Sasi @ Linux: 2005

Monday, June 06, 2005

Presented Session on PYTHON

I had presented a session on Python on 4th June 2005 at Twincling Saturday Meet held at Euclid. Above nalli silks, secunderabad.

Twincling Saturday Meet is part of Twincling Initative for members of twincling Society to Learn New technologies.

For more details visit twincling

Saturday, April 30, 2005

Google tests out blog ad service

Google is floating a trial balloon of a service that pairs advertisements with blog feeds.

The Mountain View, Calif.-based search company is testing a new variation of its AdSense program for publishers that allows sites to display text or image ads related to their content and get paid by the click.

This week, Google spawned a version of AdSense that allows publishers to send a text or banner advertisement alongside syndicated content using Really Simple Syndication (RSS) or Atom, Google's adopted format.

RSS is an open standard for content syndication that's transforming the way people access news headlines and other information such as blogs online. Though it's one of the most promising emerging technologies, publishers have yet to find means of profiting from it. Advertising is widely thought to be the answer.

Companies including Kanoodle, Moreover Technologies and Yahoo are testing similar ad services for feeds.

Robert McLaws, publisher of a Microsoft-focused blog called Longhornblogs.com, is one of the first to experiment with the Google ads this week. He said the graphical ads, in his own customized bright blue, are being fed into roughly 61 feeds of his blog.

Though he couldn't provide many details, by Google's request, he said the ads are in hypertext mark-up language using images and links. He and Google's team are still testing how best and how often to present the ads, but McLaws said the company is likely to introduce a public beta in the next two weeks.

"It will be a change for the better, but I hope people don't go crazy," McLaws said. "Simple, relevant text link ads in RSS are one thing. Flashing banner ads like 'Shoot Mario to win an iPod' are another thing."

Google spokesman Barry Schnitt confirmed the test, but would not provide further details.

Red Hat launches Tamil Linux operating system

Red Hat India, a provider of open source solutions has launched a Tamil version of its Red Hat Enterprise Linux operating system in the city today.

The company already has local language operating system software in Bangla, Punjabi, Hindi and Gujarati.

"We were able to do localisation in a year and a half. This not only shows our commitment to the local market but also of the community that contributes to Linux (code)," said Javed Tapia, director, Red Hat India at the launch of the Tamil Linux operating system.

In addition to the operating system, the Red Hat Enterprise Linux version 4-Tamil includes office suite with a word processor, spreadsheet, presentation tool as well as a web browser (Firefox) and e-mail client.

Red Hat is targeting the government and educational institutions for marketing its software.

"The availability of local language software gives rise to content development in entertainment, education, e-governance and rural projects. PCs are now more or less an urban phenomenon, this will help take it to the rural areas as well," added Tapia.

The cost for the entire Linux version-4 Tamil suite subscription cost is Rs 1,950, which includes telephonic and web-based technical support for the first year and upgrades for seven years.

Wednesday, April 20, 2005

Novell to release enhanced Linux in fall

Novell plans to release its new corporate version of Linux for desktop computers this fall, merging technology from two Linux specialists it acquired.

Embracing the open-source operating system, Novell acquired SuSE Linux this year and Ximian in 2003. Thus far, however, the Waltham, Mass., company hasn't merged the two companies' products with each other or its original software. Now that's beginning to change, evidenced by a product demonstrated at the LinuxWorld Conference & Expo here this week.

The prototype was called Novell Linux Desktop. Novell spokesman Bruce Lowry cautioned Friday that may not be the final name.

The product's foundation is the operating system for corporate customers that has been called the SuSE Linux Desktop, a slower-changing version that comes with the software certifications of SuSE Linux Enterprise Server. The new desktop software also includes the Ximian Desktop version of the GNOME user interface and software suite, and it's customized to work smoothly with Novell's GroupWise server software for e-mail, calendars, contact lists and instant messaging.

It's due to ship this fall, said Christine McLellan, a Novell senior product manager.

Novell touted its desktop Linux plans at its BrainShare conference in March, predicting that Linux would be widely used on PCs within 12 months. Indeed, for the first time, more copies of Linux than Mac OS were sold for use on more personal computers, according to 2003 market share research from IDC.

"Novell's Desktop is a serious contender for the enterprise," Robert Francis Group analyst Stacey Quandt said. Although Red Hat server customers might want to stick with the same company for the desktop as well, customers could be swayed by SuSE's earlier adoption of the new 2.6 Linux kernel, she said.

But challenges remain. Microsoft, still by far the dominant company in the market, hopes to cement its position with new technology due in 2006--the "Longhorn" version of Windows. And though the No. 1. Linux seller, Red Hat, isn't as aggressive as Novell, it launched its own Linux desktop software in May.

Novell's desktop software employs the GNOME user interface and software, but it will also include that of rival KDE, McLellan said. However, Novell's integration work is happening only with the GNOME applications, she said.

For example, a calendar item entered in Evolution will appear in the GNOME calendar, and an instant-messenger nickname entered in Evolution will appear in the GAIM instant-messenger client. GNOME components Evolution and GAIM will dovetail with GroupWise server software, while the KDE equivalents--KMail and Kopete--will not.

The software also will come with RealNetworks' media player; Mono, the open-source clone of Microsoft's .Net infrastructure, a version of the OpenOffice.org software suite customized so its graphics are consistent with other software, and Novell's iFolder software to synchronize and share files.

The demonstration version used the Epiphany version of the Mozilla Web browser, but Novell hasn't decided which to use in the final product, McLellan said.

Although the desktop software likely will bear Novell's brand name, the company doesn't plan to phase out the SuSE name or its green gecko mascot, said Novell Vice Chairman Chris Stone in an interview here.

"The SuSE brand is strong," especially in Western Europe and Asia, Stone said. "There's no reason to change it."

The Ximian brand hasn't proved as enduring. The former Ximian Evolution e-mail software is now called Novell Evolution; Ximian Connector to link Evolution to Microsoft Exchange servers is now Novell Connector; and Ximian's Red Carpet is now part of Novell's Zenworks management software.

Linux fervor on display at trade show

The growing normalcy of Linux in corporate computing realm will be on display this week at a show devoted to the open-source operating system.

Linus Torvalds launched Linux as a student project nearly 13 years ago, but by the late 1990s it attracted support from the computing industry. Now Linux is a staple of the information technology diet and a component of computing company strategies to get an edge over their competitors.

At the LinuxWorld Conference and Expo in San Francisco, some of those strategies will be on display. Among server sellers, IBM will tout its efforts to build a new ecosystem of programmers and software packages on its Power processors. Hewlett-Packard will boast of its efforts to use Linux to woo customers from rival Sun Microsystems. And Sun will use Linux to showcase its new software and storage directions.

Among software companies, No. 2 Linux seller Novell will launch its version 9 of its flagship product, while No. 1 Red Hat will highlight its expansion into Java server software. And Veritas will show off an upgrade that raises its Linux storage software to the same level as its Unix products.

A mainstream choice
Despite campaigns by rivals such as the SCO Group and Microsoft, Linux has become widely used. According to a June Forrester Research study of 129 companies with annual revenue exceeding $500 million, 24 percent use Linux on 10 or more Intel-based servers today and 44 percent expect to three years from now. That's still a far cry from the 88 percent that use Windows, but it's making gains on the most popular Unix, Sun's Solaris, at 43 percent.

IDC's worldwide market share shows that Windows outshipped Linux in 2003 for server operating systems, with 15 percent of the 5.6 million copies sold compared with Linux's 6.8 percent and Unix's 5 percent.

But on desktop computers, Linux moved up, surpassing Mac OS, said researcher Dan Kusnetzky. Linux is still not a mainstream product for desktop machines, though, he said.

And Linux is in demand. Of the 49,000 or so jobs open at online recruiting company Dice, about 2,200 require or desire Linux skills, said Chief Executive Scot Melland. That's nearly triple the number from 12 months ago, he said. "Linux skills are one of the fastest-growing skill sets on our site," he Melland said.

There is little doubt that Linux advocates hope those numbers will increase even more.

New moves
IBM, for example, wants to foster Linux advancements around its Power processor--not a common foundation for Linux compared with Intel or Advanced Micro Devices chips. At LinuxWorld, it will announce schools such as the University of Portland are participating in a program to try Power-based servers and Linux; new software companies such as StoneSoft, Acucorp, Congnos and HansaWorld supporting the combination; and programs to encourage more such partnerships.

Among the partnership programs is one in which IBM will give a business partner $5,000 in joint marketing funds for a product that involves Linux. The amount rises to $7,500 for a program involving the Power version of Linux and $10,000 if another business partner is also included in a three-way partnership called a "Valuenet."

IBM set up 50 Linux Valuenets in 2003 and expects to exceed its goal of 275 this year, said Scott Handy, vice president of Linux strategy IBM. The number of Linux applications running on Power processors has doubled from 300 to 600 so far this year, he added.

