I was amused earlier this week by the news sweeping the ether-web about the so-called “GodMode” folder present in Windows 7 and 32-bit Vista.

The news in itself was not amusing: the presence of a √ºber-configuration folder for Windows power users seems a useful thing, I must admit. What was amusing was the hoopla generated by the discovery of a hidden Easter egg in Microsoft’s flagship product, while all the while, a much bigger story remains in play.

Microsoft continues to sell consumers an operating system that needs anti-virus protection.

It’s not like they keep it a secret: if you install Windows 7, there’s three things splashed up on the screen for users towards the end of the process: configure the OS, activate the OS, and get anti-virus software.

To me, there’s something fundamentally wrong with knowingly send out a piece of software that’s vulnerable–so vulnerable that you have to tell users your product is unsafe until they get third-party protection.

I can understand releasing something with unknown vulnerabilities–nothing’s perfect, after all. Even Linux distributors recognize that no system is unhackable, and I’ve never heard one claim that their distro is completely secure–just more secure than Windows. Unfortunately, that seems to be a bar that’s very easy to jump over.

Time and again, it is demonstrated that computer users have traded so-called simplicity for security. The ability to download and install any application with just a few clicks is more important, it seems, than keeping personal and business data private.

This is more than a few hard drives getting wiped: in early 2009, the Ponemon Institute estimated that every time a company has a data breach, it costs an average of US$6.6 million to correct the problem. Around the same time last year, Gartner put out a report that put the global price tag for breached systems at US$1 trillion annually.

And yet, here we are, still buying software that is known to be vulnerable and makes it ridiculously easy for viruses to be installed on the operating system. Or Trojans. Or granting so many permissions to a “regular” user that physical compromising a system is child’s play.

With the wave of new Linux-based smartbooks, netbooks, and phones hitting the market, there are still critics who complain about an alleged lack of features in Linux. Even if this notion were accurate, and I am very sure it’s not, let me put the question to them: why would you rather have the latest gadget installed on your system as opposed to personal data security?

As a group, computer and electronics users need to reset their priorities. It’s not about the nifty toys and Easter eggs you can find in Windows. It’s about what personal information malicious users can find in your Windows.

I believe that time is about to come soon, when the widespread dispersal of Linux-based devices will demonstrate that while no system is perfectly secure, there’s a lot of systems that could be switched to something more secure than Windows at a far lower cost than US$1 trillion every year.

Earlier this week, I noted the fact that the 100 day mark for the CodePlex Foundation had passed (on December 19) without any comment from the Foundation on how they had fared against their aggressive goals for that time period, including the replacement of the founding, interim Board of Directors, with a permanent board. 

That blog entry sparked a call from the Foundation’s PR firm, and an opportunity for me to spend an hour on the phone with Sam Ramji, the interim President of the Foundation, and Foundation Deputy Director Mark Stone during which we covered a lot of ground, including what’s been accomplished so far, what the Foundation has learned so far, how that has affected its planning, and what we can expect to be announced in the short term and long term future, all of which I’ll  report on in this blog entry.  They also informed me that an update press release covering some of the same topics would be made today.  That announcement was posted to the Foundation Web site at Noon today, and you can find it here (as usual, it’s also pasted in at the end of this blog entry).

With that as prelude, here’s what we talked about, and here’s what I learned.

Read the Rest Here

Article Source Community-cation
January 4, 2010, 8:48 am

There’s been a lot of technology predictions for the upcoming year, with Linux playing a big part in the future direction of tech. Fortunately, we won’t have to wait long to see how some of those predictions will play out: it’s just a mere three more days until the start of the Consumer Electronics Show (CES) in Las Vegas.

Even before the 2010 CES show starts on January 7, as early as tomorrow, Jan. 5, Google is expected to formally announce their upcoming smartphone, the Nexus One. Nexus One, rumored to be based on HTC’s Passion device, is expected to be sold with complete Google branding and a pure Android platform. More importantly, Google may be planning to sell the device as an unlocked GSM phone, which means anyone can buy the device and then get a calling plan separately with any carrier they want with a compatible GSM network.

Beyond that, as if that would not be big enough news, look for more Android-based offerings–from phones to tablet devices–showing up at the CES event proper.

In the meantime, a new buzzword may be dominant at the Vegas electronics show: smartbooks. First seen from Sharp in November with their NetWalker PC-71 device, these handhelds are, as you might expect from the name, somewhere between a smartphone and a netbook. These ultra-small devices are always connected to the Internet via 3G cellular networks and will provide productivity apps, via their Linux platforms, for users.

Even though this class of device was out last fall, the big reveals will be staged at CES later this week, from Qualcomm and Sharp, to name two manufacturers. With ARM-based chips and Linux as the OS reducing the costs of these devices, analysts are predicting that if smartbooks are accepted by consumers, smartbooks could become real profit generators for hardware makers.

