MySQL 6 is still in its alpha release stage. However, I’ve found that it takes me a long time before I am comfortable in migrating production databases to a major new database server release. And, moving from 5.x to 6.0 someday definitely qualifies as a major migration to me. So, when MySQL’s Director of Product Management, Robin Schumacher, writes to tell us that MySQL 6 has a new backup scheme, I think we MySQL users should pay attention.

A Quick Look at MySQL 6.0’s New Backup

Here’s the thing for Windows users. The article is based on testing using Fedora Linux on a relatively small machine (1GB RAM, single CPU). I never carried out serious MySQL on Windows vs. MySQL on Linux comparison tests with like-servers back when I ran a bunch of MySQL servers at my former job. But, my impression was that MySQL ran a lot, um, smoother (real technical term) on my Linux boxes than my Windows boxes. Now, it may have been that I had tuned my.cnf better for Linux or I did not adjust the Windows Server cache optimally. But, that was my impression.

I only ran into two major problems in the pre-virtualization days (both hardware failures). And, fortunately, my simple minded backup scheme worked as designed. But, since MySQL 6 seems to have such a different take on backup compared to version 3, 4, and 5, if I were still running MySQL servers, I would start reading about this now to get ready for it a year or two from now.

Microsoft Port25 MySQL related blog entries

Well now, this is very interesting. Cisco just bought PostPath. PostPath is an Exchange alternative and has been around for quite a bit. They don’t get as much press as Zimbra, but they are a contender.

Cisco.

Very interesting.

Steven Vaughan-Nichols just wrote an absolutely excellent article about whether open source can replace Exchange or not. It’s highly suggested. Anyway, the article touches on several products, including Scalix and Zimbra, which reminded me of my own blog about open source and Exchange. Also suggested reading, albeit a much shorter read.

Steven brings up several good points, which I’ll highlight here:

1. MAPI is actually now an open protocol due to EU forcing Microsoft to divulge information on CIFS and MAPI.
2. A research analyst considers many Exchange alternatives, including Scalix and Zimbra, to be “mere ‘noise’ in the business e-mail market”, at least in the US.
3. In other parts of the world, including in Europe, open source and Exchange alternatives have around 10%, which is considerably more than noise.
4. Thunderbird is neglected.

This last part got me thinking. I am a Thunderbird user and have noticed the slow release times, but I haven’t really thought about it. Now that Steven mentions the lag, I think he’s right. Thunderbird releases are very slow. Oddly so.

Is this impacting overall adoption of open source products? Maybe so. I’ve been an Outlook user in the past, and while I use Thunderbird (for now), I do miss some of the integrated groupware features of Outlook.

I do keep meaning to take another look at Zimbra. It’s an excellent package, and once I have some free time I’ll take it for another spin.

PHP 5.3.0 is only in its first alpha release. But, if you run PHP in Microsoft Windows, you should talk a look at…

Release Notes for Windows Binaries (for PHP 5.3.0)

Here are the important changes:

- Support for Windows versions prior to Windows 2000 have been dropped. If you run PHP on Windows 98, 98SE, ME, and NT and plan to upgrade PHP to 5.3.0, start your Windows upgrade planning now.

- Up until now, PHP for Windows has been compiled using Visual C++ 6 (VC6) which was released in 1998 (no kidding). There will be two binary builds available for Windows for the 5.3 release. If you use 3rd party extensions or the Apache httpd server, you need to use the build compiled with VC6. Otherwise, you can use the version compiled with VC9. Future versions of PHP compiled binaries will only be released as compiled with VC9.

- 64-bit binaries will be provided on an experimental basis. They should not be used in production environments. The release notes do not discuss running the 32-bit binaries in a 64-bit environment (Windows Server 2008).

Most so-called Linux security issues turn out to be some insecurely coded PHP/Perl/Python/Ruby/fill_in_the_blank app that is simply another application and not a core part of Linux at all. So, I wasn’t alarmed when I read this in Information Week.

Red Hat Confirms Intruder Breached Fedora Servers

From the sound of it, the problem has been contained. And, more importantly, the Red Hat Enterprise Linux (RHEL) production software is not affected at all. The assumption is that RHEL is used for production work and the quickly changing experimental Fedora distro is used for testing, personal workstations, and maybe test servers.

But, I wonder if that is really true? We’ve probably all seen little servers running on platforms that were never intended for that purpose or are incredibly ancient. You’ve probably seen isolated ftp servers running on Windows 98 or a small phone system still running on an unpatched Windows NT box. I’d hazard to guess that there are more than a few small or forgotten servers running Fedora because a RHEL license couldn’t be obtained in a timely fashion and they didn’t know about the CentOS distro.

If you have some examples that can be safely discussed (don’t ID the party or otherwise worsen the security problem for the party), please share them here.

Microsoft paid Novell $240 million in 2006 in what they call subscription fees as part of an agreement for technology sharing and to not sue each others customers for alleged intellectual property (IP) infringements. The payment was not made in total, however. Instead Microsoft pays subscription fees for its customers to use and get support from Novell for SUSE Linux. This week, Microsoft and Novell announced another $100 million will be paid for certificates starting on November 1.

I noticed one of the side-effects of this agreement after the 2006 subscription fee contract was announced. Prior to that Microsoft had recently announced supporting Red Hat, SUSE, and one or two other Linux/BSD distros under Virtual PC and Virtual Server. The Virtual PC and Virtual Serve versions after the 2006 contract dropped support for all *NIXes except SUSE. And, it turned out that installing distros such as Red Hat Enterprise Linux 5 or Ubuntu 7 required jumping through hoops that included modifying Linux kernel boot options. Microsoft has not, to my knowledge, addressed this issue over the years. There is no reason current Linux releases should not easily install under Virtual PC or Virtual Server. Other virtualization hypervisors I’ve tried installed various Linux distros without a fuss. I’ve tried VirtualBox, Parallels Desktop for Mac, VMware Fusion for Mac, and VMware Workstation 6.

I should note that I have not tried Windows Server 2008 with Hyper-V because I’ve never had a spare 64-bit server (or PC) to use for testing. If anyone would like to comment on installing something like RHEL5 or Ubuntu 8 as a Guest OS under Hyper-V, I would be interested to hear about that experience.

I vaguely remember hearing/reading something about the MySQL Drizzle project among the news emerging from OSCON last month. But, it didn’t grab my attention enough at the time (I thought it was just something compete with SQLite), so I didn’t follow up to read more about. However, while wandering through the aisle at the local Costco (part of my weekend rituals), I happened to be listening to the FLOSS Weekly podcast #35 which featured an interview with MySQL’s Brian Akers and the topic was Drizzle.

The first thing I learned from the podcast is that Drizzle is NOT designed to compete with SQLite. What I did learn is that Drizzle is NOT a product. It sounds like it is more of a concept project that may result in some technologies that may be reintroduced back into MysQL. Drizzle itself is derived from MySQL code. However, its purpose is to strip out unnecessary features and legacy characteristics and to re-engineer the code to focus on web and cloud services. You could say it is taking MySQL back to its roots. I was happy to hear that the project is not attempting to be backward compatible with all the features of MySQL. For example, the current working versions only run on 64-bit systems. And, there is no build for Microsoft Windows yet.

I really hope Microsoft takes this same attitude and approach with a future version of Windows and re-imagine and re-engineer Windows down to basic, fast, secure components. They can provide a hypervisor layer to run legacy Windows applications on an as-needed basis. Many Mac users already do this using either Parallels Desktop for Mac or VMware Fusion to not only run Windows XP or Vista but to remove their visual surround (using features called Coherence by Parallels and Unity by VMware) to only display the Windows application’s window without the usual Microsoft Windows in the visual background. The Windows app, in effect, looks like it is part of Mac OS X. Bi-directional shared folders in the next version of VMware Fusion creates further application transparency by letting applications in either Mac OS X or Microsoft Windows (run by a hypervisor) access data files on either Windows’s virtual hard drive or the Mac’s physical drive.

Microsoft Port 25 MySQL related blog items

Wow, apparently Blackbox has been available for Windows for a while now, but I didn’t know it. If you aren’t familiar with Blackbox, it’s a Window Manager (WM) for X. You can compare an X Window Manager to the Windows Explorer. It’s the desktop interface that sits on top of the UI engine.

There are about as many WMs for X as there are stars in the sky, and each one is geared for people that have different needs. KDE (which is a WM+environment) is for those that need a full-featured interface with applications that have a consistent look&feel. Ditto for GNOME. WMs like Blackbox are built for speed. You can quickly access your applications, control the UI, etc., but it’s not heavy like KDE, GNOME, or.. Windows Explorer.

I may have to try this.

Essentially, Blackbox for Windows (bb4win) is a port of BB and can act as a replacement for Windows Explorer. That is, the Windows UI you are used to goes away and you get BB instead.

Have you tried this? Hmm, I may just check it out.

Here are some screenshots.

Microsoft is set to release Windows HPC Server 2008. According to people in the know, it’s supposed to be “a real milestone product for Microsoft”. Hmm, I’m curious. Read this blog on MSDN to learn more.

An interesting paragraph:

Windows HPC Server 2008 is about high performance computing on the Windows platform. Or highly productive performance computing how we call it on our main product website www.microsoft.com/hpc.

HPC = Highly Productive Performance Computing?

I visit SourceForge.net and Microsoft’s CodePlex.com once or twice a month to see what’s new and the most downloaded projects lists. The different natures of the top 10 most downloaded projects on each site always struck me as interesting. Let’s take a look at the what the lists looked like recently.

Three of the top 10 on CodePlex are product samples for SQL Server and SharePoint. The, there’s a couple of developer kits like AJAX Control Toolkit or .NET Reflector Add-Ins. There are only three rather narrow applications that can be used out-of-the-box as standalone projects: Rawr (for World of Warcraft players), Live Hits Finder, and Vista/XP Virtual Desktop Manager.

The top 10 on SourceForge have completely different complexion. All 10 projects provide out-of-the-box ready-to-use applications that most for end users.

There are, of course, many Open Source projects with end-user ready applications for Microsoft Windows (FileZilla, TrueCrypt, and 7-Zip come to mind) and are, in fact, often hosted on SourceForge. But, it seems to me that CodePlex’s real value will emerge if it became a destination site for both end-users and developers to go to for Open Source projects for Microsoft Windows. The samples and toolkits are fine. But, they don’t generate much interest or provide much value to the vast majority of Microsoft Windows users.

Microsoft Port 25 Codeplex related blog items

I have to admit I laughed when I read Randall Kennedy’s blog “Why FOSS is still so unusable”. Kennedy was himself commenting on another blog about the 15 reasons why FOSS projects often crap out. (The “15 reasons” blog has been getting popular and is making its round around the blogosphere.)

Kennedy obviously has some issues with the FOSS crowd, and I can’t say that he doesn’t have some justification for his feelings. For example, he comments that some FOSS developers tend to be lazy in how they approach their work; if you’ve ever looked in source code you may agree. That said, this affects “commercial” programmers as well. The “many eyes” FOSS approach doesn’t tend to counteract this problem.

Anyay, I invite you to read Kennedy’s blog and let me know your thoughts. Kennedy is obviously not in a loving mood with FOSS, and so his views are a tad on the extreme side I think, but that doesn’t discount everything that he says.

Why do FOSS projects have such bad User Interfaces (UI)? There are exceptions of course. However, there are a lot of X and web-based UI’s that are just.. confusing. I think this has to do with the fact that the FOSS coders want to focus on the internal guts of the application, instead of the User I/O layer (yes, I made that up and it’s a bad term). While I can see why that happens (heck, even I prefer to avoid the UI when possible), it can easily be argued that a good program with a bad UI is really just.. a bad program.

Thoughts?

Roger Klorese has a blog from a week or so ago about the upcoming XenServer Orlando beta. (Who’s going to beta this? I’d like to know what you find out.) XenServer is becoming a contender in the VM world, and it’s now owned and released by Citrix.

There are some cool features apparently that will be available in the beta, including (I’m copying from the original post):

• Automated high availability
• Windows Server 2008 guest support
• Persistent performance statistics and metrics
• Fully integrated Fibre Channel multipath support with configuration via XenCenter
• VM grouping, searching and tagging
• Email alerts
• Disaster recovery for VM metadata
• Active/active NIC aggregation
• Xen hypervisor updated to version 3.2
• XenConvert P2V migration tool
• Wider hardware support
…and many more.
Cool stuff.

Some of the real highlights seem to be:

• You can define resource pools, and assign priorities within those pools. Then, if you lose a VM, XenServer will restart that VM based on its priority. That way, if you lose a bunch of VMs then you get the mission-critical ones back first.
• XenConvert will be available to do P2V. This is cool since you can now do everything out-of-the-box, instead of relying on third party or manual processes.

I have often heard the argument that UNIX sysadmins are more expensive than their Windows counterparts are, but that UNIX sysadmins could manage more boxes at a time. All, some, or none of this may be true. I have not seen any studies on the latter statement, but the former seems to not be very true.

In his article, Murphy notes that payscale’s numbers show that UNIX sysadmins have a premium, but not a very large one. If you are an employer that uses UNIX, then this is good. If you are a UNIX sysadmin, perhaps not so good.

Murphy also discusses the latter statement to some extent, but instead of approaching it from the “more boxen” angle, he discusses how UNIX sysadmins tend to be a more varied lot and can often do more than sysadmin task (e.g., manage an Oracle database). I’m not so sure I agree with his logic. I know a large number of Windows sysadmins that also manage SQL Server for example.

Anyone know of some good research on how flexible Windows sysadmins are in comparison to UNIX sysadmins?

Just read about the Silverlight Flickr client (see above) that Microsoft’s Jimmy Schementi build for a talk to .NET developers there. The interesting thing is that he used IronRuby (his language of choice) instead of the C# or VB that we normally associate with the .NET Framework.

You can read what Jimmy has to say about this demo web app on his blog: Walk-through: Silverlight Flickr Client in IronRuby

And, the Silverlight Flickr Client itself can be checked out at: http://jimmy.schementi.com/silverlight/photoviewer/

Jimmy notes in his blog that it works fine in Firefox on a Mac but not in Safari.

Microsoft Port 25 Silverlight related blog items

I caught this on Slashdot over the weekend…

Microsoft Investing In “Open Source” Lab In Philippines

…and followed the link to the original article on GMANews.tv:

Microsoft launches open source lab in RP

According to GMA News article, the lab opens in September and will be located in the Philippines government National Computer Center (NCC) in Quezon City.

It will be interesting to see how Microsoft-Open Source interoperability issues play out in Asia especially in active high-tech areas like the Philippines, China, South Korea, and Japan.

Robert Bruner has an excellent blog about the challenges facing management. I read the article and, generally, I have to agree with his view. As a quick list, here are the items Robert noted:

• Ubiquitous mobile connectivity and computing.
• Growing interactivity.
• Spreading norms of open source collaboration
• Increasing complexity of software service
• Unlimited and unfiltered access to products: “hits” versus the long tail
• Daily me

The two that I found the most fascinating were “Spreading norms of open source collaboration” and “Increasing complexity of software service”.

Opens source collaboration is about a lot more than just writing open source software. It is about the whole mentality that goes with being open, including “pen-source software consortiums, wikis, blogs, software mashups, chat rooms, social networking, peer-to-peer downloading, personal broadcasting, and the like”. In other words, it is about the community.

What is so exciting about open source and the open source community, to me at least, isn’t so much the software but the lifestyle and how its changing government, business, and our own personal lives.

There’s been a lot of interesting product wars over the years: WordPerfect vs. Word, 1-2-3 vs. Excel, Harvard Presentation Manager vs. PowerPoint, Novell vs. Windows NT, Netscape vs. Internet Explorer, Palm OS vs. Windows Mobile, and the list goes on and on.

