I happened to come across this article in Redmond Developer News recently…

Redmond Among Contributors to Open Source PHP Framework

…about contributers to the Zend Framework. Among the many (400) contributers to the project are Google and Microsoft. It’s probably just me, but I found it amusing (in a good way) that the two arch-rivals contributed pieces to the same Open Source project.

The article goes on to describe how Microsoft sponsored work to enable InfoCard (now called CardSpace) support in a number of Open Source products including Zend and Ruby on Rails.

Microsoft’s Patch Tuesday will be upon us soon patching 3 critical and 1 moderate security problems. Security issues aren’t just a problem for Microsoft software of course. And, I recently learned about…

oCERT: Open Source Computer Emergency Response Team

…which describes itself like this…

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

There doesn’t seem to be a lot there yet (only 4 advisories posted so far, the last on April 17). But, I hope oCERT will become a good resource for those of us who deploy a lot of Open Source applications.

Port 25 Security Related Blog items

Okay, actually, there are a number of virtualization options not listed in the title, but the one nobody seems to be talking much about Sun’s xVM VirtualBox. But, wait! you say, Sun begs to differ: “Sun xVM VirtualBox software is the world’s most popular open source virtualization platform because of its fast performance, ease of use, rich functionality, and modular design.”

Some cool features of VirtualBox include:

• Seamless windows - rather than a whole desktop environment, just the guest application windows can co-exist alongside native host applications.
• Shared Folders - easily move documents and files between the host and guest systems.
• Mouse pointer integration - it just works how you’d expect it to.
• Dynamically adjustable screen resolution in the guest.
• Time Synchronization.
• Shared clipboard.

A lot of that is available elsewhere (e.g., time sync and shared folders), but seamless windows is a nice touch.
AND, VirtualBox is open source!

Do check it out.

There’s an interesting four page PDF file that appeared recently on the Microsoft downloads site titled…

Open Source at Microsoft CodeBox: Bringing the Open Source Approach In-House

It answers the question: Could the community and collaborative concepts that
underlie open source projects be applied internally to Microsoft product engineering?

CodeBox is an software development environment that was developed as an internal tool to help Microsoft apply the Open Source software development model internally. It gives Microsoft’s programmers and internal tool to manage shared code.

If you are at all familiar with the UNIX or Linux world, you will know about the Pluggable Authentication Module (PAM) functionality. Essentially, PAM is a highly extensible login framework for authenticating and authorizing a user for access to a server. Prior to PAM, most logins worked directly against the local /etc/passwd database, but with PAM, users are authenticated against the PAM library, which in turns relies on a series of “modules” (surprise!) that return a Yes/No response. On many UNIX and Linux boxes, PAM still relies on /etc/passwd, but it doesn’t have to—and often doesn’t. For example, LDAP is quite often supported for authentication, and this is done by simply adding the right LDAP module to your PAM configuration.

Yawn.

Well, it is all very cool of actually, but it is old news in the UNIX world.

Now, Windows has supported this, kind of, a little bit, with GINA and GINA chaining and what-have-you, but it is really JUST NOT DONE. In addition, the GINA chaining concept is rarely if ever used. (I have heard because of reliability issues.)

However, Vista now supports a new model known as Credential Provider, which is deceptively like… PAM! Well, cool. (And they say Microsoft doesn’t learn!)

Anyway, I suggest you take a look at this as it’s all very nifty stuff:

Windows Vista Sample Credential Providers Overview

Credential Provider Samples

New Authentication Functionality in Windows Vista

OK, I know this is NOT the Inside MySQL blog area. But, MySQL is the “M” in both LAMP and WAMP. And, as one of the people who wasn’t very happy by MySQL’s decision to close source parts of the upcoming MySQL 6.0, I thought I should help spread the good news announced by MySQL’s VP for Community Relations - Kaj Arnö:

MySQL Server is Open Source, even Backup extensions

His six main points are:

- MySQL Server is and will always remain fully functional and open source
- MySQL Connectors will be open source
- The main storage engines will be open source
- MySQL 6.0’s pending backup functionality will be open source
- The MyISAM driver for MySQL Backup will be open source, and
- The encryption and compression backup features will be open source

FYI: MySQL related blog posts on Port 25

Michael Desmond raises an interesting point in an article in Redmond Developer News…

Open Source and .NET

Desmond acknowledges the IronPython/IronRuby work as well as Microsoft working with Zend on PHP and FastCGI. He quotes DotNetNuke’s Bill Walker who told him: Case studies could be sponsored, articles could be included in Microsoft magazines, etc. We have people … who still believe DotNetNuke and other .NET open source software is for the hobbyist set only. Desmond closes by asking: Should Microsoft be doing more to make open source development a first-class citizen in the .NET space?

