (0)
In a recent Forrester report "Are Open Source Integration Solutions Mature?" the authors miss one key factor in the development of open source software. They allude to the fact that open source software is designed to be "good-enough," which is fundamentally untrue. Open source doesn't compete on price, it competes on features and accessibility, so the "good-enough" argument doesn't fly.
Further, it could be said that the open source EAI/ESB products are so new they simply aren't as mature and therefore don't fit into Forresters' box diagram. In doing research for a open source ESB project I spoke to a number of CIOs and CTOs who claim to use on average 30% of the features included in the prepackaged software. I fail to see why would you want to pay for something you are not going to use. As always, take analyst advice with a grain of salt (especially from me) and do your research.
Interested in open source EAI/ESB? Here is an enormous list of projects. My favorites are Mule and OpenAdaptor.
Forrester mapped the coverage of open source solutions-including all open source consortia and typically available components-to the application integration framework (AIF) model we usually use to assess commercial integration suite products. The results speak eloquently for themselves: Open source solutions currently do not provide any coverage for most categories in the matrix. Generally, the more powerful proprietary EAI solutions on the market fulfill all but five or so of the functional requirements in the matrix. However, a more thorough evaluation indicates that the situation is not as bad as it appears: In many cases, open source solutions work well enough to meet their intended scope. Prospective users should note, in particular, that:-- Open source solutions may never address some categories, such as prebuilt. The developers’ principal objective is to focus on building a generalized "good enough" solution.
-- The business rules category is relatively new, even for commercial solutions. It is unrealistic to expect open source developers to include business rules functionality in the near term.
-- Reuse of a single repository won't start until 2006. Open source developers are doing some work on repositories and directories functionality based on the Eclipse repository, but the various open source solutions will not start reusing a single repository until 2006 at the earliest.
Posted by Dave Rosenberg on July 20, 2005 11:14 AM
July 20, 2005 | Comments: (0)
I wrote a mediocre piece on open source marketing over at ITMJ.
Posted by Dave Rosenberg on July 20, 2005 11:11 AM
July 19, 2005 | Comments: (0)
ActiveGrid announced a second round investment of $10 million. Jon Udell wrote about them a few weeks ago.
ActiveGrid CEO Peter Yared will be talking aboutDeveloping and Deploying Enterprise Applications on LAMP-based Grids at LinuxWorld.
Posted by Dave Rosenberg on July 19, 2005 08:52 AM
July 18, 2005 | Comments: (0)
VC talk about Open Source CEOs and IPOs
Patrick Ennis, Managing Director with Arch Venture Partners and I go back almost ten years in our inane discussions on various technologies. Spurred by a recent article "Open Source Exuberance" which profiled John Newton, CEO of open source CMS developer Alfresco (and formerly CEO of Documentum) I began to question why VCs consider non-community members to be the right leaders for open source startups. This is not to say that Newton is not a great leader or wrong for the job, I just wonder if the funding exuberance is based in a false sense of reality-that a software executive from a proprietary background can really understand and relate to the open source community. Ennis thinks that there is a challenge involved, but a good leader should be able to learn and transcend any specific market dynamic.
Excerpt from our conversation:
Is an open source company any different in terms of skill-sets or knowledge that a CEO should have? For instance, there are several recently funded companies (Alfresco, EnterpriseDB, Greenplum) that feature previously successful CEOs who were obviously key in helping to raise VC funding but are not specifically from the open source community. Does that matter?
Yes, it does matter. Of course one can never find the "perfect CEO", just like one can never find the "perfect VC". In fact, sometimes it's difficult to even find a "mediocre VC or CEO"...(just kidding, mediocrity is easy to find.) The ideal CEO candidate should have open source experience. However, commercial open source companies have a relatively short history so there isn't a large stable of experienced executives to choose from. A key challenge for an open source CEO is to balance the ethos of the open source community versus the demands of a for-profit private company.
Fortunately they are not in conflict as often as one would think. It's more a matter of timing… in the short term, it might theoretically reduce company value to give away (for free) an important technology development. However, such an act will not only build goodwill and increase community credibility, but will also increase mindshare, market presence, in the long run result in more revenue.