One of the current product battles taking shape is in server virtualization. And, like many past product confrontations, Microsoft’s Hyper-V is the late-to-the-game underdog. VMware’s ESX and Vmotion are the clear market and technology leaders right now. And, there are other viable virtualization hypervisor alternatives including Sun xVM, KVM, and Parallels Server.

However, it doesn’t matter how good the underlying hypervisor is if you don’t have any Guest OS to install on it because of licensing problems. It is an easy decision to use CentOS, Fedora, Ubuntu, or any of the Debian derivatives because there is licensing issue I can think of with those Linux distros. This is important both to end-users and virtual appliance builders. And, it gives the LAMP stack an advantage over WAMP, WIMP, and WISP stacks for the same two groups.

Licensing issues are not limited to the Windows operating system itself. Virtualization has moved beyond simply virtualizing server stacks. In the past year we’ve see a huge movement towards virtualizing desktops and even individual applications. Both Microsoft and VMware have moved aggressively in this space buying technology to fill the gaps between virtualization tiers. But, still it is complicated, from a licensing point of view, to decide when you are able virtualize Windows Vista, Word, Exchange Server, and other licensed Microsoft products. Commercial Open Source products can create similar licensing issues. However, there is usually the option to use the lesser supported Community Editions of these kinds of products (MySQL, for example) for testing and development, for example.

All software firms with commercially licensed products need to resolve how to allow their customers to run their products in virtual environments.

Microsoft Port 25 virtualization related blog items

It’s in all the news of course: IBM is collaborating with Red Hat and Novell to offer “Microsoft-free” PCs. That’s not news (at least not in the blogosphere, which has had the story for a few days now).

However, the story does highlight something that I think is important to note. Namely, the near revolt by many Linux users against Novell for the Microsoft/Novell partnership is proving to be much adieu about nothing. Moreover, for Novell, it is not necessarily a bad deal. I have not seen any numbers coming out of the deal, but it is at least nice that Novell can claim the partnership when they are pushing for a big deal in a Microsoft-heavy shop.

All that said, let us not forget that there is something to be said about “either being for me or against me,” and some may feel that applies here. What do you think?

The Samba Team released version 3.2.1 on August 5. It includes a bunch of bug patches for the version 3.2 released on July 1. In addition to IPv6 support (has anyone deployed IPv6 seriously and widely???), the release notes indicates a couple of important support items for interoperability with Microsoft Windows Server 2003 and 2008.

• Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts.
• Support for Active Directory LDAP Signing policy.
• Support for establishing interdomain trust relationships with Windows 2008.
• Support for joining into Windows 2008 domains.

Microsoft Port 25 Samba related blog entries

I have no idea who Matthew Paul Thomas is even after Google-ing (um, that should be using Google to search for more information) his name and learning he lives in New Zealand and has written some very interesting blog entires. However, I followed a link from Slashdot to his blog entry titled…

Why Free Software has poor usability, and how to improve it

…and found a lot to agree with written there. Here’s his key points (be sure to head to his blog to read the text that follows each point).

1. Weak incentives for usability.
2. Few good designers.
3. Design suggestions often aren’t invited or welcomed.
4. Usability is hard to measure.
5. Coding before design.
6. Too many cooks.
7. Chasing tail-lights.
8. Scratching their own itch.
9. Leaving little things broken.
10. Placating people with options.
11. Fifteen pixels of fame.
12. Design is high-bandwidth, the Net is low-bandwidth.
13. Release early, release often, get stuck.
14. Mediocrity through modularity.
15. Gated development communities.

Of course, usability issues are evident in proprietary for-fee software too! Windows Vista’s UAC (User Access Control) billions of clicks when I just want to copy my family photos from a hard drive to an external USB hard drive comes to mind. Corel’s Paint Shop Pro Photo X11 completely changed color balancing from earlier version leaving me dazed and confused when I wanted to fix the white balance of an outdoor photo taken with the wide balance set to a fluorescent light white balance setting is another one. And, then there’s the Apple’s application design standard that says the menu structure should be at the top of the primary screen. This is fine when you have one display. But, if you have two displays and have the application on the second display, you are forced to move the mouse to the primary display everything time you need to use a menu item (unless there is a keyboard shortcut and you know what it is).

I think freeware, Open Source, and proprietary software developers all have a lot to learn from each other’s design practices. And, Mr. Thomas’ list is a good starting point for everyone to take a look at and think about.

Microsoft Port 25 blog items tagged with ‘usability’

Ooh, now this is cool: Microsoft is now a contributing member of the Apache Software Foundation (ASF). This does not mean that Microsoft is just talking the talk; they are actually putting up money to help support the management and coders that support Apache.

Microsoft was quick to say that:

It is not a move away from IIS as Microsoft’s strategic web server technology. We have invested significantly in refactoring and adding new, state-of-the-art features to IIS, including support for PHP. We will continue to invest in IIS for the long term and are currently under way with development of IIS 8.

Okay, understood. Still, this is good. First, I have a strong suspicion that Microsoft is probably going to come up with a decent amount of cash for the ASF. That is good for the ASF and the Apache community as a whole. Second, this makes PHP even more viable (not that it ever wasn’t) as a direct competitor to ASP. Third, let’s not forget that ASF has its hands in Java as well (e.g., Tomcat), which is a competitor to the entire Windows platform in some ways.

On Wednesday, I asked about: Popular Open Source Projects Based on .Net? A bunch of people provided information about Open Source .Net projects I was unaware of. So, I decided to summarize the projects mentioned in response to my question in alphabetical order.

- Castle Project: Hmm, the projects flowery first paragraph doesn’t really tell me what it is. It looks like it started as a style of software construction and evolved into several glue-code type projects that includes an MVC web application framework, AOP (Aspect Oriented Programming) and more.
- dasBlog: Blogging platform
- Lucene.net: This is an Apache incubator project of a port of the Lucene text search engine library written in Java
- mod_aspdotnet: A loadable Apache 2 module for serving ASP.NET content using the Microsoft’s ASP.NET hosting and .NET runtime within the Apache HTTP Server process
- mojoPortal: Web content management system (CMS)
- NHibernate for .Net: Port of the Java based Hibernate
- .netTiers: Application Framework
- npgsql: .Net Data Provider for Postgresql
- ScrewTurn Wiki: Wiki engine
- Subtext: Personal blog platform
- umbraco: CMS based on ASP.Net

Thank you to everyone who took the time to respond with information about Open Source .Net projects.

Microsoft .Net Framework blog entries on Port 25

TechNet Port25 has a short little blog from Richard Wilder, the… *draws breath* Associate General Counsel for Intellectual Property Policy at Microsoft. First off, that is a very long title. I wonder when I will get one of those. Anyway, Richard makes a few notes about his stance and about that he is “pleased” with the direction that Microsoft is taking in regards to open source and openness.

Yet, 99.9% of the code that Microsoft develops continues to be closed source.

Microsoft has made some strides in being open. The fact that we are asked to blog about this very issue, with no editorial oversight by Microsoft, is some evidence of that. Moreover, Microsoft’s other forays into open source are also nice to see.

However, again, 99.9% of the code that Microsoft develops continues to be closed source.

How big of a change has really occurred at Microsoft?

What are the big Open Source projects based on or intertwined with the Microsoft .Net Framework? I knew of a couple of projects. But, I had a hard time getting beyond my personal recollections when I searched using Google in various ways. So, here’s the list of .Net based Open Source projects that I could remember.

- DekiWiki: Wiki
- DotNetNuke: Web development framework
- Mono Project: .Net port for Linux, Unix, Mac OS X, Solaris
- Moonlight - Mono: Microsoft Silverlight port for Linux based on Mono
- Paint.net: Bitmap graphics editor
- SharpDevelop: IDE for C#/VB.net
- ZedGraph: .Net class library for charts and graphs

I guess I can also include…

NASA World Wind

…even though the .Net version has been abandoned when the project moved to Java.

So, what are the other popular Open Source projects based on .Net?

Microsoft’s John Lam announced the availability of ready-to-use binaries of the IronRuby alpha-release at OSCON last week. You can read more about it in his blog at…

IronRuby at OSCON

You can find the ZIP file download at…

RubyForge IronRuby Project download page

There’s no installer since it really doesn’t need one. Here’s what I did to make life a little easier for me. I installed it on both a Vista PC and an XP PC.

- Open the ZIP file using Windows Explorer. You don’t need any special software to open a ZIP file.
- Copy the folder named ironruby to C:\Program Files (on XP)
- Go to the bin subdirectory
- Right click on ir.exe and select . This will create a shortcut int he bin directory on XP. If you are using Vista, the shortcut will be placed on your Desktop instead.
- Right click the Start button and select Open all useres
- Cut the shortcut from the bin subdirectory and put it where it makes sense in your Start folder/menu hierarchy.
- Rename the Shortcut to ir.exe to something else if you want. I cleverly renamed it to IronRuby on my PC

So, we now have three first-class .Net dynamic languages available for Windows XP/Vista: PowerShell, IronPython, and IronRuby. Nice.

OK, I was caught by surprise (but pleased anyway) by these announcements by Microsoft’s Sam Ramji (Senior Director of Platform Strategy) in his blog entry…

history.forward()

The two that interested me most are…

1. Microsoft has become a sponsor of the Apache Foundation.

2. ADOdb patch for a native driver for PHP”built by the SQL Server team.

My take on both of these announcements is that they will enable Windows shops to more easily seriously consider running an AMP (Apache, MySQL, PHP and maybe Python and Perl too) stack on Windows (WAMP). This should help AMP based web products get some consideration in these Windows shops.

A powerful 6.8 earthquake struck near Hachinohe, Japan earlier this week (USA Today: Earthquake hits Japan, more than 100 injured). My wife and daughter happened to be about 200 miles south-southwest of the quake when it struck shortly after midnight (my daughter is participating in a sporting event there). Everyone there is safe, btw. But, a curious thing was noted when everyone gathered in the morning: All the parents accompanying their children felt the tremors and woke up. None of the kinds (between 6 and 13) noticed the tremors and slept through the night.

Bryan Kirschner (Director of Open Source Strategy at Microsoft) in his blog item titled…

Participating Actively

…responds to Infoworld’s Rodrigues & Urlocker commentary…

Microsoft at OSCON

…who wrote: Brian Kirschner pointed out that Microsoft has 400 open source projects. Most people would struggle to name even a handful. (Ok, at MySQL we use WiX, the Windows Intaller (sic), so I know about that one, and also IronPython sounds cool.) Kirschner, Sam Ramji and others are helping Microsoft develop a better understanding of open source, but Microsoft still has a long way to go towards putting it into action..

I think Rodrigues & Urlocker make a good point. And, while I can’t name many of the 400 Microsoft open sourced projects either, I can think of two that could make a huge difference: IronPython and IronRuby. Back in the old days, PC-DOS (IBM) and MS-DOS (everyone else) came with BASIC or GW-BASIC and a couple of sample apps. I’d bet a lot of people started programming with one of these versions of Microsoft’s BASIC interpreter and made their early computing days more productive by writing little apps to get a few things done. That is one of the aspects of computing that has nearly disappeared because Microsoft Windows doesn’t ship with a simple programming environment anymore. Mac OS X, on the other hand, not only ships with a bunch of Open Source development tools like Ruby, but also provides their XCode and Automator to let anyone develop anything from little toy utilities to full blown applications. Microsoft has both PowerShell and Visual Studio Express Editions available as free downloads. But, PowerShell is mostly aimed at system administrators while Visual Studio Express Editions are a bit heavy for even casual programming.

I think Microsoft should include IronPython, IronRuby, and some lightweight (but relatively powerful) editor like Notepad++ in every copy of Windows 7 when it is released. It would not only provide a strong message of Microsoft’s support of interoperating with Open Source products (in this case, their own), but might restart the casual programming movement that fired up the computing revolution.

I’ve been cleaning up and re-organizing my home office this week and found all kinds of stuff that didn’t survive into the 21st century for one reason or other. In the photo above, you can see an OS/2 binder, a 5.25″ floppy, a digital tape labeled 350 but was actually a 170MB (not GB) tape that might get near 350MB with compression, a 56Kbps PC Card modem, a font cartridge for the HP Deskjet, and one of the manuals from Paradox for Windows. In many cases, it appears to me (as an outsider) that many of the entities behind these products simply didn’t notice the various technology quakes shaking the industry and became irrelevant. It should be interesting to see which of today’s products and technologies are irrelevant in 2018.

Now, back to cleaning up my home office. Any suggestions what I should do with a couple of hundred CDs from beta tests and ancient MSDN subscriptions? Some sort of giant artwork? :-)

Yesterday, I commented on Andy Patrizio excellent blog about some potentially high-reward buy-outs/merges, and one of those was Microsoft and Salesforce.com. (Yesterday I focused on Dell potentially buying SGI.) I did some thinking about Microsoft and Salesforce and I like that idea even more than I like the idea of Dell buying out SGI.

Here is why:

• Microsoft is pushing into the whole SaaS world, certainly, but it is lagging behind. This is partially because it has no choice but to keep a lot of focus on its sources of income.
• Salesforce.com definitely knows what its doing and is building a significant platform in the cloud on which to build future enterprise applications.
• Salesforce.com is agile. Microsoft, alas, is not.
• Salesforce.com is not OS-driven, it’s capabilities-driven.

All that said, if Microsoft, as it currently exist, were to buy or try to merge with Salesforce, then Salesforce would simply cease to exist. To counter this, Patrizio talks about Microsoft spinning off its low-end divisions and focusing on the mid- and enterprise-market.

I have to admit I am not so sure about that last part. Much of Microsoft’s advantage is based on the sheer number of users. It can leverage those numbers to get mindshare and to finance projects which begin with a loss but that can develop into new profit centers. So this would certainly be a HUGE gamble.

What do you think?

Computerworld has an article titled…

Study: IT jobs will drop in 2009

…that reports the findings of a Goldman-Sachs survey of top CIOs (100 decision making managers at mostly Fortune 1000 firms). The article quotes Goldman Sachs speaking in terms of a cost-constrained IT budget scenario. OK, that makes sense given the current economic outlook. They go on to say that server virtualization and server consolidation are their No. 1 and No. 2 priorities. This makes sense too. The 3rd through 5th priorities are cost-cutting, application integration, and data center consolidation. So far, so good. The summary finishes up saying that the bottom of the priority list consists of grid computing, open-source software, content management and cloud computing.

Charles King of Pund-IT, Inc., is quoted saying that the surveyed managers and CIOs simply don’t understand the value of their low-priority items. I agree with Mr. King. In an budget constrained IT environment, Open Source and Cloud Computing are exactly the kinds of technologies that should at least be evaluated.

If you run into any of the Microsoft Open Source Labs (Port 25) people at OSCON, you might want to ask them if they could say a few words about these items sent to the bottom of the priority list by Fortune 1000 decision makers.

Snazzy headline, no? Andy Patrizio over at internetnews just made a very good case for some e-marriages, including:

• Apple and nVidia
• Dell and SGI
• Microsoft and Salesforce.com

I have to admit that it is difficult to argue with the logic, although I am sure a little more time of thinking on this would end the insanity. Or perhaps not.

Let’s talk about Dell and SGI for one. SGI, which, frankly, I had rather forgotten about, is still out there and focusing on high-end supercomputing. This is not exactly news to anyone, and has not been for a while I suppose. SGI has always focused on the high-end market (although they did make a push toward the mass market if I remember correctly), and when they started getting into financial trouble they began to regear and refocus. It seems that their strategy may be working.

SGI seems to be making the “niche player” come back in style. The computer market is a commodity market. Only the high-end, including mainframes and supercomputers, can be considered specialized. SGI knows this and instead of fighting a losing battle with IBM, Sun, HP, Dell, and others, they instead are taking advantage of their existing expertise.