The answer, IMHO, is definitely yes. I’d like to see, for example, Microsoft’s Port 25 site reach out to various Windows related Open Source project team members to highlight them and their projects. Three that come to mind right away are: OpenNETCF (Windows Mobile and Embedded development), MindTouch Deki Wik, and SharpDevelop (free IDE for C#, VB.NET and Boo).

And, of course, there is always a lot to say about the better known Open Source projects like Apache httpd, Apache Tomcat, and Eclipse. Let the folks at Port 25 know what Open Source projects related to the Microsoft Windows platform you would like to read more about.

If there is one Microsoft product that openly gets inspiration from and gives credit to UNIX and GNU Linux/Open Source, it is Microsoft PowerShell.

How open source has influenced Windows Server 2008

The PowerShell team is at the Microsoft Management Summit (MMS) in Las Vegas this week. And, they posted the PowerPoint 2007 slide deck for a peek at PowerShell V2 on their blog…

MMS: What’s Coming In PowerShell V2

I’m not at the MMS. So, I didn’t see the presentation. However, the slidedeck (downloadable from the blog entry linked above) lists four main topic areas (labeled Themes in the slides):

1. GUI over PowerShell
2. Production Scripting
3. Universal Code Execution Model
4. Community Feedback

In the Linux world, I’ve been asking people to use Python or Ruby instead of Bash scripts so that we don’t have to refactor from one more basic scripting language (say Bash) to a more sophisticated object oriented dynamic language (say Python or Ruby). In the Windows world, the jump has been from DOS batch language to Windows scripting (which I never liked) or Visual Basic/C#. That’s not really an option at all IMHO. PowerShell, on the other hand, brings Windows into the 21st century for system administrators who may not come from a deep software development background. It gives them a first class language and .Net citizen as an alternative to DOS batch (I hesitate to call it a language).

Though PowerShell still seems to have a strange look to it from my point of view, its ability to deal directly with .Net objects gives it the ability to more easily deal with systems level information than we have on Linux with even high-level dynamic languages like Python and Ruby.

Me? I’m still waiting for a binary ready-to-install IronRuby to test with Windows Server 2008 :-)

I was just reading Michael Mimoso’s account of a new MS-SQL injection attack that is making the rounds. Sigh.

The funny thing is that I was just talking to one of our consultants here at Puryear IT about.. SQL injection attacks. He was working on something involving MS-SQL, and commented that MS-SQL did not properly handle dangerous code in comments in SQL code, which made it possible to attack the SQL server if security was not properly setup. Then I found that blog. Good times.

Anyway, SQL injection attacks aren’t specific to MS-SQL. Almost every database server is susceptible to them, not because of the RDBMS itself, but usually because of:

• The fact that the RDBMS was not properly configured and secured.
• Applications, especially web applications, do a horrible job of checking for sane SQL statements.

There are a few ways to help yourself right out-of-the-box of course. For one, using prepared statements and relying on a properly designed database library in your code helps. For example, instead of using something like:

$input = INPUT-FROM-USER;
SELECT col1 FROM table1 WHERE col2 = $input;

You should be preparing the statement and relying more on your SQL library to reject any odd input, like so:

$input = INPUT-FROM-USER;
$prepared_sql = prepare(SELECT col1 FROM table1 WHERE col2 = ?);
$prepared_sql->run($input);

Generally, the latter form will allow you to not worry about escaping your input. (This is not always the case though, so consult the documentation for the SQL library you are using!) That said, it still makes sense to check for anything overtly dangerous in the user input.

Anyway, back on the original blog entry, I found this pretty funny: ‘”They’re blindly tossing SQL injections at sites and getting a high success rate. They’re upping the game,” Grossman said. “This is a new level of sophistication.”’ There is nothing new or sophisticated about blindly running exploits against servers on the Internet. It is an old technique actually, and unfortunately, it’s always had a good rate of return.