Rival HP has its own partnership plans. First, it will make in-house Linux training, software and information programs available to business partners, and second, it will try to coax into the Linux camp software companies that support Sun's Solaris version of Unix.

"We'll identify key Solaris ISVs (independent software vendors) that have not yet ported their applications to Linux and target those folks," said Jeffrey Wade, HP's Linux marketing communications manager.

And where IBM is pushing Linux on Power, HP advocates use of Intel's Itanium on the Integrity server line. Based on customer demand, HP accelerated its support for Linux on servers with eight or more Itanium chips, including its top-end Superdome servers, Wade said. The support, which had been scheduled to arrive half a year from now, will begin with Red Hat Enterprise Linux and extend to Novell's SuSE Linux Enterprise Server a quarter later.

Sun no longer is shunning Linux, though the company's chief operating officer, Jonathan Schwartz, still shows a strong preference for Sun's own Solaris. Nevertheless, Sun will announce at the show that some software previously available only for Solaris soon will work on Red Hat and Novell's Linux.

That software is version 3 of Sun Ray Server, the software that runs on a server connected to bare-bones "thin client" desktop computers called Sun Rays. Sun Ray Server runs desktop software; currently one Sun UltraSparc-based running Solaris server is enough for about 20 desktop computers. The Linux version of the Sun Ray Server, due in the fourth quarter of 2004, will support at least the same number of Sun Rays, while adding the ability to run Linux desktop software not available on Solaris, said Benjamin Baer, a group product marketing in Sun's desktop software group.

In addition, Sun will make its programming tools, called Sun Studio 9, available on Linux, said John Fanelli, senior director of marketing for Sun's Network Systems Group.

Solaris is very important to Sun, but outsiders shouldn't doubt Sun's Linux commitment, Fanelli said. "The question of whether or not we're committed to supporting Linux is dwarfed by the number of product offerings Sun has today delivered into the Linux community," he said, mentioning multiple servers, the OpenOffice desktop software suite and Sun's Java Enterprise System server software.

Software companies also are on board. Veritas, which is used mostly in Unix environments, is elevating the Linux version of its Storage Foundation products while lowering the price, said Ranajit Nevatia, director of Linux the company's strategy.

For example, with a new clustering capability, a group of Linux computers can share access to the same file system, a crucial move in the growing trend toward databases spread over multiple computers instead of a single larger machine.

In addition, Veritas will trumpet a "Linux in minutes" strategy coming with Storage Foundation 4, available now for Solaris and on Sept. 6 for Linux and IBM's AIX version of Unix. Data is stored identically on all three platforms, making it possible to move quickly information from one system from another.

Later versions in 2005 will support the HP-UX version of Unix on HP's on Itanium and PA-RISC servers, he added.

Red Hat restatement triggers legal attacks

At least nine law firms have announced legal actions on behalf of Red Hat investors in the wake of the Linux seller's restatement of three years of financial results.

Red Hat Chief Executive Matthew Szulik and Chief Financial Officer Kevin Thompson "intended to...deceive the investing public regarding Red Hat's business, operations, management, and the intrinsic value of Red Hat's publicly traded securities and enabled defendants to sell 1.9 million shares of their stock for proceeds exceeding $35.6 million," according to one suit, brought by Lerach Coughlin Stoia & Robbins in U.S. District Court in North Carolina. That and at least two other suits allege violations of the Securities Exchange Act of 1934.

In a response, Red Hat spokeswoman Leigh Day said, "As with any lawsuit, we are prepared to defend the company," but declined to comment further.

Following a June 16 recommendation from its auditor, PricewaterhouseCoopers, Red Hat on Tuesday announced a new method for recording revenue from sales of its annual subscriptions to Linux support, its primary money source. Previously, it recorded one-twelfth of an annual subscription each month regardless of when the subscription was sold; afterward it began booking revenue only on the day it was sold.

The result is that although the company received the same amount of revenue, it received much of it a few days or weeks later. The change meant that Red Hat had net income of 7 cents per share for fiscal 2004 instead of 8 cents, and one quarter, ended Nov. 30, 2002, had a net loss of more than $440,000 instead of net income of $214,000.

Red Hat's stock plunged 23 percent Tuesday after the Raleigh, N.C.-based company announced the change and that the Securities and Exchange Commission had submitted a "comment letter" about Red Hat's annual report.

In other events mentioned in some lawsuits, Thompson on June 14 announced his plan to resign, a move that also sent the company's stock down at the time. Red Hat said the SEC discussion, revenue change and resignation were unrelated events.

Other firms that have filed suits include Goodkind Labaton Rudoff & and Sucharow; Goodkind Labaton Rudoff & and Sucharow. The suits seek class-action status for investors and compensation from Red Hat.

The next phase in the cases likely will be a consolidation of the various suits under a lead plaintiff, said Christopher Keller, lead attorney for Goodkind Labaton's case, followed by a likely amendment to the complaint.

Opera 8 aims for simpler browsing

Opera Software has responded to criticism of early versions its Web browser, particularly regarding ease of use, by launching an update--Opera 8.

Although not a radical rewrite, Opera 8 provides a cleaner default interface, with fewer toolbars and menu options showing up after installation. The company is hoping this will make Opera easier for first-time users.

"A lot of people told us we had a good browser, but it was daunting for a new user," Jon von Tetzchner, Opera's chief executive, told ZDNet UK on Tuesday. "In Opera 8, we've focused on having a basic browser, but with a difference."

The company also added tighter security against Internet fraud and new voice technology as part of its effort to win users away from market leader Microsoft.

Other notable new features include support for Scalable Vector Graphics (SVG), Opera's small-screen rendering technology, and voice browsing. With voice browsing, a computer-generated voice will read out text that the user highlights on a Web page.

The interface remains fully customizable, so experienced users can still get to features in the browser quickly, once they've configured the system.

Opera is often portrayed as a David against a Microsoft Goliath, but it also faces a formidable rival in the Mozilla Foundation's Firefox, which has gained about 5 percent of the U.S. market since its 2004 launch.

"It's a little bit surprising that Opera hasn't grown more when Firefox increased their market share so much," said Ole Andre Hagen, an analyst at ABG Sundal Collier.

Opera supplies browsers for both desktop PCs and for mobile phones from carriers such as Motorola and Nokia. The browser squeezes Web pages into a thin stack to give, according to Opera, easier and fuller viewing than on a Wireless Application Protocol, or WAP, phone.

As with previous versions, Opera's free version has advertising built in, while a paid version without advertising is also available. Most other browsers are available for free without advertising. Payment represents a psychological barrier to some people.

Open source "not the solution to all problems"
Opera also faces philosophical objections from some quarters for not being open source. But von Tetzchner believes a product doesn't need to be open source to be good.

"Open source is a good thing, but it's not the solution to all problems," he said. "If we only had open source and no commercial applications, that would be bad--we need competition."

People may "end up paying for other browsers anyway," von Tetzchner said. "If you need support, that will cost you. One phone call to Mozilla can cost as much as buying Opera."

The extra security in the new version of Opera seeks to guard against phishing attacks--when an attacker tricks users into visiting a Web site masquerading as a trusted site, and then coaxes them into typing in their bank account number or other sensitive information. Phishers often lure victims to their Web sites using e-mails that have subject lines such as "account update needed."

Opera's solution is for the browser to display the underlying security certificate of each site--an icon of a yellow padlock on trustworthy sites--to help users judge reliability. The browser will also show where pop-ups come from.

The small-screen rendering technology included in Opera 8 comes from the company's work in browsers for mobile devices. The company thinks that the future of the Web lies away from traditional PCs.

"Looking forward, the biggest change we will see is the proliferation of non-PC Internet devices," von Tetzchner said. "Cross-device support will be important."

This should be the spur for Web designers to start using standards-based mark-up for everything, even if they're not specifically targeting alternative browsers, according to von Tetzchner. "Using CSS and Web standards, you can supply something that will work on different devices," he said.

More than 10,000 downloads of the new version of Opera reportedly were recorded in the first 30 minutes of the software being made available.

Google plans to double Gmail capacity

Google plans to offer a bottomless cup of storage with its Gmail Web-based e-mail service, dramatically raising the bar for rivals in the sharply competitive business for the second time in a year.

The Mountain View, Calif.-based Web giant on Friday plans to double the free storage on Gmail from 1GB to 2GB, said Georges Harik, Gmail product management director. After that, Google will add a yet-to-be-determined amount of extra storage daily, with no plans to stop.

The move highlights the seemingly inexhaustible storage needs of a small group of heavy e-mail users, and the sharply falling costs of online storage. Lifting pre-defined storage caps for Web-based e-mail could have broader ripple effects, Harik said, changing the way people think about quotas from something that is set in advance to something that grows with the user.

"We wanted to make sure we have a plan in place for when people reach their storage limit," he explained. "We don't want people to worry that they might run out."

