blog.scottlowe.org

Network World published today that Microsoft is reportedly seeking royalties on the distribution of open source software that supposedly violates 235 patents.  Now tell me, who didn’t see this coming?  With the recent Novell-Microsoft pact, it became much clearer to me that Microsoft was preparing for outright war against the open source community, and now it appears that is very likely the case.

The Network World article is based on an interview from Fortune magazine (available here via CNN/Money) in which Microsoft officials, including Brad Smith (Microsoft General Counsel) and Horatio Gutierrez (licensing chief?), discussed their plans for getting FOSS (free/open source software) users to pay royalties on violations of no less than 235 Microsoft patents.  (By the way, I strongly recommend you read the full Fortune article.)

Now, it may be true that Microsoft won’t actually sue FOSS users or developers, as indicated here or here.  I certainly agree that it would be monumentally stupid for Microsoft to start suing its own customers, and it makes sense that Microsoft distributing SuSE Linux coupons makes it a Linux distributor and therefore subject to the GPL themselves.  However, after Microsoft skated out of the antitrust violations essentially unharmed, I’m not convinced that the FOSS community is as well-protected as they might think.  I hope that they are, but I’m not entirely convinced yet.

I’ll tell you one thing:  This most certainly reverses a great deal of the goodwill that Microsoft had been generated with the FOSS community and FOSS users, and it drives many users to stop using Microsoft products altogether.  I don’t consider myself a Microsoft basher, and have on many occasions openly welcomed many pieces of Microsoft software because, quite honestly, they were the best available.  I can’t say that I’ll be quite so open to Microsoft now, especially personally.  (Anyone care to recommend a high-quality replacement for Microsoft Office on Mac OS X?)  If nothing else, Microsoft has definitely succeeded in creating a larger amount of bad press, ill will, and mistrust.

There’s a lot of discussion going on around the Internet on this topic; here are just a few links:

• It’s Time for Microsoft to Put Up or Shut Up
• Put up or shut up, Microsoft (Larry Augustin)
• How to Know Microsoft Hates Opensource
• Microsoft Plays Dirty Pool Again

I also strongly recommend that you read the Groklaw article on this turn of events as well.

The idea of chrooting (or jailing) certain security-sensitive services is a well-known and pretty well-accepted method of protecting systems against further compromise in the event of a security breach.  BIND is commonly run in a chroot jail, as can be Apache HTTPD or an FTP server.  SSH is another common target for running in a chroot jail, and SSHjail is a patch designed to simplify the process of running OpenSSH in a chroot jail.  (UNIX die-hards, please forgive me and correct me if I am mistakenly interchanging “chroot” and “jail”.)

I was alerted to SSHjail via this article on Linux.com, and it certainly appears that SSHjail greatly simplifies the process of running OpenSSH in a chroot jail.  What interested me more than the configuration or use of SSHjail (which, as I mentions, looks pretty straightforward—kudos to the developer) was the question, “Could SSHjail be used in centralized authentication environments?”

Perhaps due to my work in Linux/UNIX-Active Directory integration, but the idea of using SSHjail initially seemed to be at odds with an environment where users are being authenticated via Kerberos/LDAP against Active Directory.  After all, the home directory would normally be specified on the user object’s properties in AD, so how would that interact with the home directory configuration specified in the /etc/sshjail.conf file?  Is SSHjail so transparent that it won’t matter?#160; For example, if I specify that “/home/slowe” is the UNIX home directory in AD, and SSHjail is configured to put me into a jail at “/chroot/ssh/”, do I need to then change the UNIX home directory in AD?  The article seems to imply that it does, as it mentions editing local users to specify a new home directory location.  How, then, do we handle disparate systems where SSH may be jailed on some and not on others?

<aside>Of course, this brings back up the question of how to handle different operating systems, such as Solaris and Linux, that (by default) place home directories in different locations on the file system or in different file systems.</aside>

Any feedback or clarification from Linux/UNIX experts out there is welcome.  It would be great to be able to include information on how to utilize SSHjail in conjunction with AD integration.

This is really exciting news.  Development on Cocoalicious, the Mac OS X native application that front-ends del.icio.us, has started back up again.

I’ve blogged many times about Cocoalicious (starting as far back as June of 2005) and how much I enjoy using the application to manage my del.icio.us bookmarks.  I was really disappointed that development had stalled, and had even started searching for replacements to the application.  Fortunately, it looks like the new developer (who is working with the original author, not replacing him, from what I understand) is already seeking feedback and ideas for future versions.

Personally, I’m pretty thrilled with the application as it is, and have only one feature request:  please, please, PLEASE drop the brushed metal interface.  Or at least offer us an option to toggle back and forth.  I’d love to see a fresh new UI like that used by Mail.app or NetNewsWire, with the tags in a pane on the left and your bookmarks listed on the right, and a divider (like the one used now) to open, close, or resize the built-in browser.  Combine that with a new, modern unified toolbar (not Mail.app’s lozenges, please!) and perhaps incorporate some of the tag UIs that have been proposed (like this one), and you’ve got yourself one killer del.icio.us client.