Microsoft’s Sam Ramji posted a blog innocuously titled…

Managing Towards Open

Honestly, I might have passed over reading it except for the fact that I read this item over on Information Week first…

Microsoft Uses Open Source To Extend Systems Management To Linux

They’re doing this by taking Open Source (MIT License variety) code from the OpenPegasus project that describes itself as open-source implementationof the DMTF CIM and WBEM standards. This alphabet soup translates to: Distributed Management Task Force, Common Information Model, and Web-Based Enterprise Management.

In a recently posted blog fellow ONLamp blogger Noah Gift called it Microsoft Trojan Horse Part Duex: System Center Operations Manager 2007 Cross Platform Extensions and Connectors. I’m taking a more wait-and-see approach to it to see what comes of out this effort to interoperate in the enterprise environment. I am curious what the OpenPegasus project members think of this and whether or not they are directly involved in this effort.

Well, this is nifty. A start-up named Kickfire has released a MySQL appliance. There is nothing “nifty” about a network appliance of course; that is, unless the appliance has specialized hardware and software to outperform a similarly configured in-house configured server.

And that is the point behind Kickfire.

They have designed a specialized processor for SQL servers and integrated this with MySQL using customized code. Apparently, the box screams.

I first read about this on Jason Perlow’s blog, and he goes into greater detail, including notes about how this may set a trend for appliance based SQL servers running PostgreSQL, Oracle, and even Microsoft SQL Server. MS-SQL on an appliance? Now that would really be nifty.

Bryan Kirschner (Microsoft Director of Platform Community in their Open Source Labs) talks about three groups of people in relation to their Open Source efforts in a blog entry titled…

Open Source Day + 30 …

His group 3 includes pretty much anyone at Microsoft whose primary job does not necessarily include Open Source but touches on it. I’m really concerned with the direction Microsoft’s virtualization effort is taking since Virtual Server 2005 R2 SP1 came out and the upcoming production release of Hyper-V. The Virtual Machines team appears to be ignoring everything except for Suse Linux. While that is a fine Linux distro, there are a bunch of other important distros too (especially the ones I use :-). Virtual PC 2007 and Virtual Server 2005 R2 SP1 both have problems with Red Hat Enterprise Linux versions starting with RHEL5 (this includes CentOS 5) and Ubuntu starting with version 7.

Supported Guest OS on Windows Server 2008 Hyper-V

I’ve been tracking the various workarounds that people have figured out for RHEL5, CentOS 5, Fedora 7 and 8, and Ubuntu 7 and 8. You can find my current collection of installation workarounds in the links below to my personal blog.

Red Hat 5/CentOS 5.1 and Microsoft Virtual Server 2005 R2 SP1

TechNet Blog: Fedora 8 on Virtual PC 2007

Ubuntu 8.04LTS vs. Microsoft Virtual PC 2007

I haven’t tried these distros with VMware ESX 3.x. However, none of them cause installation problems for VMware Workstation 6 for Windows, VMware Fusion for Mac, or Parallels Desktop for Mac. I really hope that the Microsoft Virtual Machine teams takes a hard look at their product direction and add support for the current versions of major Linux distros like RHEL5 and Ubuntu. Failure to do so simply makes it easier for people to move to VMware ESX and avoid buying Windows Server 2008 with Hyper-V.

So, Hyper-V is ready to be released with Windows 2008. More or less. Hyper-V is the “next generation” of virtualization for Microsoft and the Windows platform (at least as far as Microsoft sees it), and includes some enhancements of Virtual Server.

Technically, it doesn’t appear that Hyper-V is going to really frighten the current VM players like VMware and others, but there is an interesting trend that Hyper-V’s inclusion in Windows 2008 highlights: virtualization out-of-the-box.

As of Windows 2008, virtualization will be a “click and run” operation. Linux distributions are doing this as well. For example, Red Hat comes pre-packaged with Xen now and some management tools for Xen VMs.

Jeez, with the move toward application virtualization, server virtualization, and whatever virtualization, the whole argument of Windows vs. Linux or Windows vs. Anything just seems to be slowly fading away. At what point does Windows or Linux as the OS stop being a factor?

The US government’s GSA (General Services Administration) manages many billions of dollars of purchases and operations for government agencies. So, it was interesting to see this quote from the following article in GCN (Government Computer News)…

GSA makes the case for open source

While Coleman [the GSA’s CIO] saw many advantages to using open source software, she mentioned that, somewhat counter-intuitively, saving money may not be one of them.

“If you are looking at open source because of perceived cost benefits, you should know there is no guarantee it will be cheaper,” she said. “Open source does not mean free.”

