July 2008


I had the pleasure of speaking with James Burgett of the Alameda County Computer Resource Center and Andrew Fife of Untangle.

James and Andrew are driving Installfest @ LinuxWorld with the goal of bringing together unwanted hardware with community elbow grease to provide computers to needy schools.

James has refurbished approximately 17,000 computers and given them to needy recipients over his career.  Yes, that’s 17,000!  James and Andrew hosted the first Installfest for Schools in March 2008 and were able to refurbish 350 computers.  The software installed on these refurbished computers is largely free and open source (i.e. Ubuntu and OpenOffice).

I’m certain that they’ll be able to refurbish many more than 350 computers; but not without your help!  If you’re going to be at LinuxWorld, here’s how you can do your part:

  1. Bring old hardware that can be donated to the Alameda County Computer Resource Center for a tax receipt.
  2. Drop by the Installfest and spend whatever time you can spare to refurbish some computers.  Don’t worry if you aren’t much of a tech wizard, James and Andrew have work that is suitable for all levels of skills.  All the way from insert Live CD and hit enter to figure out what’s wrong with the machine, fix it and then install the required software.

Just think of the benefits of donating an hour of your time:

  • Helping needy students to build computer skills
  • Introducing students to free and open source software at an early age
  • Extending the life of computers using a less resource-intensive operating system
  • Preventing over 50 Lbs. of toxic material per computer from prematurely reaching a landfill, when the machine can still be used for a variety of computing tasks

Kudos to James and Andrew for setting a great example for the rest of us!

Winners of the SourceForge Community Choice Awards were announced at OSCON today.

Okay, as much as I love phpMyAdmin, how in the world would anyone vote for them to be the next $1 billion acquisition?  Heck, is there even a company to acquire?

  • Best Project: OpenOffice.org
  • Best Project for the Enterprise: OpenOffice.org
  • Best Project for Education: OpenOffice.org
  • Most Likely to Be the Next $1B Acquisition: phpMyAdmin
  • Best Project for Multimedia: VLC
  • Best Project for Gamers: XBMC
  • Most Likely to Change the World: Linux
  • Best New Project: Magento
  • Most Likely to Be Accused of Patent Violation: WINE
  • Most Likely to Get Users Sued: eMule
  • Best Tool or Utility for SysAdmins: phpMyAdmin
  • Best Tool or Utility for Developers: Notepad++

But alas, the voters have spoken, so congratulations to the winners!

InfoWorld’s Bill Snyder has a nice story about the rising demand for open source skills in the enterprise.  Bill is quoting from Open Source in the Enterprise, written by Bernard Golden and published by O’Reilly media:

“…found that 5 percent to 15 percent of the positions now on the market call for open source software skills.”

I wholeheartedly agree that companies are increasingly looking for developers that have experience with open source products.

According to Bill:

“For this report, we focused primarily on jobs postings from Web sites of about half of all the Fortune 1000 companies. We counted the number of job postings that mention specific open source-related technical terms and tracked trends over time,” the report states

The methodology used doesn’t allow us to know if the job truly requires work with open source products, tools, frameworks > 90% of the work day, or simply asks for ancillary skills relating to open source products, tools, frameworks.  For example, looking for someone with Magneto experience to develop an ecommerce site is different than looking for a .NET developer who written against a MySQL database.

That’s why the 5% to 15% really doesn’t sit well with me.  It could overemphasize a set of skills without the reader understanding what the research question was and how to truly interpret the results.  I suspect that larger companies are looking for developers with a mix of experience with proprietary and open source products, tools and frameworks.

Second, and much more interesting, is there a salary differential between jobs calling for experience with open source products vs. proprietary products?  Again, the answer would depend on whether the job was truly an open source job or a job calling for some experience with open source products, tools, frameworks.

My advice, as always, takes a balanced approach.  Learn the latest open source products, tools, frameworks, but don’t forget to keep abreast of their closed-source alternatives.  The future belongs to those who can straddle both camps.

Simon Phipps, is taking on a new role at Sun:

“It’s not an especially closely-kept secret but I’ve now moved from Sun’s software group and taken the Chief Open Source Officer role over to a newly-formed team reporting more directly to the CEO and working on Sun’s relationships with communities globally.”

Simon will lead the Sun Open Technologies Practice, with particular focus on standards and open source.  I must confess that I don’t know how Sun dealt with this before, but open standards and open source are so tightly linked in my mind.  So, it’s good to see both efforts headed up by the same team.