Google first broke the e-mail mold on April 1, 2004, with an announcement so bizarre that many assumed it was an April Fool's Day joke. Gmail's 1GB of free storage at the time was widely thought to exceed the lifetime needs of most e-mail users without the need to delete a single file. By contrast, rivals such as Yahoo and Microsoft offered about 10MB of storage, seeking to charge customers who wanted more.

A slew of imitators scrambled to match and even exceed Google's free 1GB storage offer, transforming the Web-based e-mail business.

In addition to its gargantuan storage capacity, Gmail distinguished itself from rivals by scanning the text of e-mail messages to serve up contextual advertisements--a plan that raised a short-lived furor over potential privacy violations.

In the first year of service, Gmail defied expectations, Harik said. The privacy concerns have amounted to little or nothing, he said, but the storage capacity became a pressing concern when some heavy Gmail users came close to using up their pre-set limit.

"One gigabyte did seem like a lot, but it turns out there are a lot of heavy users of mail," he said. "They send attachments, share photos. It all adds up." He said Google discourages customers from using Gmail as a vast storage locker for music and video files. He said Google does not disclose the storage patterns of its users, but said a small but not insignificant number of users were close to exceeding the 1GB limit.

Gmail will remain in a beta, or public test phase, for now, Harik added, putting to rest rumors that the closely watched service might be released officially in the near future. He said plans for new features could hold back an official release, but gave no timeline.

Netscape 8.0 (beta)

Netscape released to beta testers an early version of a much-anticipated browser that takes advantage of the recent and wildly successful Mozilla Firefox 1.0 release. It's no surprise that the Netscape 8.0 (beta) runs the Gecko engine that also powers the Firefox browser. (Netscape owner AOL Time Warner spun off the Mozilla team as a nonprofit last year.)

But there's a surprise in this early version: the future Netscape also renders pages in Internet Explorer. This early version doesn't install IE; instead, it relies on the version already installed on your PC. Also new is built-in antispyware. Sites listed on Netscape's spyware and phishing blacklist (supplied by third-party antispam and antiphishing vendors) will be denied ActiveX and cookie access on your desktop.

Upside: Although Mozilla has done stunningly well--some attribute IE's recent popularity decline to Firefox--it can't do everything. Anyone using Firefox every day will notice that certain Web sites don't render quite right in it, and some secure sites, such as banks, still require IE for login. The Netscape prototype allows you to browse most of the time with Gecko, which is arguably more secure software, then switch to IE rendering if you need it. The switch is easy in the nascent Netscape interface, which offers Firefox-style tabbed browsing (ah, how we love you, tabbed browsing). Just type in a URL, then click an icon on the tab that reloads the page in IE. You won't see any change in the browser shell or interface--just the Web site rerendered on the same tab.

The early Netscape version also packs in many more gewgaws than spartan Firefox. Beyond your basics, such as an address bar and navigation buttons, Netscape throws in two newsfeed tickers and the ability to add RSS feeds in one click, as well as prominent icons for a pop-up blocker and an automated form-filler. In our very informal use of this prototype, pages load refreshingly quickly.

The Netscape prototype has a busy header and is very, very green.

Downside: AOL/Netscape's motivation for releasing a Mozilla-style browser is clear: Recapture lost surfers and send them back to the Netscape portal over and over and over again. Hence, the Netscape browser has a whole lot of Netscape marketing going on. An otherwise nifty temperature window on the browser takes you only to Netscape's weather center, and the entire browser is colored a very Netscape-y green.

Outlook: Given this browser's unique talent--rendering in two different engines--a future public release will make life easier for millions of surfers. The browser wars are indeed heating up again, with Internet Explorer losing its dominant market share little by little each month. Whether Netscape maintains its status as the best alternative to Internet Explorer depends on continued support from AOL Time Warner, user acceptance, and luck. Microsoft recently announced plans to release Internet Explorer 7.0 in the summer of 2005, promising many features similar to Netscape's.

Novell rings up Linux for retailers

Novell has announced a new software package, based on the Linux operating system, aimed at high-tech cash registers.

The Point of Service 9 package, released Monday, aims to help lower costs for stores, the company said. It builds on earlier retail packages from Novell.

The software package is designed for the next version of IBM Retail Environment for Suse Linux. Novell is partnering with Wincor Nixdorf, a provider of point-of-service products for banks and retailers. Wincor Nixdorf will embed the new package in its Beetle hardware and other store servers.

PC makers including Dell and Hewlett-Packard and software companies such as Microsoft have been targeting the retail segments with point-of-service products in recent years.

Point of Service 9 is due in the second quarter. Pricing will be announced when the software is released, Novell said.

"Retailers are very concerned about reducing their IT costs to improve the bottom line, and they need an operating system that is secure and reliable," David Patrick, vice president of open source at Novell, said in a statement.

Preparing a beach-head

Can IBM's Unix server business mount a credible assault on market leader Sun Microsystems? IBM thinks so; it has aggressive plans to go after Sun's strongholds of telecom and BFSI while strengthening its hold on the BFSI, telecom and manufacturing verticals.

Last August, IBM launched its third generation of Unix servers (eServer pSeries) based on the Power5 processor. At that time, the company expected that the p5 will help boost its Unix server ranking from the number three slot. That happened and IBM is now the runner up in Unix servers with a marketshare of 29%in Q404, dislodging HP from that position. Interestingly, IBM's Unix share grew faster than the overall market (25%year-on-year vis-'-vis 22.4 for the market) (Source: IDC India).

By IBM's own admission, just three years ago (2002), its share in the Unix server market wasn't anything to write home about. Then, Big Blue had 14%marketshare as per IDC. The turnaround began in 2001 when the company released its Power4 line and began chipping away at its rivals' ownership. However, the success was not visible until the p5 launch in mid-2004.

Where IBM is hitting the numbers?

IBM has gained ground in the Unix server market. For the first time, it has made a dent where it matters the most-BFSI, telecom and manufacturing. Q304 and beyond, IBM has signed mega-deals with HDFC Bank for running their core banking (Flexcube) and cash management (Cash Tech's CashIn) applications. Then there are other deals such as the ones with Yes Bank and C-DAC. It has also signed up Hutch in the telecom space to run Oracle CRM on the p5. Department of Company Affairs (a central government project) also picked IBM p5 systems.

These deals define IBM's ongoing strategy in the Unix server market. According to Jyothi Satyanathan, Country Manager, eServer - pSeries, IBM India, "All deals closed in Q1 2005 were based on p5 systems. This includes University of Hyderabad, which is using p690 (p5 processors) to support its research activities in life sciences. Then there are two repeat orders from HDFC and Hutch." He adds that IBM's Unix strategy revolves around its p5 strategy-a credible power processor and a powerful systems & technology solution for the Unix server market.

More bang per buck

IBM has clenched deals amid tight competition from Sun and HP. Satyanathan says, "We have eaten into HP and Sun's marketshare."

B Chandramouli, Chief Operating Officer, Yes Bank, says, "We saved costs in licencing Oracle by using IBM p5 servers." The bank evaluated p5-powered models-p520 and p550-against comparable servers from other vendors, and found that the TCO for IBM servers was lower. As software licences are mostly on a per CPU basis, the cost of software worked out lower in IBM's case, as a 'single' p5 CPU offers close to double the throughput of its competitors.

He adds, "Given our aggressive growth plans, these boxes can ensure scalability as we need to populate lesser CPUs at the moment. We can add more CPUs as our business grows. In case of competitive offerings, we might have been forced to add another server box instead of incremental CPUs which would have increased maintenance costs (typically calculated on a per server basis) and data centre hosting cost (per rack)." Yes Bank is running all of its core systems-including Flexcube from i-flex, Cash Management from CashTech and Treasury & Risk Management Solution from Murex-on p5-based systems.

Chandramouli makes an interesting observation vis-'-vis Big Blue's Capacity on Demand (CoD) technology when he says, "These servers offer CoD, but as application software vendors do not support this feature, we are not able to use it. CoD will make sense if application software vendors start offering application on demand with clear pricing details."

Swiss army knife of virtualisation

IBM's p5 offers server and application virtualisation through its Virtualisation Engine. HDFC Bank's expanding operations, and corporate banking (Flexcube) and cash management systems required additional infrastructure support. The bank wanted a solution that could meet its growth objective, offer better manageability, handle peak workloads and significantly improve performance. While HDFC Bank was looking at an approach of deploying several mid-range servers, IBM suggested server consolidation using p5 systems. IBM proposed using three p5-570 servers-two at the primary site and one at the disaster recovery site. Database consolidation over highly available servers with separate partitions was undertaken. Additionally redundant solutions offering automatic failover in case of a system crash and configured to support both Oracle RAC and non-RAC environments were put in place.