It turns out that the GSA Open Source toolbox inclues JBoss, Bugzilla, JUnit, JMeter, and Eclipse. And, more importantly, the initial acquisition cost (free) is not necessarily the driving factor.

The article’s author makes the classic mistake of thinking Open Source software cannot be commercial software: Not having sunk costs in a commercial software program also means the agency can move to a new program more quickly should its needs change. So, we still have to educate mainstream journalists a bit more about Open Source. However, the main point is that more and more people understand that the value of Open Source software is not tied to the often (but not always) free procurement cost.

Okay, I’m confused. I just read a blog about using Microsoft Access as the database back-end for a website. I think. Well, heck, I’m not sure. Is she saying you should convert to a true client/server database model or you should use Access itself as the database back-end?

To be honest, I think there is little value in Microsoft Access outside of its insanely easy development front-end for programmers. That’s why Access is popular: It is very easy to create a database application from scratch using Access. Even with web programming languages such as PHP you have a steeper learning curve, especially since you need to setup Apache, PHP, and MySQL (well, those are usually running on a Linux server these days anyway, although that of course brings up an obvious security issue).

It used to be a lot easier to understand the closed source and open source worlds in the old days. Microsoft, Sun, Oracle, and the like were closed source and wore black hats. The GNU/LAMP people were Open Source and wore white hats. This world was simple and clean. When I started looking beyond the source code and newsgroups in the early 2000s, I was surprised to see firms like Zope with a combination of Open and Closed Source products. I was a little confused by MySQL’s dual license. And, Red Hat threw me for a loop when they stopped providing free downloads after Red Hat 9 (this is before the Fedora Project emerged). JBoss’ professional Open Source idea seemed like a good idea me but seemed to be drawing some barbs now and then.

The Open Source community-industry has been undergoing a lot of growing pains over the past few years as it transforms from the community-contributer model to a full business model with employees, health plans, boards of directors and the like. Perhaps the Open Source business looked at Microsoft and figure their closed source model has made them a bit of money and that closed source is not that evil if it pays the biils. Personally, I was hoping that Open Source services (consulting, packaging, etc.) would be enough to keep FOSS firms afloat. But, at the moment, it looks like some closed sourcing for value added features is going to be the norm. The EnterpriseDB Postgres Plus effort looks similar to what MySQL is doing but seems to be mostly flying under the radar for the moment. And, as I mentioned, Zope has had this business model for years.

Having spent the 1990s working for a telephone company (good ol’ GTE) I watched a similar transformation in the Computer Telephony and VoIP industry. The Computer Telephony Expo in the early 1990s consisted of a bunch of engineers and startups showing their wares to potential customers (often phone companies like the one I worked for). There weren’t many marketing-critters in the midst. And, the only person wearing a suit and tie was usually Harry Newton (who coined the term Computer Telephony and organized the conference). By the end of the decade, the complexion of the conference had changed, I think the conference grew from 2,000 to something like 30,000 in the years that I attended. And, there were a lot more marketing critters and people in suits. In fact, I recall noting with some distaste that I had decided to wear a suit for the day I was a panel moderator there (it seemed like the right thing to do at the time). The Computer Telephony industry had grown during the decade to the point where people actually had to figure out how to make money and not just show cool IP comm gear. And, then, of course, there were the bigger companies buying the small cool ones. Intel, for example, bought Visual Voice (a very cool software firm) and Dialogic (a very cool hardware firm). Microsoft, Intel, and GTE co-sponsored the TAPI Bakeoff (an Interoperability event for vendors) for several years. As one of the event coordinators, I had a ringside seat to watch the development going on. Most of that technology is now invisible and is simply part of the infrastructure now. It is not something I actively think about unless something goes wrong (very rarely if you think about it).

I think we are seeing something very similar happening to Open Source. Sun’s purchase of MySQL has set off a lot of heated discussion as Sun and MySQL tries to find a business model that can simultaneously keep the Open Source community happy while building a revenue stream. They may have found a model, but it is not exactly making everyone happy quite yet. Personally, I am watching this all with some anxiety as I depend on MySQL for a lot of projects. In the meantime, we are seeing blog titles like:

Just announced: MySQL to launch new features only in MySQL Enterprise: So, in effect, they will be giving their paying customers real, true, untested code. How is this supposed to work? In addition, this means that they are changing their internal development model, splitting the relationship between the two trees, and overall going even further down the path of getting the RHEL/Fedora model backwards.