Curiously, there won’t be much competition for Linux-based mobile offerings at CES. Apple isn’t expected to announce its rumored tablet device until January 26, and Windows Mobile continues to struggle with declining market share.

This decline in Windows Mobile is interesting, because it seems to belie one of the main arguments against Linux on mobile devices: that Linux devices are limited in their functionality by their lack of applications.

This argument was most recently framed in a Wall Street Journal article about the rise of smartbooks at CES, which felt the need to highlight a caveat about these devices: “But smartbooks running Linux or its offshoots, such as Google Inc.’s Android, won’t run applications like Microsoft Word or Apple’s iTunes. Early netbooks that ran Linux ran into customer resistance and were quickly replaced with Windows-based models.”

Which is followed up by this rather expected comment: “‘Customers will likely continue to choose Windows netbook PCs over Linux smartbooks for these same reasons,’ predicts Ben Rudolph, a Microsoft senior manager for Windows.”

While Mr. Rudolph may feel his viewpoint a valid one–and we could obviously argue that point–it must be pointed out that he was describing netbooks, upon which Windows (XP, mind you) can actually run. Smartbooks, with their ARM hardware and smaller profiles, are not a platform for desktop Windows offerings, even antiquated ones. In fact, at this time, only Windows Mobile runs on ARM–something that even the One Laptop Per Child project was lamenting back in March.

Now we have a situation where Windows Mobile, which by all rights should have the “best” productivity apps, since its developers have full access to Office application code, is in sharp decline, while Linux, supposedly limited by a lack of productivity apps, is very much on the rise.

The truth is that there are plenty of applications for Linux-based devices, including multimedia players, full office suites, and file management tools that will match or exceed anything on Windows Mobile, and Microsoft knows it. Why else would it attempt to distract the media with a comparison of Linux and Windows on an entirely different architecture?

Right now, the major players in mobile operating systems are Linux (via Moblin and Android), Blackberry, and the Phone. Windows Mobile is becoming a footnote in an arena that’s exploding with growth.

Welcome to 2010: The Year Linux Makes Contact.

Article Source Andy Updegrove’s Blog
December 30, 2009, 8:09 am

As you may recall, Microsoft announced back on September 10 that it had launched a new foundation “as a forum in which open source communities and the software development community can come together with the shared goal of increasing participation in open source community projects.” It called it’s new non-profit organization the CodePlex Foundation, echoing the name of a commercial site, called CodePlex.com, that it had earlier set up to host open source development projects.

Microsoft launched the CodePlex Foundation with bylaws and other governance documents with which I had some issues, and about which I posted some recommendations. But it also publicly stated that these documents, and the initial boards of directors and advisors, were only temporary. Within 100 days, the statements posted at the site pledged, a new Board would be announced. Nominations for the Boards of Directors and Advisors were welcomed, as well as recommendations on changes to the governance documents.

On October 21, the Foundation announced its Project Acceptance and Operation Guidelines, and on November 18, its first “Gallery” (a project area), supporting Microsoft’s ASP.NET, and its first project (supporting ASP.NET Ajax libraries). Microsoft announced that it had contributed a second project, Orchard, to the ASP.NET Gallery on December 9.

But December 19 Рthe 100 day mark Рpassed quietly, with no announcement of a new Board or a status update on the other goals. So what’s up with the CodePlex Foundation, and its pledge to promptly transition into a more independent organization?

Read the Rest Here

Article Source Linux Weather Forecast Blog
December 23, 2009, 11:35 am

Linus has released the 2.6.33-rc1 prepatch, closing the merge window for this development cycle. This kernel has a few features which will shake things up, with dynamic tracing being near the top as far as I am concerned. But, perhaps, the most interesting addition is one that almost nobody expected: a reverse-engineered driver for NVIDIA graphics chipsets called “Nouveau.”

Once upon a time, finding hardware which worked with Linux could be a real challenge, especially for certain classes of machines, like laptop computers. We had especially severe problems with 3D graphics as the result of two separate problems: development on the X Window System went into hibernation for many years, and graphics vendors had little interest in helping the community to develop free drivers for their products.

The good news is that those dark days are mostly behind us. We have a reenergized X development team and much more cooperative vendors; Intel, which employs much of that team, can take a large part of the credit for both changes, but the good works go well beyond Intel. At this point, we have free support for most hardware out there Рthough, it must be said, a good chunk of this code is still a work in progress. We might not have quite reached the end of the tunnel, but the increasing light suggests that we’re getting close.

The big exception to this story is NVIDIA, which still refuses to work with the development community. NVIDIA does provide closed-source drivers, but those are undesirable for all of the usual reasons; this hardware needs to be supported with free software.