But keep in mind that this cognitive dissonance can be difficult for executives and VCs that are trained in the old model.
When VCs look at open source models what type of "hit" are they hoping for. Meaning do they expect the big bang IPO or are they looking for more of an acquisition strategy?
Publically, everyone will say "IPO". In truth, historical statisitics show that the vast majority of startups, especially software startups, have a M&A (mergers and acquisitions) exit. I think the goal is to invest in a company that has the potential to one day be a standalone public company, which sets a high bar and pushes people to excel. If it turns out to be an M&A, that’s fine (as long as the value is high enough to reward the hard work). And due to Sarbanes-Oxley, there isn't much of a difference any more in building a liquidity or exit strategy. Although technically Sarbanes-Oxley doesn't apply to private companies, it applies in terms of integration when a large public company buys a small company. Today, there is a strong desire for the startup to be as close to Sarbanes-Oxley compliant as possible. In the old days, if a board didn't think a startup was going to go public, they would avoid hiring a senior CFO, would not be as worried about audits, processes etc. That's not true anymore. Of course there are strong thoughts in the tech and financial community that Sarbanes-Oxley has gone too far....much of the value is accruing to lawyers and accountants who are billing a large number of hours at hefty hourly rates ($500 an hour!). The intention was good, but the application destroys value for many startups. Fortunately the SEC and others in Washington are aware of this and are trying to limit the paperwork burden and focus on the goals of the legislation. That's really a management issue, but it's important to keep in mind.
Posted by Dave Rosenberg on July 18, 2005 03:18 PM
July 18, 2005 | Comments: (0)
Rackspace Managed Hosting unveiled Red Label, a bundle of Linux software and services aimed at enterprise users, in response to demand from their high-end users who are looking for a vendor to manage their Linux deployments. (Coincidentally Rackspace vp of product engineering, Paul Froutan just happens to be speaking at LinuxWorld)
Essentially what Rackspace is offering is a bundled stack not very different from some of the upstart open source services companies. I think the initial advantage is that they already have 3000 customers in the small and midsize market and appear as much less of risk in terms of trusting infrastructure to an outside firm.
The Red Label services include application infrastructure support for software including databases from Oracle and MySQL and the JBoss and Apache Web servers along with multi-layer systems monitoring and proactive patching. Rackspace will also assign a lead engineer to each Red Label customer, according to Froutan. The engineer will act as the customer's representative to the Rackspace support team. Engineers in this role will familiarize themselves with the customer's business, so they can let Rackspace know, for example, the best time to carry out maintenance on the customer's systems, causing the least disruption to their operations.
Posted by Dave Rosenberg on July 18, 2005 12:28 PM
July 15, 2005 | Comments: (0)
Firefox has 8.71 of the browser market
SpreadFirefox.com got hacked
Someone realized that Bill Hilf from Microsoft will be speaking at LinuxWorld
Programmers can still get jobs in the U.S.
Gizmodo got a new editor (good luck Joel)
SCO continues to add visibility to Linux
An obsessed Dunkin Donuts Blog
Posted by Dave Rosenberg on July 15, 2005 07:48 PM
July 14, 2005 | Comments: (0)
Good article over at Bank Technology News on the adoption of Grid in financial services. I wrote about this a few weeks ago covering a LinuxWorld NY conference session with Carol Carson, director of Linux and Grid, IBM; Carl Drisko, director, Linux and Open Source Services, Novell; and Greg Nawrocki, president, the Globus Consortium.
But when a mortgage player like Cleveland's Ohio Savings starts talking about the grid, maybe it's not just for the space age any more. The firm's enterprise information manager, Tony Miller, says Ohio Savings is using a grid network now at the database level, running an $800,000 Oracle 10g system. Even so, he and project manager Ed Kizys figure soon to move the vital retail loan and mortgage-origination systems onto the grid, putting it right at the center of the firm's reason for being. After all, if the likes of Goldman Sachs are investing in grid-computing software companies-then grids must be something financial companies can use.
Posted by Dave Rosenberg on July 14, 2005 01:17 PM
July 14, 2005 | Comments: (0)
EnterpriseDB: A true replacement for Oracle?