A Dell buy-out could very well give Dell that high-end appeal that it lacks. However, it could also saddle Dell with a set of skills that it cannot handle or, more to the point, capitalize on. Dell is a mass-market company. That is what they do. It’s not often that I visit a colo facility anymore, but when I do all I really see are blue lights spread across a considerable amount of square feet, and we all know what those blue lights are.

I’m going to give some more thought to Patrizio idea about Microsoft and Salesforce and blog about that tomorrow. Hmm. Interesting.

P.S. Sorry for the whole “e-marriages” word.

Microsoft’s Port 25 announced that MindTouch has a beta MSI installer for their Deki Wiki software. So, I decided to install it in Windows Server 2008 Standard Edition and ran into a MySQL problem in my first attempt. Fortunately for me, eagle eye Max noticed the doesn’t have a default value part of the error message and told me that the problem is that the freshly installed copy of MySQL 5.0.51b sets SQL to strict mode that disallows empty fields (no default value). So, I went to C:\Program Files\MySQL\MySQL Server 5.0\my.ini and commented out the line as shown below.

This led to a successful configuration and installation of MySQL tables (see below).

One oddity showed up though. For some reason, MindTouch has Google Analytics code with the key US-68075-16 reporting back. You can strip this out. But, I’m curious why every installation has a Google Analytics code embedded in it (see below).

However, as you can see from the screen cap below, Deki Wiki is indeed running on my virtual machine running Windows Server 2008 Standard Edition now.

I took a look at MindTouch’s Deki Wiki about a year ago. I decided to use Mediawiki for the project but recall being impressed with a number of Deki Wiki’s features. One of the reasons I decided not to use Deki Wiki was the need to install and maintain Mono on my Linux box. Mediawiki just needed a LAMP (where P = PHP in this case) platform stack that was already a supported stack. Adding Mono would increase the stack management support requirements.

So, I was interested to learn that MindTouch announced a beta release of a Deki Wiki MSI installer for Windows Server 2008 (and 2003 later).

Mindtouch: Deki, OSS and Windows

A WIMP (Windows+.NET, IIS, MySQL, PHP) environment is an easily supportable environment for a Windows-focused shop. So, I decided to take a look at this beta release and create a test installation.

Deki Wiki needs MySQL 5.0.45 or newer. So, I installed MysQL 5.0.51b (the current production release) on a clean Windows Server 2008 Standard Edition installation with all current Windows patches applied. This is running in a VMware Fusion virtual machine. The initial Deki Wiki installation phase seemed to go smoothly. I noted that it enabled FastCGI for IIS7. Looking at the installation directories, I saw that it also installed a PHP engine for its use.

However, as you can see from the screencap above, Deki Wiki’s configuration failed while attempting to insert a record into MySQL. I’ll send an email message to MindTouch support and point them to this blog. it is a beta-release. So, these kinds of problems can be expected. I’m hoping to be able to successfully install and test the Deki Wiki MSI installer on its next release.

So in a recent blog I brought up IBM Lotus Symphony, and during the discussion that followed a mention was made about Abiword. I have to admit, I have not looked at Abiword in a VERY LONG TIME.

I just checked out Abiword again on their website, and I have to say they have made a lot of progress. It is not a bad piece of software. And.. It’s light. Microsoft Office is a big application. OpenOffice is a big application. But Abiword is rather targeted and not all that large. At all. A quick run through a download seems to be pretty snappy.

Hmm. Not a bad choice for PCs that don’t have Microsoft Office installed at the factory..

AbiWord: A Worthy, Free Microsoft Alternative

AbiWord: A Scalpel, Not a Chain Saw

If you come from a UNIX/Linux background, you probably rubbed your chin or scratched your head thinking two things when Microsoft announced PowerShell (codenamed Monad when it the first beta was released in 2005): 1. Well, it is about time! 2. Why didn’t they just port or copy Bash (or csh or zsh or whatever you favorite *nix shell is)?

Linux Magazine’s Marcus Nasarek took the issue literally and wrote a 2-page PDF document comparing and constrasting Bash and PowerShell. The download is linked at…

SHELL GAMES : Comparing Bash with the Windows Vista shell

For me, PowerShell has had a odd learning curve. It sort of looks like the old DOS CMD shell when you first bring it up. But, that is all there is: A superficial resemblance. This might throw off Windows/DOS users. It also has kind of a Bash/Perl feel to it at first. But, the differences show up pretty fast as you explore PowerShell. Nasarek’s article does a good job of comparing and contrasting Bash and PowerShell in the 2 page PDF. Any *nix shell user who may need to work with PowerShell on Windows Servers will find this article interesting.

Microsoft Port 25 PowerShell blog posts

Every now and then I get the urge to the the Microsoft Open Source Labs people to talk to the freeware Visual Studio Express group about tweaks to make it aware of various FOSS languages like Perl, PHP, Python, and Ruby. After all, way back in 2001, Microsoft worked with ActiveState to produce Visual Perl and Visual Python. There’s also a current 3rd party project on Microsoft Codeplex named IronPython Studio that uses the royalty free Visual Studio 2008 Shell runtime that doesn’t need Visual Studio itself to be installed.

I usually back off the idea because there are a number of free and/or Open Source developer platforms and advanced programmer’s editors that are also multi-platform (Windows, Mac OS X, and Linux/BSD/UNIX). Four that I have used over the years are Eclipse (gave up on it), NetBeans (playing with it), Komodo Edit (use it frequently), and jEdit (used to use it a lot but have not recently). But, I still think it would be a good idea to tweak a free Visual Studio Express edition for IronPython, IronRuby, and PHP.

There is, btw, a third party for-fee tool for the full Visual Studio 2005/2008 and PHP: VS.Php 2.4 for Visual Studio. There’s also a prototype form designer for IronRuby: IronRuby Visual Designer.

OK, I admit the subject line is a bit misleading. IronPython 2.0 Beta 3 has nothing to do with Python 3.0. However, since Python 3.0 might be released as early as next month (August), I wondered if there are Python 3.0 related plans for IronPython.

So, I checked various Microsoft IronPython blogs….

- The IronPython Team Blog
- Jim Hugunin’s blog
- Harry Pierson’s blog
- Dino Viehland’s blog
- Srivatsn Narayanan blog

…and didn’t see anything regarding Python 3.0. So, I used Google and found Michael Foord’s blog entry titled…

Python 3.0, IronPython 3.0, Robots, Talks and Python in Interesting Places

…who way back in early 2007 reported from PyCon that… Importantly, Python 3.0 was up on the list. The IronPython team is definitely intending to support Python 3.0.

So, IronPython 2.0 looks like it is on track. Python 3.0 looks like it is close to release. The question is when these two will sync up.

Microsoft Port 25 IronPython blog items

I just read this little news release about the Sydney Diocese of the Anglican Church moving away from Windows and Microsoft to open source solutions. Very interesting! What really causes my eye was this:

Office will be the first to go. Lymbers had two alternatives for replacing Microsoft Office: OpenOffice and IBM’s Lotus Symphony, based on OpenOffice source code. He decided to go with the IBM solution, on security and support grounds.

The fact that he went with Lotus Symphony over OpenOffice is more interesting to me than the fact that he is leaving Microsoft Office for OpenOffice. Why? Because IBM is a household name, while OpenOffice is most certainly not.

I wonder how many more consumers, small businesses, and enterprises would be more open to the OpenOffice journey if they were able to go along for the ride with IBM? Lotus Symphony is OpenOffice+, from what I have seen, so you get the benefit of OpenOffice and open source and the name of IBM.

Plus, you have the option of getting support from IBM.

And that is a major selling point.

And read this little ditty:

Organizations which Lymbers’ services — including schools, youth groups and aged care villages — will be able to go onto the Web, and click on an icon which is via thin client that will open an open-source Word. “They can open it up and it’s totally safe and secure,” Lymbers said.

Death of the Desktop you say?

I just read about…

SharpOS 0.0.1

…which is an Open Source project attempting to write an Operating System (OS) in C# based on Microsoft .Net technology. I’m not sure about the .Net part of the statement. But, I downloaded the 840KB (that’s right, kilobytes, not mega- or giga-bytes) ISO file and fired it up in virtual machine using Virtual Box running on a Mac (OS X 10.5 Leopard). As you might guess from the 0.0.1 release number, the project is still in the early stages of development. But, combined with their SharpSQL relational database (no binaries released for this one yet), they should have an interesting platform to look at in a couple of years.

I wonder if someone from the Microsoft Open Source Labs group has spoken with the members of this project yet?

I’ve said it before and I’ll say it again: The operating system on your computer is becoming less and less important. Really. In the next three to four years, I think the desktop OS will become a minimal consideration. Why?

Because most people could care less what OS they are running.

They just want to be able to:

• Do their work.
• Access their documents.
• Read and send email.
• Goof around.

That’s about it.

So how is that happening? Well, obviously the whole Web experience is having a huge impact. Moreover, some things that before were a pain or at least difficult, e.g., using webmail as your only email client, is slowly going the way of the dinosaur. Look at gAttach, which lets you use Gmail as your default email application for Windows. You can email people, attach files, and even use Send To right from your desktop.

At a higher level, we have companies like Citrix and even Microsoft which is making server computing more critical every day to enterprises. Server computing is probably going to be one of the strongest motivators for minimizing the importance of the desktop OS. Really, does it matter if you are running Windows Vista if all of your enterprise applications are available via seamless windows on a Citrix server?

This is good for Linux and open source operating systems in general. If the underlying desktop OS doesn’t matter because application compatibility issues go away, then why not run Linux on all of your desktop systems in a corporate environment?

Naturally, this begs a future blog on how these organizations can manage Linux and other open source OSs in the same way that they can with AD and GPOs.

The other month I blogged about OpenOffice and the fact that it tends to be marginalized in the face of free and commercial products. Most readers did not particularly like that stance. Lou Dolinar just blogged about OpenOffice, but focused instead on what is actually holding it back.

Lou makes some good points, including notes on:

• Compatibility
• Lock-in
• OpenXML

Notice that the technology of OpenOffice is not really mentioned outside of how it is able to interact with Microsoft Office files. The OpenXML format was touted as being a way out of this, but OpenXML does not exactly have the best reputation in the open source community right now.

All this said, I am still very curious about the technology side, especially when it comes to manageability in a large environment. How well does OpenOffice fare against Office in terms of automated deployment, configuration, and upgrades? What has been your experience?

Apache released their HTTP Server 2.2.9 on Friday the 13th last month (obviously no superstitious people on the release team).

Apache HTTP Server 2.2.9 Released

Every now and then, I install the latest Apache web server on a Windows server just to see what it looks like there (compared to the Linux installations I use for production and testing). So, it is always interesting to read the Apache Windows README text to see what it says. One of the more interesting warnings is for people running Windows NT 4.0 or older (Windows 95, etc.) to move to another platform (like Linux). It looks like Windows 2000 is still supported. So, this seems like a reasonable request to me. The question that comes to mind though is: Who is running any version of Apache httpd on Windows 95, 98, or NT 4? And, why are they running it on these ancient versions of Windows? I’m guessing there are some pretty interesting stories out there. And, if you have any to share, I’m sure other people are curious too.

Microsoft Port 25 Apache rellated blog items

Just spotted this by Paula Bach over on Microsoft’s Port 25 site…

CodePlex project developers wanted

The data from the project will be used for Paula’s PhD dissertation project which looks at usability support features in Open Source projects.

When I saw this ZDNet blog headline in my RSS feed the other day…

ZDNet - Dana Blankenhorn & Paula Rooney: Will Bill Gates’ departure usher in open source friendly era at Microsoft?

…my first thought was: Here we go again, another uninformed opinion. But, if you’ve opened the link in another tab and read their blog item already, you know that this was not the case. It was just a good attention grabbing blog title with some interesting quotes from players in the Open Source community.

My gut instinct is that Microsoft’s Open Source strategy will continue to follow the trajectory we’ve seen for the past three years or so. Like any complex undertaking, there will be three steps forward with the occasional two steps back every now and then.

I read about the U.S. government’s USAsearch.gov site using the Vivisimo engine for search federal, state, and local government sites in the U.S. This is the same engine used by the Clusty search site (which somehow always reminds me of Krusty the clown from the Simpsons :-).

The first phrase that came to mind to search for was Open Source. But, the result surprised me although I should not have been surprised. Why? The first hit was a site named OpenSource.gov. That makes sense, right? And, it does unless you are a tech geek (like me and most of you reading this) and always think of Open Source in terms of software. In government lingo Open Source means available sources of intelligence information (not in the espionage sense of the word). So, in their own words: OpenSource.gov provides timely and tailored translations, reporting and analysis on foreign policy and national security issues from the Open Source Center and its partners.

For some reason, after slapping my forehead and uttering a Homer-esque “Doh!” when I realized my error, I thought about Sam Ramji’s blog entry titled Managing Towards Open. And then, with all seriousness, it occurred to me that Microsoft’s Open Source Labs is performing somewhat similar work as OpenSource.gov by gathering intelligence about software countries (so to speak) with different philosophies like various Open Source licenses (both in the free as in freedom and free as in beer - or carbonated beverages in my case).

BTW: I found it a bit odd that my search on USAsearch.gov using both “open source” and “open source” + “software” didn’t actually result in many finds or of the ones kinds of results I expected (SELinux, NASA related projects, etc.).

Here’s something that’s a bit dated (a few weeks old) but something I’ve been meaning to mull over and comment on. On May 28, Microsoft’s Chief Software Architect Ray Ozzie said that…

Open source a more disruptive competitor than Google (as reported on ZDNet by Mary-Jo Foley)

Mary Jo Foley goes on to report that: Ozzie said that competing with open source “made Microsoft a much stronger company.” He cited changes Microsoft has made to its business model — such as focusing on making its closed-source software interoperable with open-source products — as directly attributable to that competition.

If you take this view and combine it with the information we’ve been reading over on…

Microsoft Port 25

…it really looks like Open Source is not only a beneficial disruptive technology for Microsoft, it is also also becoming more of a “co-opetition” partner. Zend, Spikesource, and Novell/SUSE are just some recent examples. And, there are also the in-house projects like IronPython and IronRuby. There’s also cooperation between Microsoft and the Mozilla Firefox and Samba projects.

This is certainly better for all concerned than the Microsoft vs. Open Source situation just a few years ago. Is there a lot of work to be done? Sure. Are there going to be more issues and fireworks in the future. I wouldn’t be surprised if there is :-)

The Open Source Census is a collaborative project that collects Open Source usage information from companies that volunteer the information. The OSS Discovery tool requires Ruby to be installed on a system to be run. The tool collects fingerprints of many Open Source applications on the scanned computer (it does NOT crawl the network). The results are submitted anonymously to the project.

The project was started by OpenLogic and is sponsored by numerous entities including Collabnet, IDC, Microsoft, the Open Source Business Association, and the Oregon State University Open Source Lab.

The brand new IronRuby.net Wiki fired up yesterday (June 19). This wik.is Deki Wiki based site. This is the place to go for information about IronRuby. IronRuby currently requires you to download and build from source. But, as soon as the lazy geek version (pre-compiled and ready to install) binaries are ready, you can expect a lot of people heading to this site to learn more about IronRuby.

This is by no means new news, but I just read a blog from Matthew McKenzie about WRT54G-based open source routers and it got me thinking.

First though, for those not in the know, the Linksys WRT54G can be loaded with a custom Linux kernel and other features so that instead of getting the stock Linksys feature-set, you can run a more powerful router package and do everything from IP- and port-forwarding (most Linksys routers only do port-forwarding) to web filtering (well, to some limited extent because of the limited memory available).

Anyway, the real question: Where are the open source ENTERPRISE routers?

Matthew mentions that it is viable to run a custom WRT54G for a SMB, but I do not see this happening in the enterprise arena anytime soon. That said though, why isn’t there a big move toward open source enterprise routers?