The development community is of two minds when it deals with companies like NVIDIA. One approach is to reverse engineer the hardware, figuring out how it works so that a free driver can be written; that is what the Nouveau project has been doing for the last few years. Others, though, say that the best way to deal with uncooperative companies is to simply not buy their products. Why, they ask, should companies support the development community when that community will eventually provide drivers (and buy their hardware) anyway?

The reverse engineering community appears to have come out on top, by virtue of actually having done the work. The Nouveau driver, while not yet being perfect, supports a subset of NVIDIA’s hardware nicely. Some distributors have been shipping it, which leads to the second half of the story.

The kernel community works by a rule which is often expressed as “upstream first.” This rule states that code should be merged into the mainline kernel before it is shipped to customers. Doing so helps to ensure that the best code is in the mainline where all have access to it; it also lets the community resolve any problems with the code before customers become dependent on it. Failure to follow this rule can lead to divergence between kernels and long-term trouble for customers, so the distributors are fairly good about following it.

In the case of Nouveau, though, some distributors have been shipping it for a long time without working to get it upstream. There are a lot of reasons for that, including unstable user-space APIs and uncertainty about some firmware which must be loaded by the driver. But, when 2.6.33 came around, Linus Torvalds decreed that he had waited for long enough. A quick scramble by the Nouveau developers led to a version being put up for merger into the mainline, and Linus took it.

The end result is that the 2.6.33 will have support – at some level – for most of the graphics chipsets available; the biggest remaining problem appears to be the integrated GPUs aimed at handheld systems. Beyond that, experience shows that merger into the mainline will increase the visibility of Nouveau, enlarging the development community and increasing the pace of improvement. This can only be a good thing.

Back in 2006, an NVIDIA manager claimed that “It’s so hard to write a graphics driver that open-sourcing it would not help.” He also said that there was no interest in open-source drivers. The Linux development community, undaunted by that condescending attitude, has proved that it is able to handle the complexity of graphics drivers Рwhich are, after all, only a small piece of the much larger system we have built. Nouveau also shows that there is great interest in free drivers Рenough to figure out how to build them the hard way, if that is the only way available.

Article Source Andy Updegrove’s Blog
December 23, 2009, 7:50 am

Yesterday a very small company won a very big victory against a very large software vendor. The small company is i4i, a Canadian company that claimed that the large company had not infringed its patent accidentally, but knowingly and willfully, after engaging in discussions relating to the very same technology in question. For the small company, the functionality in question represented its main product, so when the big company bundled the same technology for free in its own product, i4i’s business was gutted. If you’ve been following the story already, you know that the big company is Microsoft.

Yesterday’s big victory was the affirmation by an appellate court of the trial court’s finding of willful infringement. Under the ruling on appeal, Microsoft had been required to remove its infringing code within 60 days, and also pay i4i $290 million in damages due to the lost sales and other harm it had caused. Here are my thoughts on what just happened, and what’s likely to happen next.

Read the Rest Here

Article Source Linus Torvalds’s Blog
December 21, 2009, 8:11 am

It’s not all that often that we encounter things from Finland here in Portland. So imagine my surprise when we’re on our way to our weekly date-night with Tove, and our baby-sitter is gushing about this adorable and wonderful Finnish YouTube video.. She apparently have been watching it three or four times a day for the last few days (weeks?), laughing hysterically.

I’m intrigued by this notion, so I look it up, and notice that I am very late to an internet phenomenon. The thing in question is Armi & Danny’s “I Want to Love You Tender”, which has apparently been a big hit on youtube for several years now.

Now, people who aren’t from Finland may not realize the whole depth of that video. To an outsider, it may look like some highschool musical number with particularly inept dancing. It’s funny, yes, but you go on to watch keyboard cat and dramatic chipmunk.

But to somebody from Finland, the first reaction is “I recognize that tune”. The second reaction is “Oh, it’s them!”. That’s not some inept highschool musical number, that’s one of the most beloved Finnish entertainers ever! Ok, so the version you hear in Finland is in Finnish, and the above is the English version – and Finns back in the seventies weren’t really all that good at English. That explains some of it.

When I grew up, the Swedes had ABBA and Björn Borg. The Finns had Armi ja Danny. Really.

Now I just find myself wishing that we’d have Finnish meal-pouches with musical accompaniments. “Rudolf in a Bag” MRE’s (reindeer meat with lingonberries) with Armi and Danny on BluRay.

Although I’m not sure I could take the concentrated awesomeness that is “I Want to Love You Tender” in glorious HD. Maybe it’s safer in that low-quality YouTube version.

Article Source Andy Updegrove’s Blog
December 19, 2009, 8:29 am

If you’re like me, you became fully aware of free and open source software only gradually, rather than suddenly and all at once. In my case, the process was somewhat schizophrenic, because I was personally involved, through my clients, in some of the evolutionary steps of FOSS itself, and only realized in retrospect how they fit into the whole picture.