I spoke with EnterpriseDB CEO Andy Astor last week about what they have been doing in regards to creating a true Oracle replacement.
The principle concept of EnterpriseDB is an enterprise class database that is compatible with Oracle at a very cheap price. According to Astor, applications don't know the difference between Oracle and EnterpriseDB, and the company claims to have done many things at the core of Postgres that will allow for faithful compatibility. If the product performs as Andy says they should have people lining up at the door to buy their database.
Andy also brought up an interesting point that there might be some real merit to the idea of "certification" in open source products and specifically in a stack. I see why it makes sense, I'm just not sure that a large enterprise would trust the company that doesn't actually own the code. So, it works in the case of EnterpriseDB, Zend and MySQL but the jury is still out on the services companies that consolidate the stack. I still contend that enterprises would be more likely to outsource to a larger services organization like IBM or entirely to someone like EDS in those cases.
Posted by Dave Rosenberg on July 14, 2005 12:52 PM
July 14, 2005 | Comments: (0)
Eben Moglen/Software Freedom Law Center
The Software Freedom Law Center (SFLC), provider of pro-bono legal services to protect and advance Free and Open Source Software (FOSS), today announced it will represent the Plone Foundation.
I could pretend that I have any idea why this is important, but I haven't had coffee in about 4 hours and I am going through serious withdrawal. Regardless, what I know is important is that Eben Moglen will be speaking not only on the OSDL keynote panel (along with Stuart Cohen, Chris DiBona, David Patrick and Tom Rabon), but also in the LinuxWorld conference discussing GPL 3.0. This is your chance to ask Eben himself just when GPL 3.0 will be done and ready for action. My guess is it will be ready just about when Microsoft comes out with Office for Linux.
Posted by Dave Rosenberg on July 14, 2005 09:23 AM
July 14, 2005 | Comments: (0)
Finding the LinuxWorld hidden gems: Dietzen and McGovern
Update: Bob McMillan found the Dietzen LinuxWorld session online and called me to find out the story. I made something up about AJAX but got confused between the scripting technology and the bathroom cleaning product.
Everyone seems to be interested in Dietzen, but there are many more hidden gems...just wait til the media realize that Patrick McGovern, former honcho at Sourceforge.net and now bigshot at semi-stealth startup Splunk will be speaking.
Posted by Dave Rosenberg on July 14, 2005 04:06 AM
July 13, 2005 | Comments: (0)
Martin Lamonica noted that Scott Dietzen, the former chief technology officer at BEA Systems, has found a new job as president and chief technology officer of enterprise messaging start-up Liquid Systems. Apparently he saw that Dietzen is speaking at LinuxWorld in SF.
Liquid Systems is still in stealth mode so instead of telling you what they actually do, I will make up a few entertaining scenarios.
1. Liquid Systems is creating a fleet of high-intelligence apes that have been trained as divers for deep water rescue.
2. Liquid Systems is launching the first internet-enabled aquarium.
3. Liquid Systems has finally cracked the genetic code to create sharks that have laser beams attached to their heads.
Posted by Dave Rosenberg on July 13, 2005 08:36 AM
July 12, 2005 | Comments: (0)
Globus Toolkit: BSD Licensed to Grid
Ian Foster's recent article on the Globus Consortium's choice of the Apache 2.0 license sheds some light on why a BSD-style license may be the better choice for companies marketing open source products as components of other (potentially proprietary) software products.
We chose this BSD-style license because we believe that vendor incorporation of Globus Toolkit code into their proprietary offerings is a key to enterprise adoption. IBM's Grid Toolbox, Sun Microsystems Inc.'s Grid Engine and Nortel Networks Ltd.'s Dynamic Resource Allocation Controller are examples of early grid products that use the Globus Toolkit. The APL2 license allows these vendors to use Globus Toolkit implementations of the open standards in their grid products. Thus, those products are able to interoperate with other hardware and software resources in their customers' IT environments.
I agree with Ian that this was the right choice. Grid is making it's way to the enterprise and lowering the barrier to entry in terms of the code will certainly make adoption easy for some corporations. As I stated in a recent article "Building the Business Case for Grid", Grid computing is no longer viewed as a speculative, high-risk proposition with vague benefits, but rather as a proven technology. It's a technology that will find it's way deep into the enterprise and ISV products and should not be limited by licensing or other legal issues.