I understand that the big profit in the network world, even for mostly hardware vendors like Cisco, are the up-sells of software, but it does seem to me that a hardware market is a hardware market, and that having a suite of routers that are based on open source could be a viable route to go.

Anandeep just wrote a little blog questioning the long-term link between High Performance Computing (HPC) and open source. His logic boils down to this:

1. HPC, like many other technologies, starts with the need for a small set of people to do something new.
2. Those people build the tools that they need.
3. When they let others use those tools, they assume the other people have the domain knowledge to properly deploy and use them.
4. Power, flexibility, and control are key at this stage and so open source has a strong hold
5. Over time, more and more people use the tools, so ease-of-use becomes more important.
6. Ease-of-use becomes more critical, so whether a platform or application is open source becomes less important.

I do not think I necessarily agree with this logic, at least not totally. I do think it is true that over time that ease-of-use will become more and more important (actually, it is already becoming the case). However, HPC is a very special beast. For one thing, hardware is still the ruling champion in HPC, and will be for some time to come. Therefore, the issue becomes how the owner of a HPC environment maximizes their hardware investment. Generally, they have to tweak the software to best fit that environment. Thus, the need for open source.

Now, I can see how there is convergence, even in HPC, toward a few specific hardware platforms and models of computing. So software vendors will be able to narrow down their scope, and thus the need for flexibility and control will diminish over time. However, that is going to be quite a while.

I just read through “Technical Analysis: Security Considerations for rdesktop and Windows Terminal Services” at Technet. Nothing too big here. The security issues of rdesktop are no different than that of Microsoft’s mstsc.exe client.

However, the paper did leave me with a few questions:

1. There is a not that rdesktop supports an -E option which prevents encryption of the login packet, which could potentially expose a password. Let us ignore the client for now. Why does RDP even support this?

2. Why doesn’t RDP, the protocol, support Kerberos? That is something I have never been able to understand. If it did, then you would get automatic logics from a client to server, regardless of whether you were using mstsc.exe or rdesktop, assuming you had your Windows desktop as part of AD or setup Kerberos between your Linux/UNIX workstation and AD (which is quite doable).

The author, Chris Travers, makes note of the fact that RDP was built around the OSI model instead of TCP/IP, thus it approaches things differently (e.g., not supporting Kerberos). I just do not follow this logic. Kerberos support can be added. What is taking so long?

I was just reading Chris Travers’…

Technical Analysis: Remote Administration of Windows Systems with SSH (9 page PDF)

…which discusses using SSHWindows in a minimal installation of Cygwin. I’ve always felt a little uncomfortable installing Cygwin for just a single function (even one as important as allowing secure SSH access). But, Chris’ analysis makes it worthwhile to look at this method if you want to use SSH to work with a remote Microsoft Windows system.

There is an alternative, however. freeSSHd is a freeware ssh server for Microsoft Windows. It seems a little unstable. So, I wouldn’t recommend it for serious systems work at this stage of its development. However, it does not need Cygwin to be installed to work and seems to work well enough when it is up and running (it has crashed on me a few times). I’m going to keep my eye on future freeSSHd development and hope it becomes more stable in the near future.

One other item: In his closing thoughts section of the paper, Chris says: SSH is not as useful on Windows as it is on Linux, in part due the differences between how remote access to graphical applications is handled, and in part due to the fact that Windows is not generally as command-line oriented as Linux.

While I agree with Chris in general, I think that Microsoft PowerShell is a game changer. Microsoft PowerShell gives system administrators deep system access at the command line level. It basically makes a command line window a usable shell in the way UNIX/Linux shells are. I found that I could start PowerShell up after logging in to a Windows XP box. xterm looked a little odd after starting PowerShell. However, switching the xterm color scheme from black-on-white to white-on-black (old school terminal look) took care of most of the viewing problems (though not all).

I’m may have a bit more free time than usual in July and August. So, I may take more time looking at remotely managing Windows workstations and servers from a command line (shelled in through SSH) using PowerShell. I think this is the way I will prefer to manage Windows servers in the future (especially since that is the way I work with Linux boxes right now).

FYI: The screen-cap above is a CentOS 4 Linux installing running in a Virtual PC 2007 virtual machine accessing the host Windows XP through an ssh session to freeSSHd running on XP.

code_swarm is an animated visualization of the development of software. Its site currently has animated visualizations for Apache httpd, Eclipse, PostgreSQL, and Python.

code_swarm: An experiment in organic software visualization

You can see code and developers in the animations. Really fascinating to watch.

A project was recently removed from Codeplex because it was not offering the source code. The project, Sandcastle, apparently violated Microsoft’s “Open Source policy”. Thus, Microsoft removed the project.

That’s cool and all, but that is not what is really of note. The big news item here is that “A number of people have alerted me in the last 24 hours that a Microsoft project called Sandcastle, located on Codeplex, used the Ms-PL and called itself “open source” yet never posted the source code.”

That’s notable.

The moral of the story here is not that Microsoft removed an offending non-open source project from Codeplex, but that members of the community noticed and their comments made a difference.

And that, to me, is one of the big wins about open source and collaborative efforts that [try] to build communities: The community can self-police.

If Microsoft, IBM, or any company, no matter how big, tries to police this type of community, it will not work. The problem? There just is not enough money put into these online communities/efforts to enable them to review every piece of software. Instead, the community that is being built around the effort must do the job.

John Lam (of IronRuby fame) started summarizing his TechEd 08 experience at…

IronRuby at Tech Ed 2008

Be sure to click on the whiteboard photo in his blog entry. The higher resolution images on Flickr will let you read the whiteboarded IronRuby FAQ intended for the mostly enterprise-oriented TechEd attendees, many of whom had never heard of Ruby or IronRuby. I do wonder, though, if the IronRuby.com scrawled in the middle of a whiteboard is a typo of sorts. Shouldn’t that be IronRuby.net?

Port 25 Ruby related blog items

They listened! I just blogged yesterday about the UI of Codeplex (well, a bit) and apparently there is at least some effort in getting the Codeplex community to help better design the way that Codeplex works.

I should add a caveat to this blog though: I just lied. Paula wrote her blog a few days ago, so she beat me to the punch. Damn. Well, better late than never.

Anyway, Codeplex really does need a better interface. There is just something not-so-usable about it. For one, SF tends to have a better idea of how to organize their projects. I hope Codeplex follows their lead. (Freshmeat isn’t bad at this either.)

Okay, okay, so Microsoft makes forays into open source now and then, including both Codeplex and even some sponsored projects that are hosted on Sourceforge. It looks like they made a bit of a more high-profile push, in marketing terms, by becoming a “Diamond Sponsor” of the Sourceforge Community Choice Awards. Nifty. Nice to see a little money thrown in the pot, even if it is not a significant amount of money. (We takes what we can gets, eh?)

While thinking on Codeplex, have you taken a look lately? It has grown since I last looked. Frankly, I have never really liked the interface of the site, but then again some people don’t like Sourceforge’s UI either (I do).

(The main page is mostly useless. Use this link instead.)

I just looked through some of the projects, and… hmm, well, there needs to be more on there. For one thing, I cannot believe that an AJAX library is #1 on the site. I mean, AJAX? Sure, it’s big and cool and all Web 2.0, but #1?

Oh, and where are the Powershell projects!? I’ve complained about scripting under Windows before, and, obviously, I’ll need to blog about it again, but I just still don’t see a huge Powershell community developing. I hope one develops, but I don’t see a grassroots effort yet, and that’s when you get momentum.

Hmm, Powershell..

Microsoft has a PDF paper describing the history of the IronPython project at…

IronPython: Engaging the Python Community in Its Own Language (5 page PDF)

The paper describes the germ IronPython in 2003 when Jim Hugunin began wondering if Python could run on the .Net Common Language Runtime (CLR), his work at Microsoft leading to IronPython 0.7 in 2005, the 2007 1.1 version release, and the community input that helped solve dealing with the different .Net and native Python string types.

The final section of the paper describes the IronPython based dynamic spreadsheets developed by Resolver Systems.

Microsoft recently posted a 5 page PDF (3 pages of content) titled…

PHP on Windows: Community Involvement Improves Performance (5 page PDF download)

The paper focuses on the background of two projects that enhanced the use of PHP on Windows Servers. The first effort described is the partnership between Microsoft and Zend that resulted in the development of the FastCGI Extension that essentially allowed PHP to be a first-class citizen when used on a Windows Server with IIS. The second effort described is the Microsoft SQL Server 2005 Driver for PHP developed internally by the SQL Server team.

Two other projects are briefly mentioned at the end of the paper. The first is the Phalanger project which is a PHP compiler for the .NET Framework (and Mono). The other is the PHP for Microsoft AJAX Library.

I’ve been mostly interested in Ruby for the past couple of years. But, before developing that interest, I spent a lot of time writing little utilities (and a few not so little ones) in Python. I decided to check where the IronPython project is these days and found that they released IronPython 2.0 Beta 2 last month on May 2. You can find it on Codeplex (installable binary, source code, and documentation) at…

IronPython 2.0 Beta 2

Here’s the 2.0 Beta 2 Release Notes.

Nifty! So Asus is set to have an Instant “On” Linux for a line of their notebooks. (And, yes, it supports instant “Off” as well.)

Going back a few years.. well, a few decades.. the whole instant “On” concept is certainly not new. I am trying desperately to remember the name of an 8-bit system that would “instantly” turn on or off and always have your work sitting there waiting for you where you left off.

But we’ve all become so accustomed to having to wait on computers to boot software which we then use to run other software which we have to wait on to do anything. Sigh. It is a little sad.

Anyway, I am hoping this marks a wider trend of focusing more on having computers that act like typical electronic devices and less like, well, computers.

Funny article:

http://www.bspcn.com/2007/12/03/5-things-we-miss-about-old-school-computing/

I wanted to learn more about using Microsoft Silverlight with IronRuby. So, I turned to Jimmy Schementi’s blog jimmy.thinking. Why Jimmy’s blog? Because he is a Program Manager for Dynamic Language Runtime. If anyone knows something about this stuff, it is Jimmy. One of the things I learned from his blog (and there’s a lot to learn there) is that the Microsoft Silverlight.net site now has an area for…

Microsoft Silverlight Dynamic Languages SDK

You can download the Silverlight SDK to develop Silverlight applications using IronPython or IronRuby. You’ll also find samples, documentation, and video talks/demonstrations here. The link to the Getting Started with Silverlight MSDN area seems slightly broken. Try this MSDN Silverlight link instead. And, be sure to check out the Breaking Changes in Silverlight 2 MSDN page too.

There is nothing new these days about virtualization, whether at the server- or desktop-level. Nevertheless, a recent announcement by Virtual Iron and 2X did remind me yet again that virtualization is starting to change the very foundation of how software companies, including Microsoft, can position and profit off the desktop experience.

One of the big issues with Linux, even to this day, is compatibility and accessibility. However, as we see more widespread use of virtualized desktop environments and remote access to terminal service-based applications (including the whole “seamless windows” experience), the underlying core OS on the desktop under someone’s desk becomes less and less relevant.

That is a big win for Linux because it is obviously the low-cost solution and it can be well managed across a large set of systems via automated systems.

But, the money is always going to be in the OS and applications that are in front of the user, not the underlying OS on which virtualization software is running. That is where terminal services and seamless windows will help push Linux over the edge in terms of accessibility, compatibility, and, in real business terms, usability for end-users that are generating the revenue to keep businesses in the black.

My point: virtualization and server-based computing will help push Linux on the desktop.

Ostatic posed four Open Source related questions to three key Microsoft people: Sam Ramji (Director of the Open Source Labs), Ori Amiga (Live Developer Platform Group Product Manager), and Susan Hauser (General Manager of Strategic Partnerships and Licensing). The questions were:

• Microsoft has, in the past, employed key open source development concepts such as modular architectures in its own products. Do you foresee more of this, including developing directly on top of existing open source platforms?
  
• What do you think is missing in the open source community as a whole? Better marketing for commercial efforts? Better compatibility?
  
• Does Microsoft’s recently announced Live Mesh platform have implications that the open source community ought to know about?
  
• What goals do you have for Microsoft’s interoperability alliance with Novell, and what’s behind the goal of converting Linux users in the Chinese market to SUSE Linux Enterprise?
  

Microsoft’s Port 25 has a blog entry…

Technical Analysis: VIM, PowerShell and Signed Code

…pointing to an 8 page PDF with detailed instructions for installing a PowerShell Syntax file for the Vim editor. The paper also has a section discussing deal with digital signature code signing when editing PowerShell scripts using Vim.

You can find more information about PowerShell here.

This Vim/PowerShell document was written by Chris Travers who does his usual excellent job of explaining how to use Open Source tools in a Windows environment.

As an aside, as daily vi user, even I’m not sure why I prefer vi/vim to many fancier editors with all kind of features. I think it basically comes down to speed and finger muscle memory after all these decades of vi use :-)

If you are interested in tracking IronRuby’s progress, John Lam’s blog is NOT the place to look these days. The place to look for IronRuby progress information is his Twitter account: John_Lam.

The apparent need people have for up to the minute updates on information of all kinds has pushed us from articles on websites to blogs and now to micro-blog-presence type services like Twitter.

You can find regular blog-sized Ruby and IronRuby items on…

Port 25 Ruby Blog Items

And, I just created a separate Twitter account for posting tech items that interest me (Open Source, Microsoft, Apple Mac OS X, mobile technology, green IT, etc.) at… toddogasawara

I just saw a note that yet another VAR is offering Open-Xchange to its client. Not a big story, but it did get me thinking about the current marketplace for open source Exchange replacements.

Let’s keep in mind that the “open source” market for Exchange replacements is actually a tad on the muddy side. Most of the replacements are more about being free, to some extent, than completely open source, e.g., Zimbra is MOSTLY open source, but the commercially licensed software does come with software that is not exactly open. Ditto for Scalix and a few others.

So maybe we should just consider Exchange replacements. Off the top of my head, we have:

• Zimbra
• Scalix
• Open-Xchange
• OSER

OSER you say? Well, that’s new to me too! I just found it via a Google search. OSER is the “Open Source Exchange Replacement Platform” (I don’t think “Platform” made it into the acronym).

Hmm, getting back to “open source”, how should we define “open source Exchange replacement”? Here are my thoughts:

First, if it’s an “Exchange replacement”, it must support Outlook and Outlook functionality. Otherwise, it’s not an “Exchange replacement”. It may be a groupware solution, but it’s not replacing Exchange. So, to me, this takes out mixed licensed applications such as Zimbra. Zimbra is an open source groupware application, but not an open source Exchange replacement. You don’t get the source code to what makes Zimbra an “Exchange replacement”. This goes for anyone that doesn’t offer the source code to their Outlook connector IMHO.

Second, well, that’s it really.

We have a good market for open source groupware, but not so much for open source Exchange replacements.

I think the point to take home here is that there really aren’t many players that are truly offering an open source Exchange replacement, but there are many players that offer an open source groupware framework and that offer closed source Exchange functionality that makes them a true “Exchange replacement”.

P.S. Yes, I like Zimbra.

Microsoft provides a free set of entry level developer tools called Visual Studio 2008 Express Editions. However, as far as I can tell, out of the box they do not support the languages I tend to use: PHP and Ruby (and starting to refresh my Python memory recently). Eclipse never appealed to me (never liked the UI and workflow). So, I took a look at NetBeans IDE 6.1 for the first time earlier this month. There’s a big 183MB installer for Windows that supports Java, C/C++, Ruby as well as a smaller 16MB Early Access for PHP plugin. I tried out the PHP edition and was surprised how fast it was (compared to my Eclipse experience on the same Core 2 Duo notebook running Windows Vista) and how well it seemed to work with PHP code. The fact that I liked what I saw in NetBeans IDE 6.1 surprised me since I tend to be old school and use vi or nedit when working on a Linux system.