Edward Aractingi started it all back on March 20 when he blogged about why VMware should open source ESX Server.  Tarry Singh then weighed in on the matter from his weblog.  Both men make very good points on the matter.

It’s true that there is a lot of virtualization work being done in the open source community.  We have the Xen hypervisor, now capable of hosting unmodified guest operating systems through the hardware-assisted virtualization support of the newest Intel and AMD CPUs; we have the inclusion of KVM in the Linux kernel and the addition of VMI into the next stable kernel; and projects such as OpenVZ thriving as well.  That’s a lot of activity going on around virtualization and virtualization-related technologies.  And, while it’s most definitely not open source, we also must consider the impact of “Viridian,” Microsoft’s hypervisor to be release shortly after Windows Server 2007 (aka “Longhorn”).

The real question comes to this:  will open source commoditize the hypervisor?  If you agree that the introduction of open source hypervisors such as Xen will commoditize the hypervisor, then VMware’s future needs to lie with other technologies, such as the management layer and value-added functionality such as live migration (VMotion), dynamic load balancing (VMware DRS), and high availability (VMware HA).  In that scenario, VMware would be better served to open source the ESX Server code and allow the community to drive development of the hypervisor itself.  I think that’s a viable model, one that has been embraced by other organizations with varying degrees of success.

If, on the other hand, you don’t think that the hypervisor will become a commodity, then the idea of open sourcing ESX Server doesn’t really hold a lot of value.  Why release your competitive advantage?  Instead, you continue to develop the hypervisor and add features and functionality to it to differentiate it from the competitors.

What do you think?  Will the hypervisor become a commodity?  I think it’s a bit too early to tell.  Open source aficionados point to the success of Linux and tell you that the OS is becoming a commodity, but look at the reality of the sales numbers for Windows Vista.  Perhaps the OS is becoming a commodity, but has anyone bothered to tell people buying Windows Vista?  Linux has had years to make “the proprietary OS history”, and is only now starting to really have an effect.  Will open source virtualization efforts take the same time?  If so, VMware has plenty of time to decide the course of action to take.  In the meantime, I think that VMware has done a reasonably good job of blending open source code, proprietary technologies, and published standards into their products.  If they can continue to find the right balance between these often contradictory positions, I think they’ll continue to be successful.

When I first started using virtual desktops with Mac OS X, I went through a couple of different iterations before settling on an application called Virtue (later to be renamed VirtueDesktops).  Although it took some time to get used to the idea of not having a desktop pager window always present, the hotkey for popping up VirtueDesktops’ translucent pager became almost as ingrained in my fingers as the hotkey for Quicksilver (note I said “almost”).

After a near death experience around the release of Tiger, VirtueDesktops progressed steadily until just last week, Tony Arnold announced that he was ceasing the development of VirtueDesktops.  I can understand his position; with Spaces set to debut in Leopard, it’s difficult to justify the continued development of a virtual desktop application.  Given that VirtueDesktops is an open source application, though, there’s hope that another developer will pick up the source code—much like Tony did himself after Virtue was abandoned by the previous developer—and continue the project.

I mostly stopped using VirtueDesktops after switching to my MacBook Pro.  I guess the problems that the application experienced during the transition to a Universal application scared me away from it, and it’s only been recently that I started using it again on occasion.  Since then, I’ve gotten used to using Exposé to manage windows instead of spreading them around multiple desktops, and I don’t know if I’ll ever switch back on a full-time basis.  Nevertheless, I appreciate Tony and his hard work on the application, which served me very well for quite some time.  I wish Tony the best of luck in his future projects and I hope, for the sake of other VirtueDesktops users, that one or more talented developers will take up the mantle and continue development.

This makes the third or fourth time I’ve tried to get into using Quicksilver.  I’m OK with the whole pop-up bezel interface, since that’s the interface that VirtueDesktops, my virtual desktop application, uses.  (The author of VirtueDesktops freely admits that he was inspired to create his interface based on Quicksilver’s interface.)  Don’t get me wrong—Quicksilver (just “QS” from now on) is a great application, and it has loads of very useful functionality.

For example, here are a couple of the things that I love about QS:

• With QS, you can access Address Book information without having to launch Address Book.  You can type a few characters of a contact’s name and there it is, and there are actions accompanying it that allow you to send an e-mail to that contact.  You can’t do that with Spotlight.
• QS is extensible, allowing you to attach user-written AppleScripts to add functionality to the application.  In addition, QS supports an system of plug-ins to add features or to add new interfaces, such as their Flashlight interface (based on the Spotlight interface).
• The bezel interface is pretty cool.

