Security and Bugs in Open Source Software

Those of you concerned about using open source software because it may contain too many bugs can now rest a little more easily. The U.S. Department of Homeland Security funded Stanford University, Coverity and Symantec to complete an analysis describing the number of security bugs found in open source software. The LAMP stack (Linux, Apache, MySQL, PHP/Perl/Python) was found to have fewer bugs than other open source software.

As open source products, like the LAMP stack, stand the test of time, they resolve many of the existing issues and become adept at fixing new problems. This is a testament to the maturity of these products and shows that stable, mature open source software can achieve high standards of quality.

It would be really interesting to see this as a comparison of bugs between open source code and proprietary code; however, most proprietary companies will not open up their code to this type of analysis.

read more | digg story

Did Mozilla Make $72 Million from Firefox?

This story appeared on the front page of Digg today; however, a couple of bloggers are the only source of this information. If it is true, it points to the tremendous success of the Spread Firefox campaign.

My challenge to you:
Please post a comment on this blog if you have any proof that this is true (preferably from a Mozilla source).

read more | digg story

This Week in Open Source News Feb 27 – Mar 5

Open Source ID Management Solution

IBM and Novell along with Parity Communications and Harvard Law School’s Berkman Center for Internet & Society are leading an effort called the Higgins Project to create an open source identity management solution that will compete with the recently announced InfoCard technology from Microsoft. It will allow users to control the personal information shared with sites using this technology. The Eclipse Foundation will coordinate this effort, which will support Windows, Linux, and other operating systems. This has a good chance of succeeding for a couple of reasons. First, Novell and IBM tend to have more credibility than Microsoft for security solutions. Second, by making this technology open source, I would expect more companies to participate in the project in a manner similar to the way that other Eclipse projects have been able to get participation from many key players within the industry.

British Agency Supports Linux Usage

Starting last year, the Open Source Academy (OSA) replaced software on 300 PCs in British libraries with open source solutions made up of Linux, OpenOffice, Firefox and Gimp as a learning experiment and found that the solution was stable, secure, and positive for users of the systems. The OSA, funded by the Office of the Deputy Prime Minister, was designed to promote open source adoption in local governments, and other OSA projects involve providing guidance on recycling old PCs, running a testing lab for open source solutions, and additional open source government outreach efforts. This is only one example of a successful government effort to promote open source software. I highlight this not because 300 PCs make up a significant deployment, but because it provides an example to illustrate how open source desktop solutions can be effective and to show how governments can drive open source efforts.

Firefox Announces Extension Winners

The winners of the extend Firefox competition were announced this week. The best new overall extension, Reveal by Michael Wu, provides a way to see thumbnails of session history pages along with a magnifying glass to help you find previously viewed pages quickly and easily. The other grand prize winners included: Best Upgraded Extension, Web Developer by Chris Pederick, and Best Use of New Firefox 1.5 Features, Firefox Showcase by Josep del Rio. For more best in class winners and more details visit Spread Firefox. This is a great example of open source user innovation at work!

Bloggers and Accuracy

In today’s fast paced world of constant information, bloggers can provide a great service by exposing news stories and disseminating information that has not yet been picked up by the mainstream media. People witnessing an event or talking to someone with unique insight can immediately blog about it to quickly provide this information to readers around the world.

However, as consumers of this content, we need to be wary of the source. This recent article on Digg reminded me of the accuracy issues that can occur in the blogosphere and with other user created content. The headline reads, “Open Source Not Ready For Academic Prime Time, Study Reveals”, and it links to a blog, which provides more “details” about the study. As an open source expert and someone who likes to dig into the story behind the story, I decided to read more about this study, since it did not fit with my experiences in the industry.

The study was published by the Alliance for Higher Education Competitiveness (A-HEC), and they have already posted several clarifications on their website. Here are the first 2 of 8 points that were clarified:

“There have been several erroneous blogs on the Internet that were created by folks that have not read this study nor understand its focus. Here are a few clarifications:

1. The study is only about higher education use of open source. It does not apply to schools or K-12.

2. The study is not negative on open source. Use of open source infrastructure (Linux, Apache, MySQL) is proceeding quite nicely in higher ed as in the commercial space. The study quantifies that progress. The also study points out that Higher Ed specific open source applications (course management systems, portals, student portfolios) have enormous interest right now. However, the average institution seems to be a long way from adopting these. The study details exactly where we are and why. This information is helpful in addressing these issues.” (A-HEC).

As an active blogger, I believe that blogging is a great way to quickly disseminate information without relying on the mainstream media to report on it; however, the consumer should consider the source of the information carefully and maybe do some additional research before drawing too many conclusions.