It got me thinking though that Microsoft should provide some resources to the Visual Studio team to develop a Visual Studio Express Edition for IronPython and IronRuby.

Speaking of VirtualBox (yes, I actually spoke about it here), Jason Perlow just wrote a good review of the two in his blog.

I’ll be honest—and a little embarrassed—I didn’t even know about VirtualBox until last month. And when I read Jason’s blog just now I turned over to one of the guys here and he didn’t even know about VirtualBox (apparently my consultants don’t read my blog, I should work on that).
VirtualBox is getting cooler and cooler in my eyes. And the fact that it runs on my platforms that VMware is even cooler.

I have a feeling that VirtualBox is going to bust out pretty soon on the commercial scene in some way or another, probably via a third-party developer that releases enterprise-grade management and deployment tools.

Hmmm…

Information Week published the results of its survey of 536 business technology professionals asking questions surrounding the general question of…

How Open Is Microsoft?

The results might surprise some of you. For example, three years ago, 53% surveyed said Microsoft was not open at all. That number dropped to 19% in this year’s survey.

IW also provides Microsoft with what they call their put up or shut up list consisting of:

* Reveal the patents allegedly being violated by open source products.
* Dedicate developers to open source projects such as OpenPegasus (management software) and Python (programming language) and make contributions that beyond those serving its own interests.
* Support SVG, ECMAScript, and other key Web standards in IE 8.0.
* Work with IBM and Sun Microsystems to unify ODF and Open XML and make ODF-Open XML interoperability a native feature in Office.
* Fund and operate a joint interoperability lab with the Linux Foundation.
* Reduce or eliminate protocol patent license fees for common services like printing and file replication.
* Adopt open source practices, such as community input and development, for the .Net Framework and Silverlight.
* Demonstrate transparency by providing more information about what comes next in Windows 7.

To this list, I’ll add my annual plea to Microsoft to Open Source what might be the best stable light weight operating system ever developed: Windows 98 Second Edition (SE). It could easily be embedded in 64MB (or less) of firmware, run lightning fast with slow processors (by today’s standards), and had great hardware driver support. The Asus Eee PC hardware configuration would actually be overkill for Windows 98SE. And, I believe much of modern malware would not affect it. Once Open Sourced, it could probably be secured relatively easily by the talented FOSS programmer community.

Okay, this is pretty damn funny: Open Source in 2013.

My favorite line:

Americans, who through no fault of their own, lost jobs due to the closing of Microsoft they once believed were theirs for life, are assisted by the Linux Foundation’s worker retraining programs.

Information Week published the results of Q&A sessions with Microsoft’s Sam Ramji (senior director of platform strategy) and Tom Robertson (general manager of standards and interoperability).

Microsoft Open Source, Standards Chiefs Tout ‘Openness’

Here’s a sample of the questions Information Week asked:

• How do you approach people to work out cross-licensing or interoperability deals between Microsoft and the open source community?
  
• How much of this recent public push towards “openness” is about the realities of the Web and of the emergence of open source as a viable model versus something else? The people that you need to convince, they’re going to be skeptical.
  
• How do you convince people that Microsoft is no longer just creating de facto standards over time? That’s an argument that you’ve had to make over and over again as recently as Open XML.
  
• Are there certain thoughts about, here are the things we develop in an open source model versus a shared source model versus keeping it all proprietary?
  
• So how do you address the “distinction between popular perception and the reactions of leaders of open source communities,” as Sam put it? How do you go about changing the minds of those who think Microsoft will always be about ‘embrace, extend, extinguish’?
  
• Does Microsoft need to make its specs explicitly usable with the GPL? Why or why not?
  

Sam Ramji’s Port 25 blog posts

I just read a good article at TechRepublic about MySQL vs. Microsoft SQL. Overall, the article is pretty well-rounded. Good reading. (And short!)

The author based the review on several features, including:

• Licensing Cost
• Performance
• Replication
• Security
• Recovery

The final winner:

If you were hoping to get an ironclad recommendation that one database is better than the other, I’m going to disappoint you. From my point of view, any database that helps you do your job is a good database; one that doesn’t is a bad database. I can tell you that to make a good decision about which of SQL Server and MySQL will help you most, you’ll need to look beyond politics and hype and instead look at function and mission. What do you want to accomplish?

No surprise there of course.

What I did find interesting is that Sanders took the time to explain that MySQL is not free unless you are developing an open source application, but otherwise you have to pay for it. Hmm, I have to admit I’m not 100% on the licensing terms for MySQL. Is this totally accurate? What if I’m developing a revenue generating website based on top of MySQL as the RDBMS? Does that mean I have to pay MySQL AB?

Miguel de Icaza announced the first public release of the Mono based Moonlight for Linux. This supports the Microsoft Silverlight 1.0 video playback, not the 2.0 version that includes a .Net Framework.

You can find the Moonlight website at:

http://www.mono-project.com/Moonlight

Other reference: Port 25 Moonlight blog entries

I happened to come across this article in Redmond Developer News recently…

Redmond Among Contributors to Open Source PHP Framework

…about contributers to the Zend Framework. Among the many (400) contributers to the project are Google and Microsoft. It’s probably just me, but I found it amusing (in a good way) that the two arch-rivals contributed pieces to the same Open Source project.

The article goes on to describe how Microsoft sponsored work to enable InfoCard (now called CardSpace) support in a number of Open Source products including Zend and Ruby on Rails.

Microsoft’s Patch Tuesday will be upon us soon patching 3 critical and 1 moderate security problems. Security issues aren’t just a problem for Microsoft software of course. And, I recently learned about…

oCERT: Open Source Computer Emergency Response Team

…which describes itself like this…

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

There doesn’t seem to be a lot there yet (only 4 advisories posted so far, the last on April 17). But, I hope oCERT will become a good resource for those of us who deploy a lot of Open Source applications.

Port 25 Security Related Blog items

Okay, actually, there are a number of virtualization options not listed in the title, but the one nobody seems to be talking much about Sun’s xVM VirtualBox. But, wait! you say, Sun begs to differ: “Sun xVM VirtualBox software is the world’s most popular open source virtualization platform because of its fast performance, ease of use, rich functionality, and modular design.”

Some cool features of VirtualBox include:

• Seamless windows - rather than a whole desktop environment, just the guest application windows can co-exist alongside native host applications.
• Shared Folders - easily move documents and files between the host and guest systems.
• Mouse pointer integration - it just works how you’d expect it to.
• Dynamically adjustable screen resolution in the guest.
• Time Synchronization.
• Shared clipboard.

A lot of that is available elsewhere (e.g., time sync and shared folders), but seamless windows is a nice touch.
AND, VirtualBox is open source!

Do check it out.

There’s an interesting four page PDF file that appeared recently on the Microsoft downloads site titled…

Open Source at Microsoft CodeBox: Bringing the Open Source Approach In-House

It answers the question: Could the community and collaborative concepts that
underlie open source projects be applied internally to Microsoft product engineering?

CodeBox is an software development environment that was developed as an internal tool to help Microsoft apply the Open Source software development model internally. It gives Microsoft’s programmers and internal tool to manage shared code.

If you are at all familiar with the UNIX or Linux world, you will know about the Pluggable Authentication Module (PAM) functionality. Essentially, PAM is a highly extensible login framework for authenticating and authorizing a user for access to a server. Prior to PAM, most logins worked directly against the local /etc/passwd database, but with PAM, users are authenticated against the PAM library, which in turns relies on a series of “modules” (surprise!) that return a Yes/No response. On many UNIX and Linux boxes, PAM still relies on /etc/passwd, but it doesn’t have to—and often doesn’t. For example, LDAP is quite often supported for authentication, and this is done by simply adding the right LDAP module to your PAM configuration.

Yawn.

Well, it is all very cool of actually, but it is old news in the UNIX world.

Now, Windows has supported this, kind of, a little bit, with GINA and GINA chaining and what-have-you, but it is really JUST NOT DONE. In addition, the GINA chaining concept is rarely if ever used. (I have heard because of reliability issues.)

However, Vista now supports a new model known as Credential Provider, which is deceptively like… PAM! Well, cool. (And they say Microsoft doesn’t learn!)

Anyway, I suggest you take a look at this as it’s all very nifty stuff:

Windows Vista Sample Credential Providers Overview

Credential Provider Samples

New Authentication Functionality in Windows Vista

OK, I know this is NOT the Inside MySQL blog area. But, MySQL is the “M” in both LAMP and WAMP. And, as one of the people who wasn’t very happy by MySQL’s decision to close source parts of the upcoming MySQL 6.0, I thought I should help spread the good news announced by MySQL’s VP for Community Relations - Kaj Arnö:

MySQL Server is Open Source, even Backup extensions

His six main points are:

- MySQL Server is and will always remain fully functional and open source
- MySQL Connectors will be open source
- The main storage engines will be open source
- MySQL 6.0’s pending backup functionality will be open source
- The MyISAM driver for MySQL Backup will be open source, and
- The encryption and compression backup features will be open source

FYI: MySQL related blog posts on Port 25

Michael Desmond raises an interesting point in an article in Redmond Developer News…

Open Source and .NET

Desmond acknowledges the IronPython/IronRuby work as well as Microsoft working with Zend on PHP and FastCGI. He quotes DotNetNuke’s Bill Walker who told him: Case studies could be sponsored, articles could be included in Microsoft magazines, etc. We have people … who still believe DotNetNuke and other .NET open source software is for the hobbyist set only. Desmond closes by asking: Should Microsoft be doing more to make open source development a first-class citizen in the .NET space?

The answer, IMHO, is definitely yes. I’d like to see, for example, Microsoft’s Port 25 site reach out to various Windows related Open Source project team members to highlight them and their projects. Three that come to mind right away are: OpenNETCF (Windows Mobile and Embedded development), MindTouch Deki Wik, and SharpDevelop (free IDE for C#, VB.NET and Boo).

And, of course, there is always a lot to say about the better known Open Source projects like Apache httpd, Apache Tomcat, and Eclipse. Let the folks at Port 25 know what Open Source projects related to the Microsoft Windows platform you would like to read more about.

If there is one Microsoft product that openly gets inspiration from and gives credit to UNIX and GNU Linux/Open Source, it is Microsoft PowerShell.

How open source has influenced Windows Server 2008

The PowerShell team is at the Microsoft Management Summit (MMS) in Las Vegas this week. And, they posted the PowerPoint 2007 slide deck for a peek at PowerShell V2 on their blog…

MMS: What’s Coming In PowerShell V2

I’m not at the MMS. So, I didn’t see the presentation. However, the slidedeck (downloadable from the blog entry linked above) lists four main topic areas (labeled Themes in the slides):

1. GUI over PowerShell
2. Production Scripting
3. Universal Code Execution Model
4. Community Feedback

In the Linux world, I’ve been asking people to use Python or Ruby instead of Bash scripts so that we don’t have to refactor from one more basic scripting language (say Bash) to a more sophisticated object oriented dynamic language (say Python or Ruby). In the Windows world, the jump has been from DOS batch language to Windows scripting (which I never liked) or Visual Basic/C#. That’s not really an option at all IMHO. PowerShell, on the other hand, brings Windows into the 21st century for system administrators who may not come from a deep software development background. It gives them a first class language and .Net citizen as an alternative to DOS batch (I hesitate to call it a language).

Though PowerShell still seems to have a strange look to it from my point of view, its ability to deal directly with .Net objects gives it the ability to more easily deal with systems level information than we have on Linux with even high-level dynamic languages like Python and Ruby.

Me? I’m still waiting for a binary ready-to-install IronRuby to test with Windows Server 2008 :-)

I was just reading Michael Mimoso’s account of a new MS-SQL injection attack that is making the rounds. Sigh.

The funny thing is that I was just talking to one of our consultants here at Puryear IT about.. SQL injection attacks. He was working on something involving MS-SQL, and commented that MS-SQL did not properly handle dangerous code in comments in SQL code, which made it possible to attack the SQL server if security was not properly setup. Then I found that blog. Good times.

Anyway, SQL injection attacks aren’t specific to MS-SQL. Almost every database server is susceptible to them, not because of the RDBMS itself, but usually because of:

• The fact that the RDBMS was not properly configured and secured.
• Applications, especially web applications, do a horrible job of checking for sane SQL statements.

There are a few ways to help yourself right out-of-the-box of course. For one, using prepared statements and relying on a properly designed database library in your code helps. For example, instead of using something like:

$input = INPUT-FROM-USER;
SELECT col1 FROM table1 WHERE col2 = $input;

You should be preparing the statement and relying more on your SQL library to reject any odd input, like so:

$input = INPUT-FROM-USER;
$prepared_sql = prepare(SELECT col1 FROM table1 WHERE col2 = ?);
$prepared_sql->run($input);

Generally, the latter form will allow you to not worry about escaping your input. (This is not always the case though, so consult the documentation for the SQL library you are using!) That said, it still makes sense to check for anything overtly dangerous in the user input.

Anyway, back on the original blog entry, I found this pretty funny: ‘”They’re blindly tossing SQL injections at sites and getting a high success rate. They’re upping the game,” Grossman said. “This is a new level of sophistication.”’ There is nothing new or sophisticated about blindly running exploits against servers on the Internet. It is an old technique actually, and unfortunately, it’s always had a good rate of return.

Microsoft’s Sam Ramji posted a blog innocuously titled…

Managing Towards Open

Honestly, I might have passed over reading it except for the fact that I read this item over on Information Week first…

Microsoft Uses Open Source To Extend Systems Management To Linux

They’re doing this by taking Open Source (MIT License variety) code from the OpenPegasus project that describes itself as open-source implementationof the DMTF CIM and WBEM standards. This alphabet soup translates to: Distributed Management Task Force, Common Information Model, and Web-Based Enterprise Management.

In a recently posted blog fellow ONLamp blogger Noah Gift called it Microsoft Trojan Horse Part Duex: System Center Operations Manager 2007 Cross Platform Extensions and Connectors. I’m taking a more wait-and-see approach to it to see what comes of out this effort to interoperate in the enterprise environment. I am curious what the OpenPegasus project members think of this and whether or not they are directly involved in this effort.

Well, this is nifty. A start-up named Kickfire has released a MySQL appliance. There is nothing “nifty” about a network appliance of course; that is, unless the appliance has specialized hardware and software to outperform a similarly configured in-house configured server.

And that is the point behind Kickfire.

They have designed a specialized processor for SQL servers and integrated this with MySQL using customized code. Apparently, the box screams.

I first read about this on Jason Perlow’s blog, and he goes into greater detail, including notes about how this may set a trend for appliance based SQL servers running PostgreSQL, Oracle, and even Microsoft SQL Server. MS-SQL on an appliance? Now that would really be nifty.

Bryan Kirschner (Microsoft Director of Platform Community in their Open Source Labs) talks about three groups of people in relation to their Open Source efforts in a blog entry titled…

Open Source Day + 30 …

His group 3 includes pretty much anyone at Microsoft whose primary job does not necessarily include Open Source but touches on it. I’m really concerned with the direction Microsoft’s virtualization effort is taking since Virtual Server 2005 R2 SP1 came out and the upcoming production release of Hyper-V. The Virtual Machines team appears to be ignoring everything except for Suse Linux. While that is a fine Linux distro, there are a bunch of other important distros too (especially the ones I use :-). Virtual PC 2007 and Virtual Server 2005 R2 SP1 both have problems with Red Hat Enterprise Linux versions starting with RHEL5 (this includes CentOS 5) and Ubuntu starting with version 7.

Supported Guest OS on Windows Server 2008 Hyper-V

I’ve been tracking the various workarounds that people have figured out for RHEL5, CentOS 5, Fedora 7 and 8, and Ubuntu 7 and 8. You can find my current collection of installation workarounds in the links below to my personal blog.