Says C N Ram, Head-IT, HDFC Bank, "Our key needs were flexibility and scalability of IT infrastructure. IBM's value proposition in terms of server consolidation and micro-partitioning technology was very attractive. This IT infrastructure backbone supported our current growth objectives, and was geared to meet growth challenges of the future. After the successful implementation by IBM, we look forward to significant performance enhancements of our corporate banking and cash management systems." Surya Prasad, VP IT, HDFC Bank, adds, "Partnering with IBM to migrate our core banking onto a new infrastructure was a big step for us-we are happy that IBM has ensured a smooth transition, and today, more than 3,000 users access the databases powered by p5 servers."

Mozilla flaws could allow attacks, data access

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Details of the nine flaws were published on Mozilla's security Web site over the weekend.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript.

"There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious things to your computer," Latter said.

Another issue could allow malicious scripts to gain access to random pieces of memory, he said.

"This random memory may or may not contain pieces of information about where you have been browsing. The worst-case scenario is that it could contain some personal or login information," said Latter.

On Monday, security advisory firm Secunia issued a "highly critical" rating on the flaws found in Mozilla Firefox 0.x and 1.x versions. Secunia posted its advisory on eight of the flaws.

According to the French Security Incident Response Team, attackers could run malicious code on a user's system because of a flaw in the Mozilla browser's pop-up blocker.

An advisory from the French group said, "When a pop-up is blocked, the user is given the ability to open that one pop-up...If the pop-up URL were JavaScript: selecting 'Show JavaScript:...' from the infobar or pop-up blocking status bar icon menus would run the JavaScript with elevated privileges, which could be used to install malicious software."

Another of the Firefox flaws can be exploited when a user visits a Web page that requires a plug-in that has not already been installed. The French advisory claims that if the browser's Plug-in Finder Service is used to automatically locate an appropriate plug-in, the "manual install" function can be used to "launch arbitrary code capable of stealing local data or installing malicious code."

All versions of Mozilla Suite prior to version 1.7.7 and all versions of Firefox prior to 1.0.3 are vulnerable.

Pure Hacking's Latter advises users to either disable JavaScript or download a patched version from Mozilla's Web site.

Friday, April 15, 2005

Linux programmer wins legal victory

A Linux programmer has reported a legal victory in Germany in enforcing the General Public License, which governs countless projects in the free and open-source software realms.

A Munich district court on Tuesday issued a preliminary injunction barring Fortinet, a maker of multipurpose security devices, from distributing products that include a Linux component called "initrd" that Harald Welte helped write.

In addition to being a Linux programmer, Welte runs an operation called the GPL Violations project that attempts to encourage companies shipping products incorporating GPL software to abide by the license terms. The license lets anyone use GPL software in products without paying a fee, but it requires that they provide the underlying source code for the GPL components when they ship such a product.

The case highlights the ease with which open-source software can spread across the computing industry--but also the growing pains that companies face as they adjust to new legal concepts underlying the collaborative programming approach.

Fortinet, based in Sunnyvale, Calif., said in a statement it's addressing the issue but is surprised that Welte resorted to legal action.

"Fortinet recently became aware of Mr. Welte's allegations and has, in good faith, been diligently working with him to resolve this matter outside of the German court system. Fortinet is actively taking steps to ensure that its products are compliant with GPL requirements. Therefore, Fortinet is surprised that Mr. Welte pursued a preliminary injunction against Fortinet in Germany and believes that this is an unnecessary action," the company said. "Fortinet is continuing its efforts to expeditiously resolve this matter with Mr. Welte."

Welte has said he doesn't object to corporate use of open-source software; he just wants it to be done properly. Welte first notifies companies of his accusations before beginning legal action, he said. In the case of Fortinet, the GPL Violations project informed the company of its concerns March 17, but "out-of-court negotiations on a settlement failed to conclude in a timely manner," the project said in a statement.

In March, Welte sent similar letters to multiple companies exhibiting at the CeBit trade show. And a year ago, he won a ruling against Sitecom in a case similar to that of Fortinet.

Fortinet uses Linux in the operating system included in its FortiGate and FortiWiFi products, the project said. "FortiOS is using the Linux operating system kernel and numerous other free software products that are licensed exclusively under the GNU GPL. This information was not disclosed by Fortinet," the GPL Violations project said.

Most actions by GPL Violation have been against European or Asian companies, and the Sitecom and Fortinet cases don't have direct repercussions outside Germany. But the actions this year also have targeted corporations in the United States--an indication that case law around the GPL could also start building soon in the world's largest computing technology market.

"Generally, corporations are becoming more conscious of the issues surrounding the GPL," said Brian Kelly, an intellectual-property attorney with Manatt, Phelps & Phillips. "The process of clarifying the terms and limitations of the GPL through litigation will likely seem interminably long to industry watchers, but this latest result suggests that the process in the United States is soon to begin."

There could be several reasons companies don't release source code for GPL software that they include in products. They might not be aware of the GPL's provisions, thinking that software it governs is merely in the public domain. They might have software enhancements they want to keep secret. Or they might simply be using software from a third party and not even know it contains GPL components.

Open education
Activities to inform the computing industry about open-source licenses have become common. Attorneys could get continuing-education credit for two days of speeches on legal matters at the Open Source Business Conference this month, for example, and Linux seller Red Hat has just posted a video of its in-house lawyer discussing various licenses.

However, it's hard to tell whether GPL violations are decreasing, Welte said in an interview. "The number of cases I know about is always rising, but my guess is that this is mainly because the GPL Violations project becomes more known to the community, and therefore I receive more user reports (from people) who find GPL-licensed software in products they have bought."

And Welte said he wasn't happy with the response to the letters he delivered to company representatives at CeBit.

"Most of them failed to create any form of reaction on behalf of the companies. It's very sad to see that in most cases nobody would even start to listen to you unless you sent it via a lawyer," Welte said.

Without access to the underlying source code, Welte often has to work hard to find out if GPL software is used in a product. In Fortinet's case, the use of GPL software was unusually difficult to verify, because the company had encrypted it, Welte said. It took 40 hours of work to ferret out the information, he said.

The next step in the legal proceedings depends on Fortinet's response, Welte said. "If they do not appeal and (begin to) distribute products according to the license, then the case is basically closed, and they will have to pay all expenses. If they choose to appeal, or ignore the court order, then the case will continue," he said.

Initrd is a module essential to the process of starting up a Linux computer. Welte also has helped write the netfilter/iptables software that provides Linux with protective firewall abilities.

The court said Fortinet would have to pay a fine of five to 250,000 euros and that employees would face up to 6 months imprisonment for violation of the injunction. In addition, the company is responsible for Welte's legal fees.

The General Public License is 14 years old, but its creator, the Free Software Foundation, has begun an effort to modernize it.

Regardless how the Fortinet case turns out, one message is clear, said Mark Radcliffe, an intellectual-property attorney with DLA Piper Rudnick Gray Cary and legal counsel for the Open Source Initiative.

"In any case," Racliffe said, "companies obviously need to be more attentive to the possible use of GPL code in their products."

Thursday, April 14, 2005

OpenOffice.org details vulnerability

OpenOffice.org, an open-source software maker, has confirmed a buffer overflow issue that could allow remote attacks.

The problem in its freely distributed productivity applications has been fixed, the organization said late Tuesday. Representatives said the group hopes to release a patch within the next 48 hours.

The flaw, first discovered in late March, according to postings on the group's Web site, is present in OpenOffice Version 1.1.4 and the OpenOffice Version 2.0 beta release of the applications, as well as in earlier versions of those products.

According to the OpenOffice site, the flaw was found in one specific function of the software and could be exploited by files designed to take advantage of the vulnerability. OpenOffice.org said the flaw may have allowed for remote execution of malicious code on computers running the affected OpenOffice applications.

Security researchers following the issue rated the flaw as relatively serious, with Secunia labeling the vulnerability as "moderately critical," its rating for issues that can compromise systems but that require user interaction in order to be exploited.

The flaw has now been effectively addressed by eliminating coding bugs that created the vulnerability, according to members of the OpenOffice community, the group of open-source software developers that contributes to the expansion of the software.

In an e-mail sent to News.com, Louis Suarez-Potts, community manager for OpenOffice, said that work on a fix for the buffer overflow vulnerability was completed on Tuesday. Suarez-Potts said OpenOffice is testing the security update and plans to distribute the remedy by Wednesday at the latest. Future versions of the group's software will include the fix, he said.

The ability of OpenOffice software users to fix problems on the fly has been highlighted by the group as one of the advantages of its applications. The open-source development model allows collaborators to view code and submit changes such as bug fixes or enhancements. Rival Microsoft typically issues security patch updates for its Windows products once a month.

Firefox draws 2.6 million surfers in March

The Firefox browser continues to be a beacon for many Internet users.

More than 2.6 million people visited the Firefox Web site in March to obtain more information about the open-source software and perhaps download it, according to Nielsen/NetRatings. That's up from 2.2 million in January and 1.6 million in February.

Firefox has come on like gangbusters since last year, and now holds approximately 5 percent of the browser market. That's a small share, but the arrival of the browser--which has garnered attention in part as an alternative to Microsoft's Internet Explorer--has coincided with IE's dominant market share dipping below 90 percent.