Posted by Dave Rosenberg on July 12, 2005 03:12 PM
July 11, 2005 | Comments: (0)
Levanta Launching First Linux Management Appliance
Levanta will be launching the Intrepid M at LinuxWorld San Francisco-- a hardware product that they claim is first management appliance for Linux systems.
The Intrepid takes Levanta's Linux systems management software (used by customers like Boscovs, Electronic Arts, City University of New York, etc.)-- and puts it into an appliance with built-in shared storage.
Levanta is a company that's come a long way over the last few years. Rising out of LinuxCare, (an aptly named Linux services and support company) the company changed its name to Levanta and started selling virtualization software for mainframe environments. They've expanded their Linux management and data virtualization capabilites beyond the mainframe to also include 'scale-out' commodity x86 environments. Levanta has already been running in mission critical environments in a number of big datacenters and now they've taken the technology made it easier to use, and put it in a box.
With this new appliance, Levanta is offering a turnkey Linux management appliance they claim surpasses anything available from other virtualization approaches from the likes of VMWare and XEN. Levanta runs everything in native CPU and RAM, avoiding the 20% CPU overhead typical of those approaches.
Levanta's Intrepid M announcement dovetails nicely into a broader theme that I'm already seeing for LinuxWorld this year -- and that's the general rise of more mature management tools. One of the long time deal breakers for many enterprises in their adoption of Linux has been the lack of sophisticated management tools. The release of Intrepid M -- designed to be up, deployed, and managing Linux in less than an hour should have naysayer enterprises reconsidering Linux adoption for production environments.
Previous Coverage on the product announcement:
http://www.networkworld.com/news/2005/062005-levanta.html
http://www.networkworld.com/newsletters/linux/2005/0627linux2.html
Posted by Dave Rosenberg on July 11, 2005 07:24 PM
July 11, 2005 | Comments: (0)
Marching towards LinuxWorld SF: Coverity
As we start the march towards LinuxWorld San Francisco (August 8-11, 2005) I have begun taking a deeper look at some of the companies that are on the exhibit floor and in the conference program to highlight a few of the interesting things going on in the Linux and open source market.
Coverity
Coverity automates the detection of software defects and security vulnerabilities for complex software at compile time-which in layman’s terms means they dig deep into code and determine if there are any risks or problems. While not technically an open source company, Coverity uses Linux and other open source projects to test their products and then contribute the results back to the community. For instance, Coverity recently ran it’s automated bug finding tool on FreeBSD and flagged 306 potential software errors, about one issue for every 4,000 lines, proving not only the quality of FreeBSD but the merits of the Coverity product.
Admittedly, code checking is not as exciting as something like Virtualization, but Coverity is doing well as a business, providing a useful toolset and being a productive community member. Coverity CEO Seth Hallem will be speaking in the LinuxWorld conference program on August 9 at 10:15am.
Posted by Dave Rosenberg on July 11, 2005 05:11 PM
July 11, 2005 | Comments: (0)
Blogging LinuxWorld San Francisco
The InfoWorld crew has been kind enough to take on a LinuxWorld blog, but instead I am planning to focus on eighteenth century poetry, just to throw all you techies a curve ball.
Just kidding, the only poetry I know all involves a guy from Nantucket.
So here we are, offering deep insight and profound thoughts on the open source world and more importantly letting you know what's going on at the upcoming LinuxWorld San Francisco, August 8-11, 2005. The goal here is to inform the masses of all the cool companies, interesting content and general good time to be had hanging out with the open source community. I can only hope to entertain while not infuriating.
Posted by Dave Rosenberg on July 11, 2005 05:10 PM
- Get Started
- Port 25 Blogs
- OSS News
- Join a Project
{Open Source} Heroes Happen Here
Start today and order your own Hero Hack Pack – which includes Getting Started with Open Source, Windows Server 2008 and Visual Studio 2008 Trial. Each pack is a chance to win a free pass to OSCON 2008.
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