Red Hat 5/CentOS 5.1 and Microsoft Virtual Server 2005 R2 SP1

TechNet Blog: Fedora 8 on Virtual PC 2007

Ubuntu 8.04LTS vs. Microsoft Virtual PC 2007

I haven’t tried these distros with VMware ESX 3.x. However, none of them cause installation problems for VMware Workstation 6 for Windows, VMware Fusion for Mac, or Parallels Desktop for Mac. I really hope that the Microsoft Virtual Machine teams takes a hard look at their product direction and add support for the current versions of major Linux distros like RHEL5 and Ubuntu. Failure to do so simply makes it easier for people to move to VMware ESX and avoid buying Windows Server 2008 with Hyper-V.

So, Hyper-V is ready to be released with Windows 2008. More or less. Hyper-V is the “next generation” of virtualization for Microsoft and the Windows platform (at least as far as Microsoft sees it), and includes some enhancements of Virtual Server.

Technically, it doesn’t appear that Hyper-V is going to really frighten the current VM players like VMware and others, but there is an interesting trend that Hyper-V’s inclusion in Windows 2008 highlights: virtualization out-of-the-box.

As of Windows 2008, virtualization will be a “click and run” operation. Linux distributions are doing this as well. For example, Red Hat comes pre-packaged with Xen now and some management tools for Xen VMs.

Jeez, with the move toward application virtualization, server virtualization, and whatever virtualization, the whole argument of Windows vs. Linux or Windows vs. Anything just seems to be slowly fading away. At what point does Windows or Linux as the OS stop being a factor?

The US government’s GSA (General Services Administration) manages many billions of dollars of purchases and operations for government agencies. So, it was interesting to see this quote from the following article in GCN (Government Computer News)…

GSA makes the case for open source

While Coleman [the GSA’s CIO] saw many advantages to using open source software, she mentioned that, somewhat counter-intuitively, saving money may not be one of them.

“If you are looking at open source because of perceived cost benefits, you should know there is no guarantee it will be cheaper,” she said. “Open source does not mean free.”

It turns out that the GSA Open Source toolbox inclues JBoss, Bugzilla, JUnit, JMeter, and Eclipse. And, more importantly, the initial acquisition cost (free) is not necessarily the driving factor.

The article’s author makes the classic mistake of thinking Open Source software cannot be commercial software: Not having sunk costs in a commercial software program also means the agency can move to a new program more quickly should its needs change. So, we still have to educate mainstream journalists a bit more about Open Source. However, the main point is that more and more people understand that the value of Open Source software is not tied to the often (but not always) free procurement cost.

Okay, I’m confused. I just read a blog about using Microsoft Access as the database back-end for a website. I think. Well, heck, I’m not sure. Is she saying you should convert to a true client/server database model or you should use Access itself as the database back-end?

To be honest, I think there is little value in Microsoft Access outside of its insanely easy development front-end for programmers. That’s why Access is popular: It is very easy to create a database application from scratch using Access. Even with web programming languages such as PHP you have a steeper learning curve, especially since you need to setup Apache, PHP, and MySQL (well, those are usually running on a Linux server these days anyway, although that of course brings up an obvious security issue).

It used to be a lot easier to understand the closed source and open source worlds in the old days. Microsoft, Sun, Oracle, and the like were closed source and wore black hats. The GNU/LAMP people were Open Source and wore white hats. This world was simple and clean. When I started looking beyond the source code and newsgroups in the early 2000s, I was surprised to see firms like Zope with a combination of Open and Closed Source products. I was a little confused by MySQL’s dual license. And, Red Hat threw me for a loop when they stopped providing free downloads after Red Hat 9 (this is before the Fedora Project emerged). JBoss’ professional Open Source idea seemed like a good idea me but seemed to be drawing some barbs now and then.

The Open Source community-industry has been undergoing a lot of growing pains over the past few years as it transforms from the community-contributer model to a full business model with employees, health plans, boards of directors and the like. Perhaps the Open Source business looked at Microsoft and figure their closed source model has made them a bit of money and that closed source is not that evil if it pays the biils. Personally, I was hoping that Open Source services (consulting, packaging, etc.) would be enough to keep FOSS firms afloat. But, at the moment, it looks like some closed sourcing for value added features is going to be the norm. The EnterpriseDB Postgres Plus effort looks similar to what MySQL is doing but seems to be mostly flying under the radar for the moment. And, as I mentioned, Zope has had this business model for years.

Having spent the 1990s working for a telephone company (good ol’ GTE) I watched a similar transformation in the Computer Telephony and VoIP industry. The Computer Telephony Expo in the early 1990s consisted of a bunch of engineers and startups showing their wares to potential customers (often phone companies like the one I worked for). There weren’t many marketing-critters in the midst. And, the only person wearing a suit and tie was usually Harry Newton (who coined the term Computer Telephony and organized the conference). By the end of the decade, the complexion of the conference had changed, I think the conference grew from 2,000 to something like 30,000 in the years that I attended. And, there were a lot more marketing critters and people in suits. In fact, I recall noting with some distaste that I had decided to wear a suit for the day I was a panel moderator there (it seemed like the right thing to do at the time). The Computer Telephony industry had grown during the decade to the point where people actually had to figure out how to make money and not just show cool IP comm gear. And, then, of course, there were the bigger companies buying the small cool ones. Intel, for example, bought Visual Voice (a very cool software firm) and Dialogic (a very cool hardware firm). Microsoft, Intel, and GTE co-sponsored the TAPI Bakeoff (an Interoperability event for vendors) for several years. As one of the event coordinators, I had a ringside seat to watch the development going on. Most of that technology is now invisible and is simply part of the infrastructure now. It is not something I actively think about unless something goes wrong (very rarely if you think about it).

I think we are seeing something very similar happening to Open Source. Sun’s purchase of MySQL has set off a lot of heated discussion as Sun and MySQL tries to find a business model that can simultaneously keep the Open Source community happy while building a revenue stream. They may have found a model, but it is not exactly making everyone happy quite yet. Personally, I am watching this all with some anxiety as I depend on MySQL for a lot of projects. In the meantime, we are seeing blog titles like:

Just announced: MySQL to launch new features only in MySQL Enterprise: So, in effect, they will be giving their paying customers real, true, untested code. How is this supposed to work? In addition, this means that they are changing their internal development model, splitting the relationship between the two trees, and overall going even further down the path of getting the RHEL/Fedora model backwards.

The whole story about online backup: The business reasoning behind the decision to reserve the native modules for paying customers is that only the most demanding users have an urgent need of this feature, and I can see the value of this assessment.

Thoughts on the Fuss: I doubt that this little scheme of charging for these features ever actually takes place. It is pretty much diametrically opposed to the what Sun says they want for MySQL. I think that by the time server version 6.0 is GA that every feature will be fully available for anyone. And that is why I have not taken the time to sharpen a pitchfork and join the mob. Because in the end I don’t think this will ever happen.

The Ingres Vultures Descend: In a despicable business practice, I received a message from a PR Firm representing Ingres. Now, I even wrote about the controversy that seems to have swept the open source community; but even my writings were not completely factually correct — I wrote that even if online backups were closed it was not necessarily the worst thing in the world. The actual parts of the online backup that are not open source and free are compression and encryption — that is all. (FYI: I received a similar email from Ingres but didn’t think it was despicable - just a PR firm doing its job).

The Closed-Open Source industries are in a state of extreme flux. And, it will probably take another decade to sort this all out along with web/mesh services, SaaS (Software as a Service), and service subscriptions. If the various blog reactions to various changes are any indication, it will probably be a bumpy ride. But, let’s hope it all works out for the best for all parties involved in the end.

Is closed sourcing inevitable? I sure hope not. But, we’ll see it play out one way or another over the next couple of years.

I was recently doing a somewhat random Google and found a note from someone about whether there is a “market for LAMP consulting”. Ha. Perhaps. The whole Linux thing may just be ready to get off the ground. ;)

Seriously though, I do wonder about this comment: “may be some market for MySQL work - optimizing adn [sic] so on”. Hmm. I know for a fact that there IS a market for MS-SQL specific consulting, e.g., performance tuning, security, installation, etc. However, I rarely see a need specifically for MySQL consulting. Generally, “MySQL” is thrown in with the overall need for a PHP developer.

Not that this should be the case.

A database administrator is a very important role in any organization, but it seems like MySQL administration is often bundled in with the software development. That’s not so typical with MS-SQL, Oracle, and DB2 work though.

To me, this ties back into the original roots of MySQL and its popularity: LAMP. LAMP breaks out into “Linux Apache MySQL PHP”, and is the development platform of choice for many people and organizations.

But is this limiting the growth of the “MySQL profession” in some ways?

Recently, we were working to bring up a VMware installation for a client of Puryear IT and we hit a snag. To provide some background first though: We had decided to go with a GigE NAS based environment rather than a more traditional SAN. We had seen Dell’s NF500 in use already and were pleased with it overall, so we went with the NF500 with RAID-10 on a GigE switch and, of course, GigE on the Dell servers running VMware.

Great, right?

Alas, not so much. During our benchmarking, we found that the NFS performance on the NF500 across the GigE was pretty bad. This goes for every variation, including NFS over UDP and TCP, v2 and v3, rsize and wsize of everything from 4kb to 32kb, and so forth. Yes, we tried every performance tweak in the book, but just could not get the Linux servers to get good NFS performance against the NF500. Well, the performance is good enough if you were using the NAS as only a file server, but not if you want to run VMs off it.

That said, there is no real reason why you can’t or shouldn’t run VMs off a GigE network and a really fast NAS. It’s more than sufficient. Unfortunately, we didn’t have the hours to troubleshoot whether there was something going on with the Linux NFS implementation or the NF500, but we still had to get the problem solved.

Fortunately, we did find a solution that not only worked, but worked well: CIFS.

Everybody knows and loves CIFS. (Well, everybody at least knows CIFS. Oh, and hello Samba.) It’s just Windows Networking. Generally, we use NFS within Linux and UNIX networks where we can tighten down security enough on the network to make it reasonably safe to use (NFS is not, and has never been, a secure protocol.) But I am quite familiar with CIFS and was curious if using it would clear the problem up. And yes it did.

I found that mounting the VM shares off the NAS on the local Linux VMware servers let us transfer at near-wire speed. We were then able to run our VMs off the NAS; we have yet to see any performance issue or bug, and the whole thing just works like a champ.

Very interesting.

Microsoft’s Chief Software Architect Ray Ozzie (Bill Gates was their first CSA) delivered one of two keynotes at the Microsoft MVP Summit I attended last week. I was debating whether or not to get in line at one of the microphones during the Q&A session to ask him about Microsoft and Open Source. But, someone else decided much faster and was able to make a good statement and ask a good question. The entire transcript of Ozzie’s presentation and Q&A session can be found at…

Ray Ozzie: Microsoft 2008 Most Valuable Professional Global Summit

Here’s the section from that transcript regarding Open Source…

QUESTION: I have a question about the software as a service space that’s currently existing. If we look out at the Web now with all the providers and vendors, we see Open Source playing a very strong role with a large number of vendors, and it’s very different from the Microsoft platform what role Open Source plays as opposed to the other platforms. In fact, Java is Open Source now.

So, my question is, with the Microsoft vision, where do you see Open Source playing a part on the Microsoft platform, and what is your position towards it?

RAY OZZIE: Well, my position toward Open Source generally is that it’s a part of the environment. It’s very useful for developers to be able to get the source code to certain things, to modify them.

Microsoft fundamentally as a whole has changed dramatically as a result of Open Source in terms of as people have been using it more and more, the nature of interoperability between our systems and other systems has increased. And I can tell you from an inside perspective in terms of dealing with individuals inside, when you build a new product, immediately you start thinking of how shall this product expose its APIs, what type of developer is it serving, should there be SOAP or Web Services APIs, because it will be being used in system integration context within an enterprise, are the people who are going to be integrating with it going to be more of the Web community and should they exposed through REST-based technologies, should the results come back in XML or JSON or some other formats based on the type of consumer of the thing.

Open Source is a reality. We have a software business that is based on proprietary software. We tactically or strategically, depending on how you look at it, will take certain aspects of what we do, and we’ll Open Source them where we believe there is a real benefit to the community and to the nature of the growth of that technology in Open Sourcing it. The .NET Framework is a good example of it, and we’re working with Novell to make model work so that people don’t have to make this choice if they do want to do something with a Linux or UNIX back-end, and so that we can share tools and technologies.

But the bottom line is we believe very much in the quality of Microsoft products. We are an IP-based business. But we live in a world together with Open Source, and we have to make it possible for you to build solutions and for customers to build solutions that incorporate aspects of both.

Some of the articles and blogs about Sun/MySQL’s growing Open/Closed Source forking has been pretty dramatic. ZDNet’s is one example…

Did Sun just my MySQL Closed Source?

MySQL was moving down this path by splitting features available in their Community and Enterprise editions long before Sun announced it was buying MySQL. So, I’m not placing the blame (if that is what it should be called) on Sun. I think it is just the reality of trying to stay in business in the Open Source world. It is tough to make money from a free product - even a great one like MySQL. If the model of selling services does not justify something like a billion dollar price tag, what then? For MySQL and Sun, the answer is to provide more value-added features for a price and closing the source.

Am I happy about this? Not hardly! But, I saw this coming and have been preparing for it. I’ve been looking at PostgreSQL since the day Sun announced buying MySQL. And, recently, it was pointed out to me that Ingres (which I used back in the 1980s) is now an Open Source product. I’m not going to suddenly stop using MySQL or recommend that people switch away from it. But, I think it is prudent to take a look at alternatives.

MySQL related blog entries at Microsoft Port 25

If you work with Microsoft adCenter to generate ads, you might find it interesting to read the PHP code samples collected in this blog entry by Walter Poupore.

Recommended Reading — php and Ad Groups

The code samples available there cover the topics listed below:

How to Check the Status of an Ad Group in PHP (V5)
How to Submit an Ad Group for Approval in PHP (V5)
How to Create Keywords in PHP (V5)
How to Create Ads in PHP (V5)
How to Create Ad Groups in PHP (V5)

For more PHP-Microsoft Windows related interop, here are the Port 25 blog items with a PHP tag.

Port 25 - PHP

I was reading a quick run-through of memcached and it occurred to me how absolutely simple and SIMPLISTIC memcached is. Really, it’s absolutely.. basic. Oh, but wait, what is memcached? memcached is really nothing more than a cache service for accessing data. Its origins are as a cache service for the RDBMS used by Facebook. Anyway, memcached is nothing more than a hash table in memory that is used to cache query results. That’s it.

“So what?” you ask.

Well, memcached is actually a pretty big deal. It’s used all over now. And if you monitor places In The Know, like the High Scalability blog, you’ll notice a trend: A lot of people use it or plan on using it Real Soon Now.

memcached was written to serve one basic role: cache database request. It wasn’t written to provide a massively redundant service. Or to distribute load across memcached nodes. Or to provide a secure proxy to a database service. It just takes a query and returns whatever is in the cache. And this is done using a simple hash, meaning that at its core memcached uses a set of algorithms that you’ll find on every second year Computer Science exam in college.

What I find so fascinating is that yet again we see a very simple but hugely effective service developed in the UNIX world. Why aren’t these things happening for Windows? With Microsoft’s forays into HPC, you would hope that people both in research and business would start fleshing out these genius little nuggets on the Windows platform, but I haven’t seen this happen yet. So, what’s the hold up?

I’m attending the Microsoft MVP (Most Valuable Professional) Global Summit in Seattle this week (I’m a Windows Mobile - Mobile Devices MVP). IronRuby was not on the Open Spaces meeting agenda this afternoon, so John Lam staged an impromptu meetup for people interested in talking about IronRuby. John is 4th from the right in the photo. And Jimmy Schementi (Program Manager - Dynamic Language Runtime) is 2nd from the left.