While most of the comments on Simon’s blog were congratulatory, Roy Schestowitz had the following to say:

“Why put a positive spin in intellectual monopolies at all? Is it because Sun /already/ has a portfolio, i.e. fences against competition?”

Simon responded:

“Hi Roy. That’s just the way the world outside the FOSS communities speaks. My intent is to work from this new position to change that world, but one doesn’t usually win by alienating them on day one :-)

Everyone else: Thanks for the warm wishes.”

True, alienating isn’t called for until day 3 ;-)  Anywho, good luck with the new role Simon.

From Physorg (in a slightly different order):

“Scientists say they have found a workable way of reducing CO2 levels in the atmosphere by adding lime to seawater.

The process of making lime generates CO2, but adding the lime to seawater absorbs almost twice as much CO2. The overall process is therefore ‘carbon negative’.

However, the idea, which has been bandied about for years, was thought unworkable because of the expense of obtaining lime from limestone and the amount of CO2 released in the process.”

Cquestrate, the group behind the idea, intends to use open source principles to bring the idea to reality.  The group is attempting to restrict patents from being secured as a result of the project.  Participants are asked to post their ideas and suggestions on the website, thereby disclosing the information for everyone to see and build upon.

Very cool idea and cool use of openness to benefit humanity.

Ounce Labs, a software risk analysis company, has uncovered two security vulnerabilities in the Spring Framework.

Considering how long Spring has been in use, and its popularity, how could such vulnerabilities remain hidden so long? After all, isn’t one of the hallmarks of open source the strong community vetting? Could it be that the shift towards single vendor-driven open source is making open source riskier?

What the Spring vulnerabilities are

Kudos to Ryan Berg, chief scientist and co-founder of Ounce Labs, and Ounce team for uncovering the issues and working with SpringSource to raise awareness.

According to Ounce Labs:

The specific vulnerabilities are “ModelView Injection” and “Data Submission to Non-Editable Fields.” These vulnerabilities allow attackers to subvert the expected application logic and behavior, gaining control of the application itself, and access to any data, credentials or keys held in the application.

If your applications use the Spring Framework, be sure to read FAQs from the SpringSource advisory and the Ounce Security Advisory.

The deeper question on open source vetting

Now, the reason this story caught my eye:

“As we put more and more trust into the frameworks that are the foundation of our applications, we need to make sure we understand the security decisions made so we can make the right implementation choices.”

Two key benefits of OSS are the ability to read and understand the code we use and that “many eyes scouring the code” makes the product more secure.

Considering the millions of downloads of the Spring Framework, should we have expected someone to discover these security holes earlier? Or do developers use what the next guy/gal is using, trusting that “someone” has done the due diligence?

How should we interpret the news versus the long-held belief of increased security as a result of “more eyes scouring the code”? Could that be a trait of merit-based OSS projects that isn’t likely to show up in OSS projects where a single vendor writes the code?

If developers outside the company can’t contribute code, what is the likelihood that a developer will look at a piece of code within the project and ask, “How can I make this better?” — and in the process uncover a potential security issue?

I’m really asking a fundamental question: Are merit-based OSS projects more secure than single-vendor-driven OSS projects?

Thoughts?

PS: I should state: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.”

We all know that hedge funds and trading floors in virtually every financial institution worldwide are having difficulties these days.  As investors move into cash, redemptions are forcing these financial institutions to cut costs (since these firms get a cut of the funds managed).

Traders will tell you that their trading strategy (encoded into algorithms) is the secret sauce that differentiates her/him from other traders. These trading strategies/algorithms are executed on a trading platform, like the open source Marketcetera Trading Platform.  Marketcetera allows institutions to spend more time and resources on what differentiates them from the other guys, the trading algorithms, rather than on common artifacts across firms, a trading platform.

Marketcetera has built a modular platform with the common capabilities that institutions require.  The open source nature of Marketcetera (GPLv2 or commercial license) allows institutions to tweak their trading platforms for competitive advantage, while starting from a solid base.

Marketcetera is finding that the majority of their users purchase a support contract, which is understandable when considering the business. Marketcetera counts over 500 community members and has a growing number of support and professional services customers.

When asked how Marketcetera can keep up with closed source Trading Platform vendors, especially from a late start, Marketcetera points to its use of OSS.  Marketcetera uses Eclipse RCP, ActiveMQ, various Apache utilities and the Spring Framework.  Additionally, Marketcetera allows customers to control of their own platform vs. waiting for one of the two major trading platform vendors to make changes to their respective products.  The team intends to GA v1.0 in 4Q08.

CEO Graham Miller and CTO Toli Kuznets explained that control maximization and cost minimization are the two key drivers of Marketcetera adoption.

