Managing Gentoo – a study in quotes

September 21, 2006 1 Comment

The announcement about seeds lead me to this LWN article. I often talk about the advantages and strengths of Open Source here, so it's only fair that I also talk about where it is weak and can use improvement. Now, we know that Open Source produces better code. But if you look at most of the Open Source projects that have gained mass adoption (think Firefox, Apache, the kernel, etc.) you will notice a few similarities. They have a somewhat closed aspects of them outside of the actual code, the have a somewhat formal organizational structure and they have a set of defined processes and procedures. I think it's clear that as projects get to a certain size and popularity, they need these things. A while ago, Gentoo moved to a more democratic system. From what I'm reading (note: I am not an active Gentoo user nor do I regularly keep up with the Gentoo community in depth. I've spent a decent amount of time over the last day or so reading as many different sources of info as I could, and am drawing my conclusions from that) that transition has caused some problems. To me, when Danny left, Gentoo lost more than its creator – they lost their leader. They're now learning the hard way that consensus is the lack of leadership and the result seems to be analysis paralysis. This isn't something that is specific to Gentoo though, it's an easy trap for any project (especially one that gains wide exposure) can fall into. Losing your leader isn't a death knell, but it certainly exacerbates an already tenuous situation. I think the Gentoo situation is underscored by the fact that even the announcement that Danny is returning was meet with resistance. The issue wasn't at all that he was coming back (quite the contrary), but with the process (or better stated, the lack thereof). There are a couple lessons to be learned here and it's an issue that I pay close attention to, as the founder and leader of LQ. This is a topic I'll be thinking about more and posting about in the near future. In the mean time, I welcome your comments on the subject. It's a topic that I think is vital to the continued healthy growth of the Open Source ecosystem.
–jeremy
, ,

Filed under Linux, Main Page, Open Source

Dunc-Tank To Help Meet Debian Etch Deadline

September 21, 2006 Leave a comment

The Dunc-Tank is an experiment to see how targeted fund raising can improve Debian. From the article:
The brainchild of Debian project leader, Brisbane, Australia-based Anthony Towns, Dunc-Tank is an experimental project that seeks to find ways of funding Debian development. That money will then go into paying people to sit down and do “useful” Debian work rather than relying on a core of dedicated volunteers to contribute code outside of their regular day jobs.
“Most developers work on Debian in their spare time, and the developers who do the most work on Debian devote most of their spare time to it. When that spare time disappears, due to work commitments, family commitments, holidays or sickness, so does the work on Debian,” Towns said.
To achieve its goal, Dunc-Tank is funding release managers Steve Langasek and Andi Barth to work full time on etch's release over the months of October and November respectively. All things going smoothly, etch will be released on December 4, 2006.
It should be noted that there is no formal association between Dunc-Tank and Debian, and in fact the project was meet with some resistance on debian-private. One of the main objections seemed to be the potential that it could ruin the volunteer nature of the Debian project. Done properly I don't think that has to be the case, but it is something they need to be cognizant of. Overall I think the idea has merit and this could set a precedent that results in greater improvements in Open Source projects, especially in areas that aren't “interesting” to the average OSS developer. To be honest, I'm always surprised how little bounty and payment type systems are used in Open Source. I suspect we just haven't found the right model yet. Dunc-Tank isn't quite ready to accept donations yet (they hope to be ready within a week), but when they are LQ will be chipping into the pot.
–jeremy
, , , ,

Filed under Linux, Main Page, Open Source

The Post You Never Think You'll Have to Make

September 20, 2006 1 Comment

There are some posts you simply aren't prepared for and think you'll never have to make. This is one. One of our mods passed away far too young. David, mcleodnine on LQ, was a long time member and one of the very early mods (he was also a panelist on the inaugural episode of the LQ Radio Show). He was the quintessential computer enthusiast and turned his hobby into a business that recently went into the black. He was a guy you would run into at all kinds of odd hours on IRC and have a great discussion out of now where. He'll be missed more than I'm sure he knew. LQ is missing more than a mod…it's missing a friend. Out of respect, LQ will be closed for a short time later today – a moment of silence.
–jeremy