"Firefox gives Web surfers a simple tool that blocks unsolicited windows, is less susceptible to virus attacks, and offers a unique means of navigating multiple sites within a single browser," Ken Cassar, director of strategic analytics at Nielsen/NetRatings, said in a statement.

The Firefox site first met Nielsen/NetRatings' minimum reporting levels in June 2004, when 795,000 people visited the site.

The research company also said that Mozilla.org, the Web site of the Mozilla Foundation, which developed Firefox, registered 4.1 million unique visitors in March. That's an increase from 3.4 million in January and 3.1 million in February, and up considerably from 1.1 million in March 2004.

IBM on the hunt for Firefox programmers

In the newest indication that Firefox has become mainstream, IBM is trying to hire programmers to adapt the open-source Web browser to work well with Big Blue's server software.

A job ad posted on IBM's Web site said an emerging technologies team in IBM's software group wants programmers for "enhancing the Mozilla Firefox Web browser with new features complimentary to IBM's On Demand middleware stack."

An IBM representative on Wednesday said that the ad was for one position in the company's advanced technology group. The individual will make contributions to the Firefox project, the representative said.

The Firefox work could dovetail with IBM's effort to build its Workplace software, which moves several personal computer applications to a server that users access with a Web browser. IBM is spending $100 million on ensuring Linux computers can tap into Workplace servers.

Among Workplace abilities are instant messaging, word processing and spreadsheet calculations. Today, IBM supports use of Workplace with Microsoft's Internet Explorer and Mozilla--including Linux support with the latter.

Firefox, an offshoot of the Mozilla project, has been eating into Internet Explorer's market share, but Microsoft's browser still is dominant. Firefox is now the default browser in the two most widely used Linux versions, Red Hat Enterprise Linux and Suse Linux Enterprise Server.

RedMonk analyst James Governor helped surface the hiring move by pointing to an advertisement Wednesday that proved to be available only fleetingly. The ad was still available later on IBM's Web site.

According to the job ad, candidates should have "acceptance as a contributor in (the) Mozilla community," and programmers should have experience with the browser's Gecko rendering technology and the XPCOM technology for writing software that runs on different computer systems.

Since the rise of the Firefox browser last year, programmers involved in the project have seen a corresponding increase in their employment prospects.

Google has fueled speculation about its own interest in producing a Web browser by recruiting aggressively from Mozilla Foundation staffers and volunteers. In January, it hired both Ben Goodger, the lead engineer for Firefox, and Darin Fisher, who worked on back-end infrastructure while maintaining a post at IBM.

In recent weeks, Google also added Mozilla engineer Brian Ryner to the payroll.

One long-term study of open-source software development has shown that participation in an open-source project can help boost job prospects.

Wednesday, April 13, 2005

Start-up wants to improve on Firefox

A new version of the Firefox Web browser is coming your way, but not from the Mozilla Foundation.

Round Two planned a corporate launch Monday night with the promise of bringing "a new crop of products and services that will enhance your Firefox experience."

"When we launch our own services, in about a month or so, we'll be looking to offer the must-have companion to Firefox," said Bart Decrem, Round Two CEO and a former staffer at the Mozilla Foundation. "We see tremendous room for innovating on top of the Mozilla and Firefox platform, and we see ourselves as the first company outside of the nonprofit Mozilla Foundation that's fully dedicated to serving Firefox users."

Round Two's mission to improve the Firefox browsing experience may puzzle some Firefox fans, who consider the browser an already vast improvement over Microsoft's Internet Explorer standard-bearer. Firefox has capitalized on widespread dissatisfaction with IE's security and features to swipe considerable market share from Microsoft.

Firefox, an open-source browser developed and distributed by the Mozilla Foundation, is designed to appeal to third-party developers, and Round Two is but one of several businesses in the Mozilla development ecosystem.

While Round Two--formerly known as MozSource--puts the finishing touches on its own products, the company is sponsoring development of several other Firefox extensions.

These include FlashGot, which lets Firefox work with third-party download managers; Bandwidth Tester, which lets people determine their connection speed; and SwitchProxy, which lets people surf anonymously with Firefox by configuring Firefox to work with multiple Web proxy servers. Round Two is providing developers of these extensions with technical resources including Web servers, bandwidth, project management resources and some financial support.

Round Two is also supporting the ExtensionsMirror.nl Web site, which is growing about 25 percent every month, according to Decrem.

"They needed a new server with a lot of bandwidth," said Decrem. "We're providing that. Now we're exploring ways we can work together even more closely."

Round Two also said it was supporting StockTicker, TinyURL Creator, Copy Plain Text, Extension Uninstaller, Lorem Ipsum Content Generator, OpenDownload, Open Long URLs, Search Plugins and Secure Password Generator.

As for Round Two's own extensions, Decrem said the company was considering antivirus software to integrate with Firefox.

Adobe about to release Linux-friendly Reader

Adobe Systems will restore Linux support for its PDF-viewing software with a version 7 release this week, CNET News.com has learned.

In March, Adobe made a prerelease version of Reader for Linux available for download so that citizens in the Netherlands could meet their tax-filing deadlines. Now the final version of the 7.0 update is ready, Adobe confirmed on Monday.

The graphics software powerhouse said it plans to announce version 7 for Linux and make it available on its Web site on Tuesday. (Version 7.0 for Microsoft Windows shipped in November 2004.) Adobe Reader lets people read and print documents stored in PDF, or Portable Document Format, and the new version also enables people to fill out forms electronically.

Adobe doesn't sell Linux versions of its major desktop titles, such as Photoshop and Illustrator, though it does for server products that automate publishing tasks and help manage documents. In 2004, Adobe cozied up to Linux on desktop computers, joining a Linux consortium and hiring staff for open-source work. The new Adobe Reader version is part of that warmer stance.

"The rate of adoption of the Linux operating system among enterprises worldwide--especially among government and financial services organizations--is increasing," Eugene Lee, vice president of marketing for Adobe's Intelligent Documents group, said in a statement. "Our customers were asking for Adobe Reader 7.0 on Linux as they begin to support core enterprise applications at the desktop."

Unsurprisingly, Adobe's move is accompanied by endorsements from top Linux sellers Red Hat and Novell, which advocate Linux on personal computers. Microsoft's Windows dominates the PC operating system market, but some chinks in its armor have shown with the Firefox Web browser and OpenOffice.org desktop software suite.

Adobe included Linux support in version 5 of Reader, released in 2001, but skipped it in version 6, delivered in 2003. In January, it pledged to embrace Linux in version 7 and began beta testing the software.

Then on Saturday, the San Jose, Calif.-based company told beta testers that the Reader update had reached "GM" status, short for "golden master"--meaning it would be the final version for shipping.

Red Hat tests dual-core support

Red Hat on Friday began testing support for forthcoming dual-core processors in its first update to its Red Hat Enterprise Linux, or RHEL, software.

Dual-core processors combine two processing engines onto a single slice of silicon, a prevailing method of squeezing more performance out of a processor. Red Hat told customers Friday that the beta version of the first update to RHEL 4 includes support for both Advanced Micro Devices' and Intel's dual-core processors.

IBM pioneered the market with its Power4 processor in 2001, with Sun Microsystems and Hewlett-Packard following suit with their own chips. AMD and Intel are working to make the technology mainstream with dual-core x86 server processors arriving April 21 and early 2006, respectively.

The Red Hat update version also includes an updated IA32 Execution Layer, which lets Intel's Itanium 2 processor run software written for x86 chips such as Xeon. The new update adds support for Intel's forthcoming "Montecito" version of Itanium, reduces memory requirements and boosts performance overall--particularly for Java and mathematical programs, Intel said.

The Red Hat update includes the latest support for Intel wireless networking products.

Red Hat, the top Linux seller, updates its operating system products quarterly.

Thursday, April 07, 2005

Open-source companies chase steady money

When entrepreneur Byron Sebastian started his company last year, he set his sights on the business software industry's ultimate cash cow: maintenance contracts.

Rather than charge large up-front fees for a product, his company, SourceLabs, will try to siphon off some of the millions of dollars corporate customers earmark for support. Like a growing number of start-ups, Sebastian's weapon of choice is open source.

The spread of open-source software, which generally is freely available, allows smaller companies to compete for maintenance money that until now has been locked up with incumbent software vendors, he said.

"Open source creates a competitive market for support and maintenance contracts," Sebastian said. "For the first time, you can build a successful business by being great at that, rather than just being mediocre."

Many industry veterans argue that open source is accelerating a shift that has been going on in the software industry for some time: Rather than hinge their business on big-ticket license contracts, software providers increasingly rely on recurring maintenance revenue.

And because most open-source tools don't have license fees attached to them, commercial open-source companies are often forced to build their businesses around services revenue, in the form of support, up-front installation or training.

With this model, purchasing software is more like committing to a yearlong cell phone contract--and less like buying a car with a large cash outlay and making regular payments later.