Somehow, though, even given the nifty and pretty handy things that you can do with QS, I just can’t get with it.  I can’t integrate it into my workflow.  I can’t get into the handy of invoking QS to do what I’m trying to do.  I suppose I need to give it much more time than I am giving it; I’ve heard it said that you need to give it a week or more of using it before you get used to it.

Any QS users out there?  If you’ve got any tips on getting “used” to QS, on how to integrate QS into your workflow and your modes of operation, I’d really appreciate it.  I believe that QS could be a powerful tool to help make me more productive, but I’m just having a really hard time getting the hang of it.

Here’s another incredibly simple task that one often needs to perform when using Linux:  mounting an ISO image.  The problem is, I so very rarely do this that I forget the exact switches to use.  So, to avoid that problem in the future, I’m posting the information here for future reference.  Even if no one else finds it useful, at least I’ll know where to look next time I need to do this.

To mount an ISO file, use the following command:

mount -t iso9660 -o loop /path/to/image.iso /mount/path

I know, a very simple command and one that Linux veterans around the world have probably used a million times over.  Like I said, when it’s not something that you do every day, it’s easy to forget it.  (Especially when your brain is busy trying to process other new information…)

In the next few days, I’m going to try out StrataGuard Free, a freeware version of StrataGuard, a Snort-based IDS/IPS.  StillSecure is making StrataGuard Free available as a VMware image for easy testing.

StrataGuard Free is rate-limited, meaning it only handles traffic streams up to 5Mbps.  Of course, that is more than sufficient for small businesses and home offices, and it’s a great way to become more familiar with the commercial product (StrataGuard)—which, of course, is not rate-limited and offers more features (such as automated rule updates).

I’m going to be trying out the VMware appliance on ESX Server in my test lab; hopefully, I won’t run into any hardware issues.  (Remember that my test of FreeNAS, which was also packaged as a VMware image, did not work on ESX Server due to a SCSI adapter issue.)  As soon as I get it up and working (or don’t), I’ll post more information here.

Thanks to DABCC for alerting me to the release of StrataGuard Free as a VMware image.

In earlier posts (on the pcn0 driver in OpenBSD 3.8 and on running OpenBSD 3.8 on VMware ESX Server 2.5) I’ve provided information on running OpenBSD in a virtualized environment.  With the release of OpenBSD 3.9 a few weeks ago, I’ve completed some testing.  Here are the results.

Here’s the configuration of the virtual machine under ESX Server that I used for my testing:

• Guest operating system set to FreeBSD (OpenBSD is not an officially supported guest OS)
• Single CPU (virtual SMP is not supported)
• 128MB of RAM
• LSI Logic SCSI controller (this is a change from the default BusLogic controller)
• Standard vlance network controller

I have not yet tested to see if the BusLogic controllers works under 3.9; it for sure did not work under 3.8 (OpenBSD wouldn’t see the disks).  If time permits, I will test that soon.

I am very happy to report that the pcn driver now works as expected; it’s no longer necessary to disable the pcn driver and use the le driver instead.  It is my understanding that the pcn driver is faster and more efficient than the older le driver, so I’m pretty excited that this is now working as expected.  My subjective analysis indicates that there is a small performance gain, at least in my environment.

If I run across any additional information, I’ll be sure to share it here.

Wi-Fi on Linux is about to get much better, thanks to the release of an advanced Wi-Fi driver stack to the Linux community under the GPL.

As reported by eWeek (here’s the full article) and LinuxDevices.com (read the full article), Devicescape has released their advanced Wi-Fi driver stack under the GPL (read the press release) in order to speed the adoption of Linux-based Wi-Fi devices.  Having wrestled with Wi-Fi support on Linux on more than a few occasions, I can attest to the difficulty of trying to get online with a less-than-perfectly-supported Wi-Fi card.

If you’re lucky enough to have a Wi-Fi card that is fully supported by the Linux distribution of your choice, then great.  Unfortunately, that list of supported Wi-Fi cards is rather slim, and excludes a great many of the retail cards available to consumers.  Horror stories abound regarding trying to get a retail Wi-Fi card working under Linux, and these are the stories that prevent ordinary people from being willing to give Linux a try.

Hopefully, the inclusion of this new technology into mainstream Linux distributions will vastly improve Wi-Fi support on Linux and help continue to drive the adoption of Linux across business and consumer segments.

<aside>You may be wondering why I’m pushing for greater adoption of Linux.  Microsoft does it’s best work when it’s faced with great competition.  For quite a while now, there hasn’t been a serious competitor to Windows, and so Windows has lagged a bit (OK, perhaps more than a bit).  A stronger and more vital Linux would give Microsoft the competition it needs to perform better.  In addition, I believe that increased choice in operating systems can only lead to good things.</aside>