Over the past few months, I’ve been reading several books on the early days of FOSS (I hope to review them later), each based upon extensive interviews with those that made FOSS happen. That’s been especially revealing, because in recent years I’ve gotten to know many of the same individuals, and didn’t always appreciate the roles that they had played in the early days of FOSS.

Recently, I tried to put all of this together, and more, into a single article that could serve as an introduction for people that might have an incomplete knowledge of FOSS, or might not fully appreciate all of its many dimensions. While no single article could ever hope to fully capture such a complex topic, perhaps the concise overview that I’ve put together can fill in some of the blanks for people who have only a general idea of what FOSS is all about. And hopefully it will also provide the incentive for them to want to learn more (I’ve provided a brief bibliography at the end for that purpose).

Read More

After five years as CEO of Canonical Ltd., Mark Shuttleworth is stepping down from that role, as current Canonical COO Jane Silber steps up as the new executive leader of the popular Linux distribution vendor.

The changeover is starting now, and will be effective on March 1, 2010.

Outside observers might get more than a little jolt at the news, but in reality Shuttleworth and Silber have shared many of the same responsibilities leading Canonical since Silber joined the company in 2004. This shift represents a definite change, but not a radical one.

As COO, Silber’s primary focus has been delivering execution of the strategic visions of Shuttleworth as CEO, she explained in a phone briefing earlier today. As CEO, Silber will capitalize on her strengths as a operational leader to focus Canonical on their current strategic goals, while Shuttleworth will provide strategic support as he focuses on product design and development.

Both executives strongly emphasized that the new leadership will not represent a major shift in strategy for Canonical: don’t look for the company to suddenly focus solely on enterprise business at the expense of other aspects of its business. Silber and Shuttleworth have been leading Canonical together for quite some time, and much of Canonical’s strategy has been created by these two and the rest of the executive team all along.

This change, in Shuttleworth’s own words, is subtle. He kindly gave me an example during the call, highlighting the role of Neil Levine, VP, Corporate Services, who currently reports to Shuttleworth. Shuttleworth described his relationship with Levine as working to build a strategy for Levine’s area of expertise, while Levine delivers metrics and execution plans to Silber in her role as COO.

Under the new management, Levine would deliver and implement metrics and execution plans to Silber, while Shuttleworth would support Levine with strategy planning.

And what will Shuttleworth be doing? According to his blog announcement, “I‚Äôll focus my Canonical energy on product design, partnerships and customers. Those are the areas that I enjoy most and also the areas where I can best shape the impact we have on open source and the technology market.”

These areas represent a real passion for Shuttleworth, who also plans to continue his roles on the Ubuntu Community Council and the Ubuntu Technical Board. By embedding himself further in the community and product development aspects of Canonical, he hopes to be able to delver more visions for the company while Silber effectively steers the ship where she believes it should sail.

There were, naturally, questions regarding the timing of this move. Did this represent a personal change for Shuttleworth, or was this part of a broader cost-cutting strategy for Canonical? Both execs firmly downplayed these notions, though Shuttleworth indicated that while this management change was not a specific cost-reduction plan, Silber’s operational focus and strengths would also be matched by improving the financial performance of the London-based company.

For now, don’t look for a big sea change from the makers of the Ubuntu distribution, as the company will remain steadily on course.

“We intend the transition to be a smooth one so in the immediate term it will be business as usual. Over the medium and long term we think this will better align the skills that each of us has and therefore there should be positive benefits for all who are involved in the Ubuntu and Canonical universes,” wrote Silber in her corresponding blog entry.

Article Source Andy Updegrove’s Blog
December 11, 2009, 6:37 am

Plus ca change, plus c’est la meme chose
— French Proverb

Ah yes — “The more things change, the more they stay the same.” Isn’t that how the old saw goes? Or, in the more impatient parlance of today, simply “Same old, same old.” So perhaps it should be no surprise that the old proverb would also hold true in the rough and tumble world of standards. And that is the case, not only generally, but more particularly in the suddenly hot war over eBook reader formats. This time around, though, there are a few new and interesting twists (on which more later).

What’s the “same old” part all about? There are two alternate behavioral flavors: (1) try and set a de facto standard that you control, perhaps even obtaining a near monopoly in the process (the “winner takes all” strategy), and (2) pit your standard against another, where your standard gives you some relative, if not absolute, advantages (the “our team vs. their team” strategy).

In this case, it looks like Amazon is attempting to pull off the first, but in fact it’s hard to tell whether they are serious, or just adopting a flawed strategy. Either way, I believe they will eventually have to admit defeat.

Read the Rest Here