The whole story about online backup: The business reasoning behind the decision to reserve the native modules for paying customers is that only the most demanding users have an urgent need of this feature, and I can see the value of this assessment.

Thoughts on the Fuss: I doubt that this little scheme of charging for these features ever actually takes place. It is pretty much diametrically opposed to the what Sun says they want for MySQL. I think that by the time server version 6.0 is GA that every feature will be fully available for anyone. And that is why I have not taken the time to sharpen a pitchfork and join the mob. Because in the end I don’t think this will ever happen.

The Ingres Vultures Descend: In a despicable business practice, I received a message from a PR Firm representing Ingres. Now, I even wrote about the controversy that seems to have swept the open source community; but even my writings were not completely factually correct — I wrote that even if online backups were closed it was not necessarily the worst thing in the world. The actual parts of the online backup that are not open source and free are compression and encryption — that is all. (FYI: I received a similar email from Ingres but didn’t think it was despicable - just a PR firm doing its job).

The Closed-Open Source industries are in a state of extreme flux. And, it will probably take another decade to sort this all out along with web/mesh services, SaaS (Software as a Service), and service subscriptions. If the various blog reactions to various changes are any indication, it will probably be a bumpy ride. But, let’s hope it all works out for the best for all parties involved in the end.

Is closed sourcing inevitable? I sure hope not. But, we’ll see it play out one way or another over the next couple of years.

I was recently doing a somewhat random Google and found a note from someone about whether there is a “market for LAMP consulting”. Ha. Perhaps. The whole Linux thing may just be ready to get off the ground. ;)

Seriously though, I do wonder about this comment: “may be some market for MySQL work - optimizing adn [sic] so on”. Hmm. I know for a fact that there IS a market for MS-SQL specific consulting, e.g., performance tuning, security, installation, etc. However, I rarely see a need specifically for MySQL consulting. Generally, “MySQL” is thrown in with the overall need for a PHP developer.

Not that this should be the case.

A database administrator is a very important role in any organization, but it seems like MySQL administration is often bundled in with the software development. That’s not so typical with MS-SQL, Oracle, and DB2 work though.

To me, this ties back into the original roots of MySQL and its popularity: LAMP. LAMP breaks out into “Linux Apache MySQL PHP”, and is the development platform of choice for many people and organizations.

But is this limiting the growth of the “MySQL profession” in some ways?

Recently, we were working to bring up a VMware installation for a client of Puryear IT and we hit a snag. To provide some background first though: We had decided to go with a GigE NAS based environment rather than a more traditional SAN. We had seen Dell’s NF500 in use already and were pleased with it overall, so we went with the NF500 with RAID-10 on a GigE switch and, of course, GigE on the Dell servers running VMware.

Great, right?

Alas, not so much. During our benchmarking, we found that the NFS performance on the NF500 across the GigE was pretty bad. This goes for every variation, including NFS over UDP and TCP, v2 and v3, rsize and wsize of everything from 4kb to 32kb, and so forth. Yes, we tried every performance tweak in the book, but just could not get the Linux servers to get good NFS performance against the NF500. Well, the performance is good enough if you were using the NAS as only a file server, but not if you want to run VMs off it.

That said, there is no real reason why you can’t or shouldn’t run VMs off a GigE network and a really fast NAS. It’s more than sufficient. Unfortunately, we didn’t have the hours to troubleshoot whether there was something going on with the Linux NFS implementation or the NF500, but we still had to get the problem solved.

Fortunately, we did find a solution that not only worked, but worked well: CIFS.

Everybody knows and loves CIFS. (Well, everybody at least knows CIFS. Oh, and hello Samba.) It’s just Windows Networking. Generally, we use NFS within Linux and UNIX networks where we can tighten down security enough on the network to make it reasonably safe to use (NFS is not, and has never been, a secure protocol.) But I am quite familiar with CIFS and was curious if using it would clear the problem up. And yes it did.

I found that mounting the VM shares off the NAS on the local Linux VMware servers let us transfer at near-wire speed. We were then able to run our VMs off the NAS; we have yet to see any performance issue or bug, and the whole thing just works like a champ.

Very interesting.