Firefox Reaches 150 Million Downloads

I like to celebrate the open source success stories. In earlier blogs, I have talked about how cool it is for a community of people to gain this kind of market traction in a very short amount of time. For anyone who has not yet downloaded Firefox, I strongly encourage you to try it (Firefox works on Windows, Mac, Linux, and other operating systems!)

read more | digg story

Geekcorps Looking for Linux Volunteers

Have you ever wanted to travel to exotic locations while solving technology problems and teaching the local communities to use innovative information technologies? Volunteering for Geekcorps, a U.S. non-profit organization, is one way to fulfill your wanderlust while doing something productive.

“Currently, according to the Geekcorps Web site, the organization needs experts in Knowledge Management, object-oriented programming, C++, and Linux for spring and summer 2006 assignments in Zambia, Kenya, and South Africa.”

“Although the organization would love it if volunteers could stay four months or longer, one-month stints are common. Geekcorps pays the travel expenses and housing and tries to make it easy for family members to come along.”

“‘The people we are targeting to volunteer are employed, might be mid-career and have families,’ Vota said. The median age is 32.”

“Geekcorps can essentially be thought of as a Peace Corps with a focus on PCs. The organization recruits technical experts to conceive ideas for integrating technology into local economies in a self-sustaining way.” (CNet

read more | digg story

Correction to the Gifting Ubuntu post

In any community, there are always a few bad apples. The guy who claimed to be distributing Ubuntu CDs to McDonalds has now admitted that the story was mostly untrue.

read more | digg story

Gifting Ubuntu, one McDonalds at a time

The open source culture of sharing is demonstrated in unusual places. I posted an earlier blog entry about the guy who used the street beggar model to hand out Linux CDs, and now we have someone burning copies of the popular Linux distribution, Ubuntu, to give away at his local McDonalds.

Open source advocates do tend to be passionate about evangelizing Linux and open source software, even in the most bizarre locations and strange ways. This is not a criticism; these guys get big kudos in my book for creativity and innovation.

read more | digg story

This Week in Open Source News Feb 19 – Feb 26

Firefox has kicked off their marketing planning for 2006 and are planning a presentation of the marketing plan tentatively scheduled for March 7. This is a great example of how participating in open source communities does not necessarily mean writing code. Most of the big projects like Firefox, and others have marketing communities and other non-technical communities where people can contribute.

The South African Revenue Service has issued a request for proposal for a proof of concept solution for Linux on the desktop, which could eventually be deployed on 14,000 desktops if the proof of concept is successful. Although this is just a request for proposal, it does show that more and more governments are beginning to at least evaluate Linux on the desktop.

Amid rumors that JBoss might be acquired, JBoss announced an acquisition of objectone GmbH, a key partner and reseller of JBoss products and services in Germany, on February 23. Effective March 1, 2006 the former objectone staff will become part of JBoss Deutschland GmbH. In more acquisition news, Sun acquired Aduva, a Linux and Solaris patch management software company that not only installs patches, but also uses a knowledge base to check for dependencies and patch compatibility with other software.

The SCO / IBM lawsuit is back in the news (for anyone who isn’t already familiar with the case, here is a great summary). IBM has subpoenaed Microsoft, Sun Microsystems, Hewlett-Packard, and BayStar Capital to provide detailed information about their dealings with SCO. This is expected to shed additional light on how SCO has financed this lawsuit; for example, we know that BayStar Capital invested $50 million dollars in SCO, and after much speculation, BayStar finally admitted that Microsoft was involved in this investment. These depositions may help us understand exactly where SCO is getting the money for this case. This follows a comedy of errors earlier this month when SCO made so many mistakes in their subpoena of Intel that it would have impossible to comply with the order and then told the judge that Intel didn’t show up despite having adequate notice. This was followed by a response where Intel basically calls SCO a liar. The judge ruled this week that the subpoenas were defective and did not provide adequate notice adding that “Her October 12th orders were clear, not subject to unilateral decisions to violate” (Groklaw). Oops, irritating the judge will not win SCO any bonus points in this case.

Is Linux on the Desktop Approaching the Tipping Point?

Dave Rosenburg of OSDL seems to think so. He accurately describes the challenges of Linux on the desktop, which I have described in previous blog entries: the difficulty in getting the applications that people expect to see on a PC ported to Linux (Adobe, Intuit, etc.), and the lack of support for plug and play drivers that consumers expect with devices like digital cameras. Dave points to the Portland Project as the unified effort to tackle these problems and help the ISVs port applications to desktop Linux.

Although I wish that 2006 would be the year of Linux on the desktop, I have to be a bit more pessimistic. I think that the Portland project will help; however, it will not solve the chicken and egg problem that exists with desktop Linux. I suspect that it will take a while before enough applications are available and before consistent driver support makes it easy for people to use their consumer devices with Linux desktops. The Portland Project is a great first step to help drive momentum for the Linux desktop, and as we start to get momentum, it will become easier to convince vendors to commit resources for application and driver support on Linux.

read more | digg story