Although upstart open-source companies are relatively small and untested, the services-led business model reflects how more value is being attached to follow-on services than the actual the software, analysts and industry executives say. In fact, this week, industry executives at the Open Source Business Conference in San Francisco will consider the impact of open-source products on how software is acquired.

Unearthing support money
Once a backwater of the industry, attention is increasingly being paid to the amount of money spent on support and maintenance.

Chief information officers report that as much as 70 percent to 80 percent of information technology budgets are consumed by maintenance, rather than new initiatives. The recipients of much of that money are entrenched suppliers.

Database giant Oracle, for example, makes more on product updates and support than it does on license revenue. During an earnings call last year, Oracle CEO Larry Ellison touted the company's maintenance as an "extremely high-margin business."

James Goodnight, CEO of analytics software provider SAS, said that Oracle's acquisition strategy, which has included buying PeopleSoft and making a deal to buy Retek, is a play at existing maintenance contracts.

"Larry (Ellison) is buying everything he can get his hands on to consolidate the (business applications) industry. He believes that innovation in software is over. It's all about maintenance revenue," Goodnight said.

Compared with other industries, software has very high margins, in excess of 20 percent, said Mark Driver, an analyst at research company Gartner. "If you can get someone to pay you 15 or 20 percent a year after they've bought the software, it's a really good gig if you can get it."

The commercial open-source business model turns the traditional software purchasing equation around. Customers may pay some up-front fees, but the bulk of costs are in the form of ongoing services.

With proprietary software products, usually only the software purveyor provides maintenance services. With open-source software, many more service providers can offer support.

For example, JBoss offers support services for its line of Java-based infrastructure software components--the market area that is seeing perhaps the most activity. But SpikeSource, an open-source services start-up headed by Kim Polese, intends to offer subscription-based maintenance services for bundles of products that include the JBoss application server.

Analysts say that open-source software requires an industry of services companies for its adoption to spread. Some open-source products have been created by a relatively small group of programmers and do not have round-the-clock support organizations. Corporate customers require some sort of vendor to rely upon.

Also, a shift in buying habits is fueling interest in annuity-style contracts between providers and corporate customers. Increasingly savvy customers are shying away from committing to large-scale projects that consume millions of dollars and take years to complete.

"Enterprise customers, in particular, continue to be willing to pay fair and reasonable prices for software. The difference with the old days is that they don't want to pay for it all up front," Mitchell Kertzman, partner at venture capital firm Hummer Winblad and former CEO of Sybase, said at a conference in February. "They want to pay for it as they realize the value and get return on investment."

Billion-dollar open-source company?
Of course, regular payment schedules for software are also available outside the services-intensive realm of open source.

Established companies such as Sun Microsystems and Computer Associates International charge for products on regular billing schedules. Sun, for example, charges $140 per employee per year for its Java software bundles. Similarly, software-as-a-service companies, such as Salesforce.com, charge per user per month.

Using the recurring contract model, which has been around for decades on mainframe systems, works better than relying on large license deals, proponents argue.

"From a management point of view, if you do it correctly you can build a better forecast into expenses and revenue flow," said Matthew Szulik, CEO of Linux distributor Red Hat, which relies on subscriptions. Instead of spending the end of every quarter trying to land big deals, the subscription approach "allows you to focus on strategic issues," he said.

Like other open-source companies, Red Hat is regularly questioned about whether it can rapidly grow its business without incurring substantial up-front costs.

Support and maintenance contracts require that trained technical personnel are available to handle glitches that may occur at any time of the day. Increasing that support infrastructure can be difficult without hiring many people and incurring great costs.

Szulik's response is that the company offers services efficiently online and that its gross margins are about twice as large as that of traditional services companies.

Similarly, SpikeSource has developed a "process automation" application that will send out regular updates of software over the Internet to corporate customers. JBoss, meanwhile, has chosen to focus all of its services work on support, dropping other services, such as up-front installation and training.

But even as open-source and other software companies target the substantial amount of money spent on ongoing services, some questions remain over how sustainable and big a maintenance-dependent business can be.

"It's one thing to be a 5, 10, 20 million-dollar company--it's another to grow that to be a billion-dollar services company," said Gartner's Driver. "It can be done, but it's difficult to do and maintain quality."

Flaw found in Firefox

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Firefox improves pop-up ad blocking

The Mozilla Foundation has developed a beta patch for the Firefox browser that it claims improves the blocking of pop-up ads.

The popular open-source browser already contains a pop-up blocker by default, but this does not handle pop-ups launched by plug-ins such as Flash and Java. Mozilla employee Asa Dotzler wrote in his blog last week that Mozilla developers are responding to the increasing number of advertisers that are using plug-ins to launch pop-up ads.

"A lot of people have been reporting a new breed of pop-ups on the Web," Dotzler said. "This increasing menace is rooted in the pop-up capabilities of plug-ins like Flash and Java. If you're seeing pop-ups and pop-unders, you're probably visiting sites that have Flash or other plug-ins and those plug-ins are being exploited by advertisers to abuse you with annoying pop-ups and pop-unders."

Firefox 1.0 can block pop-ups launched by plug-ins, but this feature is disabled in the default set-up because it would affect Web sites that rely on plug-in triggered pop-ups for legitimate functionality, according to Dotzler. The beta patch resolves this issue by enabling users to whitelist sites where pop-ups are needed.

The beta patch has been packaged as a Firefox extension, called PopupsDie, and can be downloaded for testing here.

IBM: Proprietary technology not enough

IBM, the company with more intellectual property than any of its competitors, believes it's time to learn how to share.

Irving Wladawsky-Berger, vice president of technology and strategy at IBM, said the days are gone when a company could get by on its own. Now, cooperation is the order of the day, he said at the Open Source Business Conference.

"In the old days, maybe 10 years ago, a business thought everything they did had to be proprietary and intellectual property (IP) had to be protected against all comers," Wladawsky-Berger said. Now, though, "if you really want to tap into the energy of communities out there, you need to balance your proprietary approach to IP with a much more open, collaborative approach."

IBM itself has taken a mixed approach to the open-source idea.

It has aggressively promoted Linux for years and assigned hundreds of programmers to improve it. It also launched the Eclipse programming tool project. At the same time, IBM sells a lot of proprietary software, including its WebSphere business software and DB2 database.

When it comes to legal actions, IBM also is mixed. The company permits use of 500 patents for open-source projects, but continues to win more patent awards than any competitor.

In his speech, Wladawsky-Berger described "a new kind of innovation cycle" in which companies move ahead of an expanding wave of open-source software.

"A big part of your power is to have your people work with the communities and donate some of your intellectual property to those communities so they can get better. Then you build proprietary offerings on top of the open-source platform," he said. "Those proprietary offerings at some point will lose their value as proprietary offerings. Then there probably will be more value donating it to an open-source community, and on and on and on."

The executive isn't alone in his views. Tuesday, Sun Microsystems President Jonathan Schwartz described what he called the "participation age" based on open-source software and its ability to draw new programmers and new economies into the computing realm.

And Novell, which bought its way into the open-source realm with the acquisitions of Ximian and Suse Linux, also believes in a hybrid approach. Novell executives have described open-source software as a rising water level; proprietary software above that level can be sold for a time before eventually being swamped.

Friday, April 01, 2005

Torvalds: Put Linux to the test

Linux founder Linus Torvalds on Tuesday called for more regular performance tests on the Linux kernel, so that any reduction in efficiency can be highlighted sooner.

Currently, performance figures are only available for a few of the latest production kernels. Torvalds said it would be useful to continually test the performance of the development kernel, so that inefficient code can be spotted more easily.

"Doing just release kernels means that there will be a two-month lag between telling developers that something (messed) up performance," Torvalds wrote in a posting to the Linux kernel mailing list. "Doing it every day (or at least a couple of times a week) will be much more interesting."

The issue was raised when Intel employee Kenneth Chen announced some performance figures for various versions of the 2.6 kernel. The tests found that versions 2.6.11, 2.6.9, 2.6.8 and 2.6.2 of the kernel performed 13, 6, 23 and 1 percent slower respectively than the Red Hat Enterprise Linux 3 baseline--which runs on version 2.4 of the kernel, with some added features from version 2.6.

Torvalds said that more granular results are needed to be able to work out what code caused the significant changes in performance between the different versions.

"For example, that 2.6.2 to 2.6.8 change obviously makes pretty much any developer just go 'I've got no clue,'" Torvalds wrote. "It would be interesting (still) to go back in time if the benchmark can be done fast enough, and try to do testing of the historical weekly (if not daily) builds to see where the big differences happened."

Chen said that he will try to persuade his managers to allow him to do more regular performance tests. "I sure will make my management know that Linus wants to see the performance number on a daily basis," he said.

Google enhances search for Firefox users

Google has added a new feature to its search engine that allows Firefox users to obtain search results more quickly.

Reza Behforooz, a software engineer at Google, announced on Wednesday that the search engine now preloads the top search result into the cache of Mozilla browsers.