Microsoft’s Chief Software Architect Ray Ozzie (Bill Gates was their first CSA) delivered one of two keynotes at the Microsoft MVP Summit I attended last week. I was debating whether or not to get in line at one of the microphones during the Q&A session to ask him about Microsoft and Open Source. But, someone else decided much faster and was able to make a good statement and ask a good question. The entire transcript of Ozzie’s presentation and Q&A session can be found at…

Ray Ozzie: Microsoft 2008 Most Valuable Professional Global Summit

Here’s the section from that transcript regarding Open Source…

QUESTION: I have a question about the software as a service space that’s currently existing. If we look out at the Web now with all the providers and vendors, we see Open Source playing a very strong role with a large number of vendors, and it’s very different from the Microsoft platform what role Open Source plays as opposed to the other platforms. In fact, Java is Open Source now.

So, my question is, with the Microsoft vision, where do you see Open Source playing a part on the Microsoft platform, and what is your position towards it?

RAY OZZIE: Well, my position toward Open Source generally is that it’s a part of the environment. It’s very useful for developers to be able to get the source code to certain things, to modify them.

Microsoft fundamentally as a whole has changed dramatically as a result of Open Source in terms of as people have been using it more and more, the nature of interoperability between our systems and other systems has increased. And I can tell you from an inside perspective in terms of dealing with individuals inside, when you build a new product, immediately you start thinking of how shall this product expose its APIs, what type of developer is it serving, should there be SOAP or Web Services APIs, because it will be being used in system integration context within an enterprise, are the people who are going to be integrating with it going to be more of the Web community and should they exposed through REST-based technologies, should the results come back in XML or JSON or some other formats based on the type of consumer of the thing.

Open Source is a reality. We have a software business that is based on proprietary software. We tactically or strategically, depending on how you look at it, will take certain aspects of what we do, and we’ll Open Source them where we believe there is a real benefit to the community and to the nature of the growth of that technology in Open Sourcing it. The .NET Framework is a good example of it, and we’re working with Novell to make model work so that people don’t have to make this choice if they do want to do something with a Linux or UNIX back-end, and so that we can share tools and technologies.

But the bottom line is we believe very much in the quality of Microsoft products. We are an IP-based business. But we live in a world together with Open Source, and we have to make it possible for you to build solutions and for customers to build solutions that incorporate aspects of both.

Some of the articles and blogs about Sun/MySQL’s growing Open/Closed Source forking has been pretty dramatic. ZDNet’s is one example…

Did Sun just my MySQL Closed Source?

MySQL was moving down this path by splitting features available in their Community and Enterprise editions long before Sun announced it was buying MySQL. So, I’m not placing the blame (if that is what it should be called) on Sun. I think it is just the reality of trying to stay in business in the Open Source world. It is tough to make money from a free product - even a great one like MySQL. If the model of selling services does not justify something like a billion dollar price tag, what then? For MySQL and Sun, the answer is to provide more value-added features for a price and closing the source.

Am I happy about this? Not hardly! But, I saw this coming and have been preparing for it. I’ve been looking at PostgreSQL since the day Sun announced buying MySQL. And, recently, it was pointed out to me that Ingres (which I used back in the 1980s) is now an Open Source product. I’m not going to suddenly stop using MySQL or recommend that people switch away from it. But, I think it is prudent to take a look at alternatives.

MySQL related blog entries at Microsoft Port 25

If you work with Microsoft adCenter to generate ads, you might find it interesting to read the PHP code samples collected in this blog entry by Walter Poupore.

Recommended Reading — php and Ad Groups

The code samples available there cover the topics listed below:

How to Check the Status of an Ad Group in PHP (V5)
How to Submit an Ad Group for Approval in PHP (V5)
How to Create Keywords in PHP (V5)
How to Create Ads in PHP (V5)
How to Create Ad Groups in PHP (V5)

For more PHP-Microsoft Windows related interop, here are the Port 25 blog items with a PHP tag.

Port 25 - PHP

I was reading a quick run-through of memcached and it occurred to me how absolutely simple and SIMPLISTIC memcached is. Really, it’s absolutely.. basic. Oh, but wait, what is memcached? memcached is really nothing more than a cache service for accessing data. Its origins are as a cache service for the RDBMS used by Facebook. Anyway, memcached is nothing more than a hash table in memory that is used to cache query results. That’s it.

“So what?” you ask.

Well, memcached is actually a pretty big deal. It’s used all over now. And if you monitor places In The Know, like the High Scalability blog, you’ll notice a trend: A lot of people use it or plan on using it Real Soon Now.

memcached was written to serve one basic role: cache database request. It wasn’t written to provide a massively redundant service. Or to distribute load across memcached nodes. Or to provide a secure proxy to a database service. It just takes a query and returns whatever is in the cache. And this is done using a simple hash, meaning that at its core memcached uses a set of algorithms that you’ll find on every second year Computer Science exam in college.