While many of you aren’t going to run out and download the Marketcetera Trading Platform, you may know someone on Wall St. in need.  Point them towards Marketcetera!

Very cool OSS project for tracking and recovering your lost or stolen laptop.  It’s a project from the University of Washington.  This app sounds like a great way to address the 12,000 laptops lost per week at US airports.

The UW website states:

“Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there’s no need to rely on a single third party. What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop. “

A very cool feature is using the iSight camera to take pics of the “user” after your laptop has been lost/stolen.  This feature is for Mac OS X, but Adeona is useful for laptops of all kinds.  The team is looking at Adeona for mobile devices.

Linux, OS X and XP/Vista are supported.

Btw kudos to: Ph.D. students Gabriel Maganis and Thomas Ristenpart, working with UW faculty members Tadayoshi Kohno and Arvind Krishnamurthy.

Ashlee Vance has an interesting article on the future prospects for Sun Microsystems now that its market cap is $7.7B.  Sun needs to maintain at least a $10B market cap to remain a potential holding of large cap funds.  If Sun’s market cap slips below $10B for too long, large cap funds holding Sun will have to sell and thereby cause a further drop in Sun’s market cap.  With short interest growing from 25 million shares to 57 million shares over the past month, compared to a 3 months trading volume of 17 million, the sharks are definitely circling.

On the other hand, Sun has over $2.5B of cash on hand which should allow them to ride out the storm.  This is especially true when you consider free cash flow has ranged from $137 million to $467 million over the past year.  (i.e. Sun is making more from operations than they are spending, so they won’t burn through the $2.5B in cash just yet.)

Ashlee suggests that Fujitsu would be a good candidate to merge with Sun.  I wouldn’t have considered Fujitsu. But Ashlee makes great points about the R&D culture of Fujitsu & worldwide reach and customer preference of the combined company.

But what about the other leading IT players?  Would any of them make a move for Sun?

  • IBM? Unlikely, there would be huge overlap in hardware and software product lines
  • Oracle? Unlikely, they wouldn’t want to get into the lower margin hardware business, and there would be large overlap in software portfolios
  • Microsoft? Unlikely due to corporate culture, although the combined Java + .NET, Solaris + Windows, OSS + Proprietary would be pretty compelling from a customer choice standpoint
  • Accenture? Unlikely, they wouldn’t want to be tied to one vendor’s hardware and software
  • Red Hat? Unlikely, too much overlap in the software product lines
  • HP? Maybe, there would definitely be overlap from a hardware standpoint, but the ability to drive Sun’s software into more shops via the new HP+EDS could be interesting; remember that HP has a history with open source, from Linux to products such as JBoss….

In the end, my money is on Sun remaining independent.  But, rumors of Sun seeking a replacement for Jonathan (as per Ashlee’s article) concern me enough not to put my money on any outcome.

What about you? What do you think lies ahead for Sun?

Most days Matt Asay’s blind love for OSS makes me laugh. Today is no different.

In giving advice to Ballmer, Matt has the following particularly hilarious quotes:

“Ballmer lacks the imagination to conceive of a world where Microsoft could open source code and still make a lot of money (He’s apparently not heard of “Google”):”

Umm, just so we’re clear, we’re taking about the same Google that makes billions on its proprietary search & AdSense algorithms encoded in proprietary software? Just because Google decides to open source some ancillary pieces of their infrastructure and supports OSS projects that they consume in-house, means Google is a model for Microsoft?

Another gem:

“But at least he’s willing to work with those who do grok that the future of software business (meaning: money) is open source:”

Yep, the future, as in 1.3% of the software business in 2012. Matt, you know I love ya, but this is getting old. You say the future is OSS, and have absolutely no data to back it up. I don’t doubt that Alfresco is doing well. I don’t doubt that Red Hat is doing well. I do doubt that any OSS vendor, or the OSS vendor ecosystem as a whole will be able to grow to the size of a Microsoft, IBM or Oracle. And as a result, the future of the software business is in no shape or form wholly reliant on open source. Is OSS going to be a component of the market? Absolutely. But “a component” and “the only way forward” are two very different predictions.

With news that FSJ is shutting down shop, I wonder if I should start a Fake Matt Asay blog and make outlandish claims like: “Sources tell me that Red Hat in talks to buy Microsoft in 2012″, or, “OSS to help Sun drive $100 Billion in annual revenues by 2013″. Nah, someone wise once said: “There can be only one”. :-)

Next Page »

Follow

Get every new post delivered to your Inbox.