I found the nearly two hour long session very interesting even though, as I explained to John and Jimmy, I’m one of the people too lazy to build IronRuby from source (I compile nearly everything from source for Linux but nothing for Windows) and am waiting for the installable binaries.

John will talk about IronRuby on Rails at the upcoming RubyConf.

Port 25 — Blog entries tagged with Ruby

I often refer to blog entries over on the Microsoft Port 25 site. if you are interested in Open Source interoperability with Microsoft products, you definitely need to follow some of their product teams as much as you follow Open Source product information. Here’s a MSDN blog post by Tadd E. Dawson that collects and lists what looks like every Microsoft product team blog in existence.

Microsoft Product Team Blog Directory

Not exactly “new” news but there is a reasonable article by Gary Morgenthaler at Business Week about Apple and Microsoft. Definitely well worth the read. Gary discusses how Apple is developing a multi-pronged strategy to battle Microsoft. In all honesty, the strategy has very clear for a while:

1. Use bottom-up marketing by targeting consumers to increase mind- and market-share.
2. Focus on ease-of-use, which has always been a foundation for Apple.
3. Keep their presence known in the enterprise, but don’t focus on it.
4. Be the cool company.

I think we can all agree the strategy is working. Apple is becoming a bigger player every day, and *gasp* they do seem to be slowly making some headway in the enterprise, albeit extremely slowly (at least in my experience).

There’s a question that comes out of this success however: How does this impact the open platforms like Linux and FreeBSD? Well, a lot actually. Linux maintains a strong but shared leadership position in the data center, but has yet to have even moderate success on the desktop. Certainly you can find stories of large Linux desktop roll-outs here and there, but when viewed in light of the total desktops in use and those being deployed now or even in the future, the number is almost dismissively small.

Just as importantly, if you ask your average consumer or enterprise desktop user about Linux they will either have no idea what you are talking about or ask you why they would put the mail server on their desk.

That’s not the case with Apple. Everyone knows Apple. And most people have a very positive impression of Apple computers, although Apple is often avoided due to cost and compatibility (whether that remains a valid reason or not). But Apple on the enterprise desktop? That’s another ballgame altogether. The “cost” side of the equation goes away for the user and the compatibility issue is slowly fading with virtualization, published applications and terminal services, and web-based access. So what DOES happen if you put an Apple on someone’s desk? They’ll probably play with the computer for hours and tell their friends how snazzy it looks. And then they’ll start working.

Microsoft does indeed have a very serious problem here.

I just read in Matt Asay’s CNET blog that Microsoft Open Source Lab Director Sam Ramji has been promoted to lead Microsoft’s entire Open Source/Linux efforts.

Microsoft gets a new open-source chief

You can find Sam’s Port 25 blog items here…

Sam Ramji - Port 25

Has anyone read Putting Our Own House In Order? I thought this little quip was funny: “Tony’s background is in academia, a place where Microsoft has had some challenges.” (Queue the old graphic of a million students sitting in class with Macs.) Okay, pretty accurate really. When I was going to LSU ages ago it was cool even back then to have a Mac instead of a PC for a laptop.

Mind you, when I went to LSU my first assembly class was on an IBM 3-something-another and I remember learning that there was no stack for us to use. We had to do all kinds of weird things. I had already learned PC x86 assembly by then (anyone remember coding or watching intros or demos in high school?), and so I thought the IBM assembly was pretty sucky. Still, I did learn a lot. ANYWAY.

The basic premise of the blog about Microsoft is that they have made some strides, but have quite a ways to go. I think the discussion about Microsoft and academia is pretty on point. Most universities basically give Microsoft Office away (by “give away”, I guess I should say “license thousands of copies on your behalf”), but that’s not the point being made. The issue is: Is Microsoft making any headway in being a real power in the academic side of universities, not the business side?

Even back in my day, you could go to a “Windows lab” and work with Visual Studio or go to a “UNIX lab” and use vi and gcc. And you know what? All the fun was in the UNIX lab? And not just for me. There was just a difference in the attitudes and ethic across the two lab environments. People in the Windows lab were trying to get their project in before it was 11:59 PM, while people in the UNIX lab were goofing off, playing with code, and… trying to get their project in before it was 11:59 PM.

What is it about UNIX, vi, emacs, gcc, perl, and INSERT-HERE that makes it fun to play with, while Visual Studio just makes you want to… well, work?

There’s an argument here that the point of coding is work but *cough cough*, no, I don’t think so. Most of the innovations in software are from people that tweak, fiddle, and play with concepts, code, and ways of doing things. And THAT is the essence of academia: The freedom to play and learn and make progress.

Licensing is a big factor here. But there’s something else, and I can’t quite put my finger on it. I think Microsoft is trying to figure out the same thing.

So, I’ve been MIA for almost two weeks now. I’m sure you were pretty worried and possibly even losing sleep. But, it’s okay. I’m fine and back. For now. But what happened?

Well, the whole “SSO” happened.

O’Reilly uses Single Sign-On (SSO) within its network between certain applications (apparently), and something wonky happened with my blogging account that prevented me from properly signing in. I don’t have all the details, but I do know that while logging into the “O’Reilly SSO Site” works, that I can’t then access the blog manager because I’m again prompted to login. Which fails.

So much for SSO.

But let’s not be too critical on O’Reilly here. Sure, it’s annoying, but it happens. Everywhere.

Why is SSO such a pain? When I work with clients on Identity and Access Management (IAM), the first acronym they usually bring up is SSO. And then I warn them that achieving true SSO is usually a long and difficult journey, and that you need to start small. Usually real small.

Typically, I see SSO develop over time using a progression such as:

1. Implement a single username/password system for core services such as logins to servers. No SSO, but you do have Centralized Sign-On (CSO).
2. Implement some type of identity management on top of the directory containing your single username/password.
3. Begin thinking about SSO.

The problem with SSO is that until you at least have a handle on where your username and password is STORED, you can’t get very far with it. And most people don’t have a handle on that.

So stay focused!

Microsoft released another 14,000 pages of protocol documentation for Microsoft Office, Office Server, and Exchange Server (2007 versions). This brings the total documentation pages released up to 44,000 (and, no, I have not actually counted this to verify it :-). The documentation is in what they call preliminary form. I’m not quite sure what that means (not fact checked? incomplete?).

You can find their general principles statement at…

Interoperability Principles - Open Connections, Standards Support, Data Portability

The key line/point to note and ponder is:

5. Open Source Compatibility. Microsoft will covenant not to sue open source developers for development and non-commercial distribution of implementations of these Open Protocols.

The MSDN (Microsoft Developer Network) protocols documentation is found at…

MSDN: Open Protocol Specifications

Jonathan Walz and Hal Rottenberg posted the second part of their interview with PowerShell architect Jeffery Snover on their PowerScripting Podcast. At one point Snover makes says “I’d like to Open Source almost everything” (at 22:14) in response to a question about open sourcing the PowerShell GUI host. He does backtrack a bit and restates it as “Shared Source.” But, still, the thought is there :-)

If you are interested in learning more about PowerShell, you can find the Windows PowerShell Getting Started Guide on the Microsoft TechNet site.

In a recent blog item here titled Linux ext2 recovery, NTFS, and Ghost my Inside Port 25 blogging colleague Dustin Puryear mentioned Chris Traver’s great technical analysis note…

Recovering Data from Windows Systems by Using Linux

I thought it might be useful to highlight just a few of the points Chris brings up in his paper…

- Using sfdisk instead of fdisk
- Using dd (this may seem trivial to old time *NIX users, but most Windows users have never heard of dd)
- Linux NTFS support and issues
- The Coroner’s Toolkit (TCT)

Click on the note’s title above. It will take you to Jamie Cannon’s blog item announcing the paper and provides a link to download the PDF document file.

I read this over on Port 25 this morning…

Microsoft Open Source Initiative

…and nearly got sucker punched until I headed over to the linked so-called blog entry on OSI’s blog page…

Microsoft looks forward to working with the OSI

OK, I get it now. April Fool’s. I rarely like tech site April Fool’s entries. But, I have to admit that I was amused by this one. BTW, click around OSI’s site. That Microsoft OSI logo is everywhere, not just that one blog entry page.

One of the things that most impressed me about Microsoft Virtual Server 2005 R2 (besides being free) was Microsoft’s official support of various Linux distros as a Guest OS. I started testing Virtual Server after I found that the then current version of VMware ESX 2.5 could not run Red Hat Enterprise Linux 4 based distros (CentOS 4 in my case). Microsoft Virtual Server did and when the R2 release officially listed RHEL4 and SUSE Linux as supported Guest OSes, I was pretty happy. So, I when I read this headline on Network World, I was really puzzled.

Hyper-V Leaves Linux Out In The Cold

I headed over to this Microsoft web page to check things out for myself…

Supported Guest OS on Windows Server 2008 Hyper-V

…and verified that the only supported Linux distro there is SUSE Linux Enterprise Server 10 with Service Pack 1. Now, to be fair, the list also does NOT include Microsoft’s own Windows Server 2000, Windows NT, Windows 98, or MS-DOS either. Hyper-V should at least include support for RHEL5 based distros, Ubuntu based distros, FreeBSD/OpenBSD, and Open Solaris.

However, this makes sense given that the current Virtual Server 2005 R2 SP1 does not really support the X11 that ships with RHEL5 and Ubuntu. I’ve been wondering why this is so hard since workstation based virtualization products like Parallels Desktop for Mac and VMware Workstation 6 work fine with the current Linux/X11 releases I’ve tried. I spent quite a while piecing together how to configure RHEL5 based distros to work under Microsoft Virtual Server 2005 R2 SP1 (see my blog entry linked below).

Red Hat 5/CentOS 5.1 and Microsoft Virtual Server 2005 R2 SP1

I hope this lack of support for major Linux/BSD distros is just something that will be corrected before Hyper-V is released in its complete 1.0 format. But, if not, it will be a huge disappointment to me having invested a number of years working with Microsoft Virtual Server and in the planning stages to migrate to Hyper-V.

Here’s a detailed take on Microsoft’s virtualization and interoperability direction from Michael Francisco written last August…

Linux and Windows Interoperability: On the Metal and On the Wire

One of the things Michael says in it is: First, customers are insisting on support for interoperable, heterogeneous solutions. To me “heterogeneous” needs to include more than just SUSE Linux from the *NIX ecosphere.

I use Drupal to power both a personal site (my OgasaWalrus Freeware and Open Source apps blog) and an Intranet blog in my office. So, I was more than a little envious when I read Garrett Serack’s mini trip report for Drupalcon 2008.

How a cowboy spends two days in Boston: Drupalcon 2008

Drupal’s been attracting quite a bit of attention over the past year or two. And, the commercial support available for the product is a good for the product’s long term survival and growth. Several Drupal’s main figures (including its creator - Dries Buytaert) formed Acquia last year to provide value-added software products and services for the Drupal social publishing system. SpikeSource provides a for-fee Drupal sandboxed package (with Apache, PostgreSQL, and PHP) for Linux and Windows called Drupal SpikeIgnited.

Chris Pirollo just announced his Drupal-based community social network platform project. Check out his blog and videocast to learn more about this project.

I’ve been using MySQL since early 2002 and Sun’s purchase of MySQL has me quite concerned (unnecessarily, I hope). I’ve been hedging my bets in case Sun decides to radically change MySQL’s Community Edition (the free version) availability or make it too experimental to use in production or near-production environments (forcing MySQL users to the for-fee Enterprise Edition). One hedge is getting familiar with PostgreSQL. I’ve invested a bit of time building it from source code on a test Linux box and then testing upgrading a datbase from version 8.2 to 8.3. That was quite painful compared to MySQL, btw. I was surprised I had to perform a full database dump from 8.2 and then import everything back in to the 8.3 installation.

EnterpriseDB has been selling a repackaged version of PostgreSQL since 2004. They relaunced the product this week and renamed it Postgres Plus and Postgres Plus Advanced Server. The Postgres Plus edition seems similar to the MySQL Community Edition in that both are available with easy to use binary installers. Postgres Plus Advanced Server is priced at US$5,995 per socket. It provides additional features such as the ability to run applications designed to work with Oracle, database migration tools to move from Oracle and other commercial databases, and advanced management and monitoring tools. The Advanced Server developer edition is free. This is a good idea and one that MySQL should emulate with its Enterprise Edition.

I haven’t looked a the Windows or Mac OS X versions of Postgres Plus (the free version). But, I did download the Linux distribution and found that the gzipped download contained a single bin file. This really appealed to me since PostgreSQL’s binary versions consisted of what seemed like an endless list of RPMs to choose from and download. In fact, I decided to install from source code on Linux since it seemed easier than figuring out which RPM files I needed.

Old PostgreSQL hands probably don’t have any great need to take a look at EnterpriseDB’s offerings. However, newbies like me looking for a quick, painless, and correct installation of multiple PostgreSQL components across multiple OS platforms to create a stable platform from which to learn will probably benefit from EnterpriseDB’s Postgres Plus offerings.

FYI: Those of you considering running PostgreSQL or Postgres Plus on Microsoft Windows might want to take a look at these two PDF documents available from Microsoft’s Port 25 site…

PostgreSQL on Windows: A Primer

Connecting Office Applications to MySQL and PostgreSQL via ODBC

PowerShell (formerly referred to by its codename Monad) was created by Microsoft as its next generation command line environment and scripting language. Although it is not an Open Source product itself, you can see the influence FOSS dynamic languages like Perl and Python had on it. There’s an interesting interview (part 1 of 2) that Jonathan Walz & Hal Rottenberg had with PowerShell’s architect Jeffrey Snover on their…

PowerScripting Podcast (Podcast 21)

One of the interesting discussion topics that came up during this part of the interview was a need for something like Perl’s CPAN (or Ruby’s RubyGems or PHP’s PEAR) to ease the download and installation of community contributed components.

You can find an older video discussion between Port 25’s Sam Ramji and Jeffrey Snover here…

Powershell Released: An interview with Architect Jeffrey Snover

Microsoft’s Open Source Labs Manager Stephen Zarkos posted a photo tour of the facilities there at…

Inside the OSS Lab

I had a chance to take a peek inside the server room when I dropped by Building 17 a year ago. The photo above is a closeup I took of the tux penguins seen with the human lab inhabitants in the final photo of Steve’s photo tour. You’ll note that the tux-es look healthy and happy. No daggers or other sharp objects have been hurled at them :-)

I was reading through some new postings on a local LUG mailing list here in Louisiana, and saw a note from Chris J. about Microsoft’s Windows vs. Red Hat page. Chris brought up some good points, and I wanted to respond to them.

CJ: Now, let’s rip this FUD apart. First, Microsoft acts as if RedHat is the only option that enterprises would ever go with, and they say that while RedHat itself is cheap, it’s $2500 a year for support. Okay, that’s support, Microsoft. Why don’t we compare apples to apples, and point out that Microsoft’s support is somewhere around $700 per incident? To me, $2500 a year is FAR cheaper

The cost of Red Hat. Okay, in all seriousness, Red Hat is a little expensive on the front end. We often deploy it for clients, and the base cost of RHEL is a little high, especially since it’s a subscription model (you pay it every year) and not a one-time purchase (as with Windows Server). That said, Windows CAL licensing can add up very quickly. So, personally, I would have argued the point based on CALs. But as far as upfront purchase-the-shrinkwrap costs, Windows tends to be cheaper than Red Hat. As far as support costs, well, the RHEL subscription does get you support, but it’s not like your local ABC IT company. And most people don’t call Microsoft OR Red Hat for support.