What I find so fascinating is that yet again we see a very simple but hugely effective service developed in the UNIX world. Why aren’t these things happening for Windows? With Microsoft’s forays into HPC, you would hope that people both in research and business would start fleshing out these genius little nuggets on the Windows platform, but I haven’t seen this happen yet. So, what’s the hold up?

I’m attending the Microsoft MVP (Most Valuable Professional) Global Summit in Seattle this week (I’m a Windows Mobile - Mobile Devices MVP). IronRuby was not on the Open Spaces meeting agenda this afternoon, so John Lam staged an impromptu meetup for people interested in talking about IronRuby. John is 4th from the right in the photo. And Jimmy Schementi (Program Manager - Dynamic Language Runtime) is 2nd from the left.

I found the nearly two hour long session very interesting even though, as I explained to John and Jimmy, I’m one of the people too lazy to build IronRuby from source (I compile nearly everything from source for Linux but nothing for Windows) and am waiting for the installable binaries.

John will talk about IronRuby on Rails at the upcoming RubyConf.

Port 25 — Blog entries tagged with Ruby

I often refer to blog entries over on the Microsoft Port 25 site. if you are interested in Open Source interoperability with Microsoft products, you definitely need to follow some of their product teams as much as you follow Open Source product information. Here’s a MSDN blog post by Tadd E. Dawson that collects and lists what looks like every Microsoft product team blog in existence.

Microsoft Product Team Blog Directory

Not exactly “new” news but there is a reasonable article by Gary Morgenthaler at Business Week about Apple and Microsoft. Definitely well worth the read. Gary discusses how Apple is developing a multi-pronged strategy to battle Microsoft. In all honesty, the strategy has very clear for a while:

1. Use bottom-up marketing by targeting consumers to increase mind- and market-share.
2. Focus on ease-of-use, which has always been a foundation for Apple.
3. Keep their presence known in the enterprise, but don’t focus on it.
4. Be the cool company.

I think we can all agree the strategy is working. Apple is becoming a bigger player every day, and *gasp* they do seem to be slowly making some headway in the enterprise, albeit extremely slowly (at least in my experience).

There’s a question that comes out of this success however: How does this impact the open platforms like Linux and FreeBSD? Well, a lot actually. Linux maintains a strong but shared leadership position in the data center, but has yet to have even moderate success on the desktop. Certainly you can find stories of large Linux desktop roll-outs here and there, but when viewed in light of the total desktops in use and those being deployed now or even in the future, the number is almost dismissively small.

Just as importantly, if you ask your average consumer or enterprise desktop user about Linux they will either have no idea what you are talking about or ask you why they would put the mail server on their desk.

That’s not the case with Apple. Everyone knows Apple. And most people have a very positive impression of Apple computers, although Apple is often avoided due to cost and compatibility (whether that remains a valid reason or not). But Apple on the enterprise desktop? That’s another ballgame altogether. The “cost” side of the equation goes away for the user and the compatibility issue is slowly fading with virtualization, published applications and terminal services, and web-based access. So what DOES happen if you put an Apple on someone’s desk? They’ll probably play with the computer for hours and tell their friends how snazzy it looks. And then they’ll start working.

Microsoft does indeed have a very serious problem here.

I just read in Matt Asay’s CNET blog that Microsoft Open Source Lab Director Sam Ramji has been promoted to lead Microsoft’s entire Open Source/Linux efforts.

Microsoft gets a new open-source chief

You can find Sam’s Port 25 blog items here…

Sam Ramji - Port 25

Has anyone read Putting Our Own House In Order? I thought this little quip was funny: “Tony’s background is in academia, a place where Microsoft has had some challenges.” (Queue the old graphic of a million students sitting in class with Macs.) Okay, pretty accurate really. When I was going to LSU ages ago it was cool even back then to have a Mac instead of a PC for a laptop.

Mind you, when I went to LSU my first assembly class was on an IBM 3-something-another and I remember learning that there was no stack for us to use. We had to do all kinds of weird things. I had already learned PC x86 assembly by then (anyone remember coding or watching intros or demos in high school?), and so I thought the IBM assembly was pretty sucky. Still, I did learn a lot. ANYWAY.