"Now Google's faster than ever on Firefox and Mozilla browsers," Behforooz said in a posting on the company's blog. "When you do a search on these browsers, we instruct them to download your top search result in advance, so if you click on it, you'll get to that page even more quickly."

The search engine's preloaded link feature is supported by Mozilla browsers, including Firefox, but because Microsoft's Internet Explorer and other browsers do not provide such functionality, they will not be able to use the feature.

There are some potential issues, however. Google points out in an FAQ that "you may end up with cookies and Web pages in your Web browser's cache from Web sites that you did not click on."

A few Firefox users have expressed concern about this feature on the Mozillazine site. They say people risk unknowingly downloading illegal content, and could end up using more bandwidth when surfing.

"You'll run into trouble if the first match is a porno site and your company's proxy logs it--you get all cookies of the first match without seeing the page," one Firefox user said.

Another user, Alex Bishop, said that even if people unknowingly download illegal content using the link feature, the content is flagged in a different way from content they've chosen to download.

"An 'x-moz: prefetch' header is sent with the request, and the referrer header will match the Google search results page," Bishop said.

Google plans to double Gmail capacity

"We wanted to make sure we have a plan in place for when people reach their storage limit," he explained. "We don't want people to worry that they might run out."

A slew of imitators scrambled to match and even exceed Google's free 1GB storage offer, transforming the Web-based e-mail business.

Wednesday, March 30, 2005

Grid Application Server based on LAMP

From one of my Friend Saifi:-

LAMP (Linux, Apache, MySQL, PHP/Python/PERL) is usually considered
the common platform of choice for Web applications and services.

Building upon LAMP, an opensource startup ActiveGrid (www.activegrid.com) has
come up with a XML std. based Services Architecture that provides a highly tuned
"text pump" that acts like a "bus" in a transaction intensive data center.

The term "bus" has the connotation of an integration platform.

Take a look at Peter Yared's blog at http://peteryared.blogspot.com/
for the details. He is the founder, CEO of the company.

For the technically inclined, here comes an opensource solution
that uses and builds on WS-* set of standards.

Monday, March 28, 2005

All the news that robots pick

Chalk it up to a difficult week for Google's automated news service, which aims to best traditional newspapers with mathematical algorithms and robots crawling the Web.

The Web search giant was hit with a lawsuit from French news agency Agence France Presse, forcing it to start to pull thousands of photos and news stories from its service. Then critics lashed out over its decision to include reports from National Vanguard, a publication that espouses white supremacy. In response, Google said it will remove the publication from its index.

Both are black eyes to Google's theory that computers virtually unassisted by human editors can pick the top stories of the day and beat traditional media at its own craft.

Google's own description of the service, which is still in beta after three years, defies the two instances that cropped up this week: "Google News is a highly unusual news service in that our results are compiled solely by computer algorithms, without human intervention."

The tensions hit on the growing pains of changing news consumption and distribution. On the one hand, readers are eagerly using aggregation services like Google News to save time and find news they're interested in from one location. But the digital melting pot of news also has raised questions about the need for standards that go beyond what technology can provide.

"It's a searchable newsstand, and it's a wonderful source," said Janice E. Castro, director of Graduate Journalism Programs at Northwestern University's Medill School of Journalism and former editor of Time.com. "But you're used to being able to say, 'There's the good newspaper; there's the poor stuff.' In search, it's all the same color and all the same size, and it's not ranked by quality."

"The best is mixed up with things that are far from the best," Castro said.

Google's feet are being held to the fire because it uses its technology to mine the depths of the Web to compile news. Yahoo News, in contrast, searches for news but also forms partnerships with content providers to populate its service. Google declined to comment on whether it has licensing deals with content owners.

In addition, Google News and similar news aggregation sites have become considerably powerful, forcing news organizations like the AFP to rethink their purpose and news distribution strategies. An increasing number of people turn to search as a way to access news, and many publishers have failed to answer readers' shifting appetites fast enough. That's been perilous to news organizations because aggregators siphon traffic that was once theirs.

John Battelle, a Web search pundit and former publisher of The Industry Standard, said that Google is an object of concern for publishers because it has yet to form a business model for its aggregation service, as opposed to Yahoo.

"That creates fear, uncertainty and doubt around their true intentions with the product," Battelle wrote in an e-mail, though he does not believe those intentions are "evil."

Visitors to Google News have nearly doubled to 5.9 million visitors since February 2004, according to ComScore Media Metrix. Yet Google News is not as popular as New York Times Digital, CNN, AOL News or Yahoo News, the leading news destination online.

Google uses algorithms to find popular news of the day and to cluster different sources on a given story, with links and photos from various publishers. But behind Google's technology, the company has pre-selected roughly 4,500 sources of information, and it continually reviews new sources to include in its searchable collection.

The question on many critics' minds is, what standards does Google use to select a news source?

"We're demanding transparency of mainstream news. Well, it's high time we get transparency from Google News," Jeff Jarvis, a blogger and president of Advance.net, wrote on Buzz Machine.

Jarvis added: "Google: Release a complete list of your news sources now. And institute a means for questioning those choices and for suggesting other choices now."

The call for transparency was in response to revelations that the National Vanguard was included in Google News' index. And according to the blog HonestReporting.com, Google News has previously included Jihad Unspun, a Web site that publishes anti-Semitic content.

Google spokesman Steve Langdon said the company does not allow hate content into its news service. "If we are made aware of articles that include hate content, we will remove them," he said.

The company has several guidelines for choosing news sources, including ensuring that the publication is edited. But it does not detail those guidelines on its site, except to say that "news sources are selected without regard to political viewpoint or ideology, enabling you to see how different news organizations are reporting the same story."

Aggregators vs. publishers
Google is also facing dissent from at least one of its news sources. Last week, AFP sued Google for allegedly using its news articles and photos without authorization. The French company is suing for $17.5 million in damages and seeks to permanently bar Google from using its materials.

Despite Google's policy to remove content at a publisher's request, AFP sued the company for past damages. Most publishers, however, want to be included in Google News because they believe it is a benefit to them and their readers, Langdon said.

AFP's complaint charges that Google infringes on its copyright by reusing its story "leads" as well as the headlines and photos.

Fred von Lohmann, an attorney at the Electronic Frontier Foundation, said a legal precedence has been established that allows Web publishers to link to thumbnail images, however. He also said the use of headlines and excerpts from the lead of a news story is fair use, and believes that Google is in the right.

"It would be a different World Wide Web if you had to ask for permission before you linked to something, and the same thing applies to news," Lohmann said.

Still, Google could face more of these lawsuits and pressure to engineer a more transparent news service.

"There's this weird tension," said Eric Goldman, assistant professor at the University of Marquette. "On the one hand, they need to tighten up who's included in their index, but then on the other hand, if they're too tight, someone is going to zip by them with hotter fresher news."

GPL 3 not expected to split free-software world

Some developers are concerned that the introduction of the third version of the GNU General Public License could split the free-software world, but the Free Software Foundation is confident that these fears are unfounded.

The FSF has denied that there is a risk that free-software projects could fork when the next version of the GNU General Public License, or GPL, becomes available.

Over the last few weeks, free-software developers from various projects have expressed concerns about the next version of the GPL. In a posting to the legal mailing list for the Debian Linux distribution, OpenOffice.org volunteer Daniel Carrera pointed out that as Linux is currently only distributed under GPL 2, it could face problems when GPL version 3 is released.

"My understanding is that Linux is distributed under the GPLv2 exclusively," Carrera said in the posting. "Given the vast number of Linux contributors, this means that Linux won't be able to migrate to the GPLv3 when it comes out, correct?"

Debian maintainer Matthew Palmer agreed that this was the case and said he was worried that when GPL 3 comes out, some free-software projects could split into separate branches. "I fear a lot of unpleasant forking action when the GPLv3 comes out," Palmer said.

Palmer said some developers may decide to license their projects only under versions 2 or 3 of the GPL, while others may choose to license under multiple versions of the license. This could result in "license-incompatible forks," according to Palmer.

But Eben Moglen, general counsel of the Free Software Foundation, said Thursday that there shouldn't be a problem in persuading Linux developers to migrate to GPL 3, as the license will be developed with their input.

"I don't think it will be a difficulty," Moglen said. "When the FSF finishes its work to produce the first discussion draft of GPL 3, there will be an extended comment period, which will be a chance for everybody to have their say. We will take as long in listening as people need to take."

GPL 3 is likely to include changes that take into account international copyright law and patent threats, according to Moglen.

It is not surprising that the next version of the GPL has attracted a lot of interest as it is the basis for a "multibillion-dollar industry," according to Moglen. "In a market that size, there are a lot of participants and a lot of people with interests," Moglen said.

Moglen was unable to say when GPL 3 would be released, though he suggested that it would be available in the next year or two. He is confident that when GPL 3 is released, people will be pleased with the outcome.