Filed under Linux, Main Page, Open Source

Flashforward Linux Demo

September 14, 2006 Leave a comment

A quick Flash 9 on Linux status check, as my previous posts on the topic drew many requests for continual updates. The Flash 9 plugin is now in good enough shape that they are showing it publicly. No exact ETA yet, but a public beta should be along “real soon now”. The plugin is currently slated for release in early 2007.
–jeremy
, , , ,

Filed under Linux, Main Page, Open Source

Microsoft Re-Re-Releases IE Patch

September 14, 2006 Leave a comment

Microsoft has recently released, for the third time, a patch for MS06-042. From the article:
According to Microsoft's security bulletin, the IE patch was updated September 12 to fix another remote code execution vulnerability in IE's handling of long URLs from Websites using HTTP 1.1 protocol and compression. That's almost identical to the problem introduced in the original version of the patch, then discovered by security researchers at eEye Digital Security.
This issue underscores the security issues that Microsoft continues to have. You have to continue to wonder if they can possibly live up to the promises they have made for Vista and IE7. While bugs and security issues are to be expected in software as complicated as what we're talking about here, a single issue having to be addressed 3 (and counting) times shows a lack of discipline. I'd guess they have their developers so focused on getting Windows Vista out the door that the MSRC probably isn't getting the resources it needs to do things properly. Judging by the many unreleased vulnerabilities in the queue, including 5 with a Severity of “High”, things don't look like they're going to get any better any time soon.
–jeremy
, , , ,

Filed under Linux, Main Page, Microsoft, Open Source

Microsoft Releases New "Open Specifications Promise" on 35 Web Services Specifications

September 14, 2006 Leave a comment

From a post at consortiuminfo.org:
Microsoft has just posted the text of a new patent “promise not to assert ” at its Website, and pledges that it will honor that promise with respect to 35 listed Web Services standards. The promise is similar in most substantive respects to the covenant not to assert patents that it issued last year with respect to its Office 2003 XML Reference Schema, with two important improvements intended to make it more clearly compatible with open source licensing. Those changes are to clarify that the promise not to assert any relevant patents extends to everyone in the distribution chain of a product, from the original vendor through to the end user, and to clarify that the promise covers a partial as well as a full implementation of a standard.
The “promise not to assert” is basically an irrevocable promise by Microsoft that someone that implements one of the covered standards will not be sued for doing so. It's interesting (and I think encouraging) to see that this promise was updated to specifically include wording intended to make it more clearly compatible with open source. That's something we haven't often seen from Microsoft in the past. It should be noted that the “Microsoft Open Specification Promise” page includes testimonials from both Red Hat and Larry Rosen. I'd say this is another step in the relationship between Open Source and proprietary companies that I've been commenting on with increasing regularity. It's just a toe dip for Microsoft, but I'm sure they see the money that IBM and Oracle are bringing in based on Open Source and Open Standards and they don't want to be without a piece of the pie. Surely they are still figuring out internally how to balance that with the nature of their two cash cows and it will be something to watch as it unfolds moving forward. If this is a topic you are interested in, I'd recommend you read the full consortiuminfo analysis as it's quite in depth.
–jeremy
, , , ,

Filed under Linux, Main Page, Microsoft, Open Source

Quickest Patch Ever

September 8, 2006 Leave a comment

As was guessed in the original article, Microsoft was able to patch the issue quite quickly. In fact, quicker than most security fixes. From the article:
If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.
Now to be fair, this wasn't a full patch in the traditional sense, just an update of the DRM (which is more akin to a configuration change than a code change). But, the speed with which this was rolled out still underscores where the Microsoft priorities are. With the Zune poised to go, I'm sure they didn't want the RIAA thinking their DRM was bogus. Just goes to show that Microsoft really doesn't consider the average user the customer. Their customer is Dell/HP/etc. As long as this is the case, it just won't be in their perceived interest to help you. As you may have suspected, the patched version has already been compromised.
–jeremy
, , , ,