The basic premise of the blog about Microsoft is that they have made some strides, but have quite a ways to go. I think the discussion about Microsoft and academia is pretty on point. Most universities basically give Microsoft Office away (by “give away”, I guess I should say “license thousands of copies on your behalf”), but that’s not the point being made. The issue is: Is Microsoft making any headway in being a real power in the academic side of universities, not the business side?

Even back in my day, you could go to a “Windows lab” and work with Visual Studio or go to a “UNIX lab” and use vi and gcc. And you know what? All the fun was in the UNIX lab? And not just for me. There was just a difference in the attitudes and ethic across the two lab environments. People in the Windows lab were trying to get their project in before it was 11:59 PM, while people in the UNIX lab were goofing off, playing with code, and… trying to get their project in before it was 11:59 PM.

What is it about UNIX, vi, emacs, gcc, perl, and INSERT-HERE that makes it fun to play with, while Visual Studio just makes you want to… well, work?

There’s an argument here that the point of coding is work but *cough cough*, no, I don’t think so. Most of the innovations in software are from people that tweak, fiddle, and play with concepts, code, and ways of doing things. And THAT is the essence of academia: The freedom to play and learn and make progress.

Licensing is a big factor here. But there’s something else, and I can’t quite put my finger on it. I think Microsoft is trying to figure out the same thing.

So, I’ve been MIA for almost two weeks now. I’m sure you were pretty worried and possibly even losing sleep. But, it’s okay. I’m fine and back. For now. But what happened?

Well, the whole “SSO” happened.

O’Reilly uses Single Sign-On (SSO) within its network between certain applications (apparently), and something wonky happened with my blogging account that prevented me from properly signing in. I don’t have all the details, but I do know that while logging into the “O’Reilly SSO Site” works, that I can’t then access the blog manager because I’m again prompted to login. Which fails.

So much for SSO.

But let’s not be too critical on O’Reilly here. Sure, it’s annoying, but it happens. Everywhere.

Why is SSO such a pain? When I work with clients on Identity and Access Management (IAM), the first acronym they usually bring up is SSO. And then I warn them that achieving true SSO is usually a long and difficult journey, and that you need to start small. Usually real small.

Typically, I see SSO develop over time using a progression such as:

1. Implement a single username/password system for core services such as logins to servers. No SSO, but you do have Centralized Sign-On (CSO).
2. Implement some type of identity management on top of the directory containing your single username/password.
3. Begin thinking about SSO.

The problem with SSO is that until you at least have a handle on where your username and password is STORED, you can’t get very far with it. And most people don’t have a handle on that.

So stay focused!

Microsoft released another 14,000 pages of protocol documentation for Microsoft Office, Office Server, and Exchange Server (2007 versions). This brings the total documentation pages released up to 44,000 (and, no, I have not actually counted this to verify it :-). The documentation is in what they call preliminary form. I’m not quite sure what that means (not fact checked? incomplete?).

You can find their general principles statement at…

Interoperability Principles - Open Connections, Standards Support, Data Portability

The key line/point to note and ponder is:

5. Open Source Compatibility. Microsoft will covenant not to sue open source developers for development and non-commercial distribution of implementations of these Open Protocols.

The MSDN (Microsoft Developer Network) protocols documentation is found at…

MSDN: Open Protocol Specifications

Jonathan Walz and Hal Rottenberg posted the second part of their interview with PowerShell architect Jeffery Snover on their PowerScripting Podcast. At one point Snover makes says “I’d like to Open Source almost everything” (at 22:14) in response to a question about open sourcing the PowerShell GUI host. He does backtrack a bit and restates it as “Shared Source.” But, still, the thought is there :-)

If you are interested in learning more about PowerShell, you can find the Windows PowerShell Getting Started Guide on the Microsoft TechNet site.

In a recent blog item here titled Linux ext2 recovery, NTFS, and Ghost my Inside Port 25 blogging colleague Dustin Puryear mentioned Chris Traver’s great technical analysis note…

Recovering Data from Windows Systems by Using Linux

I thought it might be useful to highlight just a few of the points Chris brings up in his paper…

- Using sfdisk instead of fdisk
- Using dd (this may seem trivial to old time *NIX users, but most Windows users have never heard of dd)
- Linux NTFS support and issues
- The Coroner’s Toolkit (TCT)

Click on the note’s title above. It will take you to Jamie Cannon’s blog item announcing the paper and provides a link to download the PDF document file.