"When it's all over, people will say about the GPL 3, 'It's better, it's not that different--what's all the fuss about?'" Moglen said. "People have to trust that we know what we're doing." This echoes his previous statements, in which he said the process was "going to be a screaming match some days, but it is going to be a noble effort when it's over."

He said today's free-software industry owed a debt of gratitude to version 2 of the GPL. "A very large field came into existence as a function of the correctness of Richard Stallman's ideas," Moglen said.

Programmers bypass Red Hat Linux fees

It took Red Hat 16 months to produce the newest version of its premium Linux product, which went on sale in February for as much as $2,499 per computer per year.

It took a group of programmers less than two weeks to release a free clone. But the move could help Red Hat as much as it appears to hurt it.

The clone is from a project called CentOS--Community Enterprise Operating System--one of several "Red Hat rebuilders" that have partially nullified Red Hat's business decision in 2003 to stop giving away its supported and certified product for free. CentOS and others--Lineox, White Box Linux, Tao Linux, X/OS Linux and Scientific Linux--all rebuild a copy of Red Hat Enterprise Linux from the source code components Red Hat releases.

The clones are both a boon and a bane for Red Hat, which used an aggressive pricing plan to profit from its status as the top seller of the open-source operating system.

On the one hand, the rebuilders draft off Red Hat's labors while depriving the company of potential customers for its software and the support that goes along with it. On the other, though, they help cement the dominance of Red Hat's software and spread it to those who might eventually decide Red Hat's services and reliability are worth the price.

It's clear, however, that many Red Hat clone users aren't likely to embrace the original anytime soon.

"I don't pay for Linux, and I have absolutely no need for a Red Hat-style subscription (for) support," said Collins Richey, a Denver Linux enthusiast who uses CentOS on his personal computers to keep them compatible with work machines. "I'm considering recommending CentOS for limited use as a trial project...at work."

Red Hat chooses to see the glass as half full, with spokeswoman Leigh Day calling the clones "good news" because they could attract new customers.

"If they try versions that are not supported or supported inadequately, they will get a hint of the value propositions that are available for Linux and ultimately turn to a company that can support their businesses," Day said.

Red Hat did clamp down partway on CentOS in February. Its lawyers demanded the rebuilder strip out trademarked Red Hat names and logos.

However, if Red Hat truly wanted to hamper the rebuilders, it could stop its current practice of releasing its product's source code in the convenient packages called source RPM files.

"Red Hat should be thanked for making this so easy for all of the rebuild efforts," said Greg Kurtzer, who founded the Caos Foundation that runs the CentOS project. "I am not going to fault them for trying to make money."

Red Hat will continue releasing the source RPM files. "What we're doing now we'll continue to do for the long term," Day said.

Despite the availability of alternatives, Red Hat subscription sales increased from 33,000 in the quarter ended November 2003 to 132,000 a year later. That's solid growth, but it's not as high as the peak of 144,000 in the quarter ended August 2004. Red Hat is expected to release sales figures for its most recent quarter on March 31.

Some see an upper limit to how much the Linux seller can charge. "The real reason Linux is our choice is cost," said Brian Trudeau of Eastek International in Buffalo, N.Y., a CentOS user. "Why pay for Red Hat when it costs as much as Windows?"

Send in the clones
There are several prominent RHEL rebuild projects besides CentOS:

Finnish Lineox, which released its clone of RHEL 4 on Feb. 25, charges between 5 euros and 15 euros ($7 to $20) per server for its software update service.
White Box Enterprise Linux was born when Red Hat dropped its freely available commercial product, Red Hat Linux, said project founder John Morris, who runs dozens of servers and personal computers using Linux at Beauregard Parish Public Library in DeRidder, La. "We have workstation hardware that costs less than a RHEL contract, so something had to give when Red Hat dumped Red Hat Linux in favor of RHEL, and thus WBEL was born," he said.
Tao Linux is a "community supported" version not intended for mission-critical computers; users are expected to solve problems on their own or with help from mailing lists.
Scientific Linux is maintained by programmers at Fermi National Accelerator Laboratory and other labs. It's geared for technical tasks at labs and universities.
X/OS Linux, for which X/OS, a computing company in Amsterdam, sells support.

CentOS in the limelight
CentOS was an offshoot of a separate Linux project called Caos Linux, said Kurtzer, who is a Lawrence Berkeley National Laboratory administrator and a programmer as well. But it turned out the Caos Foundation's more popular project was a rebuild of RHEL.

"For a new distribution to be widely used, it must demonstrate to the community that the project and the product are both stable, reliable solutions," Kurtzer said. "But because CentOS is based on a known codebase, it was able to short-circuit the typical path and become an almost instant success."

Kurtzer doesn't have firm numbers, but he estimates there are thousands, perhaps tens of thousands, of CentOS users. The first version was announced in December 2003.

CentOS doesn't veer from the Red Hat course. "The point...is to be as legally identical as possible," Kurtzer said. CentOS tries, for example, to build security updates as quickly as possible, with an informal guarantee of a 24-hour turnaround after Red Hat releases the original.

CentOS isn't exactly free. The Caos Foundation asks for a $12 server per year donation to defray download costs, though few beyond some companies pay, Kurtzer said.

The support question
After Red Hat launched RHEL, it also began a project called Fedora. That version of Linux is available for free, but it's a fast-changing and unsupported product geared for hobbyists and programmers who can help work the kinks out of the latest software packages.

RHEL, in contrast, changes slowly, with updates released roughly every 18 months so hardware and software companies have time to certify that their products work with the operating system. Support of a particular Red Hat version lasts for seven years for those who pay an annual support subscription.

"Enterprises may have been disabused of the notion that Linux is free, but that doesn't mean they want to pay through the nose for it just because it has (software partner) support," said RedMonk analyst James Governor.

There are risks to leaving the official Red Hat fold, though. A customer isn't going to get much hand-holding, for example.

"We support three forms of Linux: Red Hat Enterprise Linux, Novell's Suse Linux Enterprise Server and Asianux," said Anne Pace, a spokeswoman for storage specialist EMC. "We chose those three because when we scan our customers, those seem to be the versions of Linux that our customers seem to be going with."

EMC will try to help customers using other versions, Pace said. But if they're using a Linux version EMC doesn't support, "we can only go so far, so they'll probably need to be diverted back to the Linux company to try to figure it," she said.

Oracle, a major software power and Linux backer, supports the same three Linux versions as EMC, but it has a stricter policy because it wants to keep the number of varying Linux versions to a minimum.

"Oracle wants to prevent fragmentation in the Linux distribution space," Monica Kumar, senior manager of Oracle's Linux product marketing, said in a statement. "Because of the indeterminate number of possible distributions and Oracle's desire to see customers succeed, it is necessary to confine enterprise-class support to those distributions that Oracle believes can be successfully deployed and supported in enterprise-class environments."

Do it yourself
Many who opt for Red Hat rebuilds are confident of their own expertise, though.

"I've had years' worth of support from Red Hat and have never called them once," said Jacob Leaver, a senior systems administrator who uses CentOS at his employer, a Washington-based Internet service provider. "I find that I can usually provide the answer to a technical problem using a Google search."

That's also enough support for Claire Connelly, a systems administrator who helps run 66 Linux servers at Harvey Mudd College's Mathematics Department.

"Convincing me to run RHEL on more of our systems would require Red Hat to add some significant value over community rebuilds or other distributions," Connolly said. "I don't have a problem with giving Red Hat some money, as they do a great job contributing code and support to the community. The problem is that their current pay-for-support structure doesn't work very well for our situation. As an academic institution, we don't have tons of money to throw around for 'enterprise-level support.'"

A year and a half after Red Hat introduced the first version of RHEL, it announced deep discounts to education customers that had been alienated by the pricing choice.

But those educational discounts haven't been steep enough for some others, either. The University of Manchester uses Linux on a "couple hundred" workstations and servers, said Niels Walet, a professor with the university's School of Physics and Astronomy. His main concerns with Red Hat are support and fees, he said. He's moving several CentOS systems under his purview to Scientific Linux to maintain compatibility among university groups.

Some clone users could be drawn into the Red Hat fold, though. One is Maciej Zenczykowski, a CentOS user and student in Poland who runs Linux on three university servers and four Internet servers for his own and three other apartment buildings. He'd be willing to pay $50 to $100 per year for software support, and he needs the RHEL compatibility to ensure that software from Hewlett-Packard works properly.

"Frankly, I wanted to go with RHEL 4 on (an) enterprise-level server at the university. I even had the $50 ready for an academic license," he said. But Red Hat's Polish reseller was charging about $120, and trying to coax longer-term support payments out of the university's financial department was frustrating, so CentOS won out.

Freedom from bureaucracy is one of the reasons Dave Parsley, an administrator at Alfred University in New York, founded Tao Linux.

"It's always easier to pop a DVD into the drive to install it and not register and not do any paperwork," Parsley said. "It's like the old days of Linux--just install and go."