Filed under Main Page, Microsoft, Open Source

Ex-Microsoft Security Strategist Joins Mozilla

September 7, 2006 Leave a comment

You read that right. Mozilla has announced that “Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks.” As you may have guessed, many people are having a field day with this one. Comments like “Microsoft has a security team?” and “There goes the neighborhood” abound. The reality is that Window has gotten nothing but praise from every respected security professional I've seen comment. If she's good enough for the likes of Fyodor, that says a lot. As Firefox continues to gain market share, it's clear it'll become more and more of a target. It's great to see Mozilla being proactive and putting someone in place who can help construct a long term security plan. A small correction to many of the articles I've seen – she didn't come directly from Microsoft, but from Matasano Security where she was a principal and founder (she also worked for @stake before it was acquired by Symantec).
–jeremy
, , , ,

Filed under Main Page, Microsoft, Open Source

10 common misunderstandings about the GPL

August 30, 2006 Leave a comment

Here's a decent article regarding common misunderstandings about the GPL. My single bone of contention is #1. The GPL most certainly is viral. Not in the way they indicate in the article, but saying it isn't (when it is by design) in an article meant to dispel misconceptions seems..well, confusing. The article prompted me to re-read the GPL FAQ and I have indeed cleared a couple things up mentally and will admit I was partially prone to one of the misconceptions myself (#8). In the end, I can see why some people choose not to use the GPL. While they claim not to be anti-commercial (you can sell GPL software!), this is not something many software company are going to want to deal with. Of course the loophole to that is to distribute your product with something like trademarked logos, which means it can't be simply redistributed without ripping those out (ala RHEL->CentOS). As I was reading the FAQ and misconceptions, one thing became clear to me – plenty of people, some of them well intentioned and some of them not, are definitely violating the GPL. I wonder what the actual compliance rate is?
–jeremy
, , ,

Filed under Linux, Main Page, Open Source

Google Apps for Your Domain

August 28, 2006 Leave a comment

Today Google released Google Apps for Your Domain. From the release page:
Now you can offer private-labeled email, IM and calendar tools to all of your users for free*, so they can share ideas and get things done more effectively. You can design and publish your organization's website, too. It's all hosted by Google, so there's no hardware or software for you to install or maintain.
Basically, it's Gmail+Google Talk+Google Calendar+Google Pages hosted at Google, using your own domain. Why most articles I see are calling it an “Office Suite”, when it lacks a word processor, a spreadsheet and a presentation program is beyond me. It seems people really want to see Google vs. Microsoft, to the point that they'll pretty much make it up if they have to. The program is ad supported now, but in the future you'll be able to pay to remove the ads. Having just made it clear I don't consider this an office suite in any way, it would not at all surprise me to see Google roll their online word processor and spreadsheet into this in the future. In fact, I'd be surprised if they didn't. I'd guess they're just waiting until the two are a little more polished. Even then though, this won't be a direct Microsoft Office replacement. It serves a much different audience and comes with much different advantages. The real power in this will be in the collaboration. It's a real pain for small offices to share extremely simple spreadsheets. That's where a product like this could excel (ok, that one was bad…I'll admit). Before this could even be in any way potentially considered an “Office-killer”, Google would have to offer a version you could host yourself, and that's not something I've seen any indication of yet. This is something that I think is going to take a while to play out. The world isn't quite ready for a mainstream online office suite yet, and the product aren't quite where they need to be. Given some time and additional technology though, this could be a space that is extremely compelling in the next 18 months or so. Being able to collaboratively edit a document from anywhere in the world, from any OS (including your mobile phone) is one of those paradigm changing events that will cause major disruption. When a company can put that technology behind their firewall and allow access via VPN…that's when we'll see enterprise adoption. My guess is that it will be Google and/or IBM that realizes this goal first.
–jeremy
, , ,

Filed under Google, Main Page, Microsoft, Open Source

Older posts

Newer posts