CJ: I also find a lot of issue with the fact that Microsoft claims that every distro of Linux is so different that migrating from, say RedHat to SuSE is very difficult, if not impossible. One of the key strengths of any UNIX architecture is the portability of files. The file structure is based on an open standard, and you could very easily take files from something like Turbolinux, and easily bring it back up on any other distro of Linux, or perhaps BSD, Solaris, OSX, HPUX, etc… Linux admins tend to keep the data files on seperate drives/partitions from the OS, so you could simply install another OS on a new hard drive, and mount the old data partitions under that OS, and continue right where you left off. If you need something like a database, it’s not hard to dump SQL to a file and reimport it on the new server. And the configuration files are generally flat text files, so how is your data somehow married to the OS/distro that it originated on?

File System Differences. To me, this is a valid point actually. The directory structure across UNIX systems, or even across Linux distros, may be technically something of a standard, but in reality it’s not. Even within the Linux eco-system, it can be hard to remember what is where. Are installs in /opt/ or /usr/local/? How are my rc files organized? Where are my network configuration files? The Linux Standard Base (LSB) group is working hard to address this, but the cold hard reality is that it’s in fact a pain if you are managing more than just a few Linux servers.

Migrating SQL databases. Good point. That is pretty easy (thanks SQL). It’s also very easy to copy a MS-SQL database from one server to another.

CJ: Also, they make the claim that Windows 2003 has fewer published vulnerabilities than Linux. We all know that more bugs will be FOUND in Linux, and they will of course be squashed rapidly. But, due to Windows’ closed nature, how many bugs actually EXIST but have yet to be FOUND?

Vulnerabilities. There has been a bit of a fuss these days about vulnerability counts in Linux. The core of Linux, i.e., the OS proper, is stable and generally secure. It’s rather rare to see a published vulnerability for the kernel or any of the base operating system programs. However, most Linux distros do commit the cardinal sin of installing everything and the kitchen sink, and it’s an entirely valid argument to say that a vulnerability in an installed-by-default application is a point against Linux. This is very similar to how people group vulnerabilities in IIS and Exchange with “Windows”. Tit-for-tat. That or we need to all step back and stop grouping vulnerabilities in this way.

CJ: The only valid argument that Microsoft brings up in this article is about the management interfaces. They hands down win in that department, but that’s why you hear of UNIX guys working at places like NASA, making $200,000 a year. UNIX OS’s are definitely not easier, and you do have to know what you’re doing to accomplish the same thing that you can do in Windows with a mouse click. So what? It is what it is. I also love how Microsoft neglects to mention the fact that Windows Server 2008 is playing catchup with the UNIX world by adding a new feature called Windows Server 2008 Core. The core mode basically turns Windows Server into a GUI-less command-line-based server OS. That way, it can run faster, without the bloat and massive overhead associated with a GUI. Sound like any OS you’ve ever used? Oh, that’s right…UNIX/Linux/etc… And of course, once you are using Windows Server 2008 in core mode, you suddenly lose that one advantage that Windows has: its GUI based management interfaces. Those are some great arguments, Microsoft.

GUI. Actually, I tend to strongly disagree here about the focus on the Windows GUI. First, I think that most Linux servers, especially those used in large, commercial deployments, have pretty good GUI management tools. Second, whether in Windows or Linux/UNIX environments, if you have more than several servers to manage you usually manage a lot of it via scripting and automatic deployments (again, this applies to both Windows and Linux/UNIX). That said, you are right that Windows is pushing a more “scriptable” environment (e.g., with WMI, PowerShell, etc.), although even back to NT4, there was the ability to script a lot of tasks if you could live with the pain of using Windows shell scripting and/or of WSH.

I’m neither an Eclipse user (though I download it every now and then but never get around to actually trying it :-) or a Java developer. But, I read Sam Ramji’s blog post…

Supernova

…with quite a bit of interest when he announced that Microsoft would be collaborating with the Eclipse Foundation to help Eclipse developers building software for Windows. Yeah, sure, you might say. They are just doing this to sell more copies of Windows. But, it is the way they are doing it these days that interests and even impresses me. Just think back to the message and rhetoric coming out of Redmond 4 or 5 years ago. Who would have thought that they would have forged relationships with JBoss, MySQL, Zend, Samba, Xen Source, and Eclipse? Not to mention hiring the brains behind IronPython and IronRuby?

If their collaboration with Open Source projects helps me get better tools, I’m glad to see it. Have I lost all of my skepticism and paranoia? Um, ok, not all of it. But, I’m happier with the way things are now than they were a couple of years ago.

Ooh. Okay, so this is news to me. There is a freeware tool to recover ext2/ext3 filesystems from Windows. Wow, that’s a change. Is it just me or do most of the free and open source recovery tools seem to run under Linux these days? (Microsoft even has an article about how to recover NTFS with Linux.)

Well, hmm, on a second look it looks like DiskInternals Linux Recovery is free but not necessarily open source. Correct me if I’m wrong.

Thinking along these lines, I’m curious about the current state of accessing NTFS from Linux. I know that back in the day you could read an NTFS disk from Linux, but you could sometimes corrupt the NTFS volume. So, I did a quick Google and found the Linux-NTFS Wiki.

Okay, so here’s the deal apparently (pulled right from the Wiki):

• kernel driver: fast, reliable, read-only. Most people already have it.
• ntfsmount: fast, reliable, read/write, userspace.
• ntfsprogs: various tools for managing ntfs, like mkntfs, ntfsresize and ntfsclone.

So it looks like the status quo has been maintained to some extent. You can read NTFS right off the bat. To write to NTFS, you need to install ntfsmount.

Looking more into ntfsprogs, I see ntfsclone. Nifty! I was thinking this may be a free way to Ghost (say, if you could use ntfsclone, Knoppix, and an NFS filesystem somewhere), but apparently you have boot issues if you just move NTFS to another computer without doing a little legwork. OR. You can run GAG, a graphical boot manager. Check it out.

One of the sites you often see mentioned in the Microsoft Port 25 blog is CodePlex where Microsoft technology related Open Source projects are found. I pop over there from time to time to see if there are any interesting projects that might be useful in my own work. I found PHPExcel 1.6.0 on my most recent visit. It was last updated on Feb. 13 and provides PHP classes to read and write Excel 2007 spreadsheet files.

The examples section provides simple to read and understand PHP code to get a handle on how to use the classes as well as 16 sample XLSX sample spreadsheet files to test interpreting spreadsheet features such as formulas, conditional formatting, and page breaks.

Microsoft’s Port 25 has underwritten a number of technical notes (which they refer to as a technical analysis) providing detailed instructions on getting Windows and Open Source projects working together. One of the more popular topics is Apache httpd. I went through Port 25’s blogs and collected these Apache web server related technical notes.

Technical Analysis: Installing Apache on Windows

Technical Analysis: Installing Apache with SSL on Windows

Technical Analysis: Apache with mod_auth_kerb and Windows Server

You can find the Apache httpd 2.2.8 source code and installer binaries (with and without OpenSSL) at…

Download - The Apache HTTP Server Project

The official Apache 2.2 web server documentation for the Windows platform is found here…

Using Apache with Microsoft Windows

Okay, this is funny. I just read a little blog by Jamie about ComicCon and saw a link to this site. Um. Okay. So I see a preview comic strip and then click it, as told (I’m quite the sheep), and then am asked to download Silverlight. Sigh. Great, another plug-in.

Why does everything require a plug-in?

Please, someone tell me.

Anyway, I’m a little crazy so I click the Download Silverlight link and then get the luxury of reading what is perhaps the shortest license I’ve seen in about a decade:

http://www.microsoft.com/silverlight/resources/LicenseWin.aspx

Well, that’s refreshing.

Oops. Except now I’m told I can’t “work around any technical limitations in the software” (which basically means I have to use the software as I’m told, at least if this could stand up in court).

At this point I give up.

Whatever happened to clicking on a link and seeing the latest Dilbert cartoon?

I’m thinking this comic strip is probably meant to showcase Silverlight, thus the requirement to download the plug-in, but, really…

At least give me an alternative URL option. ;)

I saw Jamie Cannon’s announcement that the second Microsoft Open Source ISV Forum will be held at the upcoming Infoworld Open Source Buisness Conference (OSBC) later this month.

NXT Up: OSBC

Any chance for interoperability discussions between Microsoft and Open Source developers is good news for end users like me. But, what really caught my attention was this quote from Jim Zemlin (Linux Foundation Executive Director) in InfoWorld…

Linux Foundation: We’d love to work with Microsoft

InfoWorld: Apparently, Microsoft is going to get together with the Eclipse Foundation next week. Are there any accommodations between or collaborations between Microsoft and the Linux Foundation?

Zemlin: Not at this time, but we’d love to do it.

I think the article’s title is a bit of an overstatement based on the actual response to the interview question. But, what the heck :-)

Ooh, nifty! Sun and the Texas Advanced Computing Center at the University of Texas have released one of the “fastest supercomputers in the world”, at least according to Sun. Hmm, so 500 teraflops of computing power. That’s pretty darn fast. Sure, not as fast as my dual-core laptop, but.. Well, okay, maybe that fast, at least when my AV is scanning a Word doc before it opens. (Is it just me, or does AV tend to make your computer seem SLOW at times?)

Anyway, this got me thinking about where Microsoft is with High Performance Computing (HPC). Historically, HPC has always been in the realm of the traditional Cray-style supercomputer and, more recently, big, powerful, and distributed UNIX clusters. Microsoft has been kind-of sort-of dipping its toes into the HPC realm, but there’s certainly no concerted effort. There are at least two reasons for this that I can see:

• HPC is unfamiliar territory for Microsoft. Without any qualification, HPC is an entirely new market to Microsoft. I’m not even sure they have a business model for it.
• Microsoft is unfamiliar territory for HPC. In other words, there’s no history of HPC users working with the Windows platform. If you’ve ever looking at code that runs in these types of environments you’ll see a lot of reliance on libraries and utilities designed to distribute load either across a cluster of servers or the code is very intelligent about how to use the several hundred processors on the supercomputer. I’m curious how many of those libraries have been ported to Windows?

Oh, and one final bullet point:

• Microsoft is about software, not hardware. As far as I know, vendors that implement HPC sell hardware. On the Sun end, there is… well, Sun. For Linux we have hardware vendors like Linux NetworX. Who’s pushing this with Windows?

Should I be expecting a 2000-node Windows HPC cluster anytime soon?

A tad unrelated to the theme of this blog, but I found this very interesting. Apparently, HP is leaving the Identity Management market (refer to my recent post about Linux and Windows Identity Management). Hmm. Interesting. To be honest though, I haven’t ever come across an HP IDM installation, although I know they are out there. Typically, we work with and see CA, Sun, Novell, Oracle, and others, but not HP.

So is this a case of one of the weaker players just bailing out?

Microsoft’s Director of their Open Source Software Lab told us…

Why I’m excited about Yahoo!

…in a Port 25 blog entry. Sam’s comments are very positive and his excitement is understandable. Here’s my take on MicroHoo/YahooSoft.

The Feds and the EU approved Google to acquire Doubleclick. So, Microsoft and Yahoo should get through that hoop too. Yahoo (YHOO) is not only underperforming compared to Google (GOOG) and Apple (AAPL), it is also underperforming compared to the NASDAQ index. I found it kind of interesting that Microsoft and the NASDAQ tracked each other nearly perfectly over the past two years too. The chart is from Yahoo Finance, btw. I really like its charting features.

I think the acquisition is inevitable for the simple reason that Yahoo’s major investors must be pretty restless given what looks to my financially untrained eye as a two-year loss of market cap only broken when Microsoft made the move to acquire it. But hey, I don’t claim to be a financial expert or to see into the future.

Yahoo has a lot of good stuff and good people that aren’t reflected in their awful market performance. And, it would be interesting, as Sam implies, if those people stay on after the acquisition. But, having been one of many peons involved in a past mega-merger, I’m not so sure the Yahoo superstars will hang around long enough for the acqusition to close. That’s too bad, because I think the addition of Yahoo’s Open Source superstars to places like the Microsoft Open Source Labs might really ignite Microsoft’s detente with Open Source and turn it into a really productive path for Microsoft. And, yes, I can see some of your raising your eyes to the air and saying this is all this detente stuff is pretense on Microsoft’s part. I felt exactly the same way when I heard that Microsoft had an Open Source Lab a few years ago. I felt for sure it must be some kind of propoganda FUD team. But, I decided to visit there while on vacation and was able to meet and speak with Bill Hilf (the Director of the Labs at the time). I visited the Labs again last year (again while in the area on vacation) and met with more of the team. Guess what? I think these people are sincere in their efforts to get Microsoft and Open Source people and projects together.

I think it would be really interesting to see a huge influx of Open Source and web talent come in from Yahoo and, potentially, make a sea change there. Time will tell.

I was recently poking through some of the more interesting blog entries on Port25, and I came across “Active Directory and Linux Identity Management”, which is not a bad intro to integrating Linux into Active Directory. (You can also view a PowerPoint presentation that I did on a past road-show about Linux and Active Directory integration here.) Alas, I was thinking it would be about the broader concepts of identity management in heterogeneous networks. And that’s the thing..

At my consulting company, we do a huge amount of work in identity and access management, and I see two classes of clients:

• SMBs. These clients know AD and just want to get away from having to create accounts for users in multiple places. This usually means Linux/UNIX integration with AD at the operating system level (e.g., with Samba) and sometimes at the application level (e.g., by plugging Apache or Tomcat into Kerberos).
• Enterprises. These clients know a lot more than AD, and they want to have a solid set of provisioning and access controls in place to ensure that users have only the accounts and access that they need, and this means a strong and granular set of access control features. (Think CA eTrust Admin/Identity Manager, Sun Identity Manager, etc.)

I think it’s important that SMBs start to see “identity and access management” as being more about ACCESS than IDENTITIES. Or, more to the point, about CONTROL and not ACCOUNTS. SMBs tend to push integration so that they can reduce workload, while enterprise pushes identity and access management so that they can increase their control and audit capabilities.

The thing is, you can do a lot after integrating Linux/UNIX into AD, but most admins just stop at “Great, now I don’t have to create accounts several times when a new employee is hired.” So, take a step back and reevaluate what you’re trying to accomplish.

Leaving aside the issue of why someone would want to use a WAMP environment for the moment, I wanted to point out that Chris Travers wrote an instructional document that provides an annotated httpd.conf for people who want to i install the Apache 2.2 web server on a Microsoft Windows platform. You can find the PDF file linked at this Microsoft Port 25 blog item…

Technical Analysis: Installing Apache on Windows

If you are thinking about installing Apache under Windows Vista (as someone who is testing PHP on a desktop or notebook might want to do), pay special attention to what Chris has to say about the dreaded Vista UAC (User Access Control).

Microsoft announced its Document Interoperability Initiative and the release of version 1.1 of the translator between ODF and Open XML for Microsoft Excel (spreadsheet) and Microsoft PowerPoint (presentation) applications.

Press release: Microsoft Launches Document Interoperability Initiative

The odd thing is that nothing in the press release tells you how to actually find this translator. It’s on SourceForge and here’s where you can find it:

OpenXML/ODF Translator Add-in for Office

If you head over to its download page, you will find individual add-ins for PowerPoint and Excel. Although both were mentioned in the March 6 press release, the Excel add-in has a Dec. 4, 2007 release date attached to it and is listed as version 1.0, not 1.1. The PowerPoint add-in is version 1.1, however.

I’ve always been a big proponent of virtualization for many reasons, one of the most powerful of which is that it is making the underlying platform less and less important. For years, there has been the struggle for the “desktop” by Windows and X, where X has been OS/2, Apple, or Linux. (Yes, I said OS/2. Yes, that was before the invention of the wheel.)

Anyway, I think it’s important to keep in mind that the underlying platform that runs the box in front of you will become less important from a technical standpoint.

For Linux, this is a good thing.

Obviously, Linux wins on the upfront licensing end of things. Windows has some clout in the enterprise desktop market of course because of its huge third-party market, manageability in terms of policies and AD, and… well, because everybody knows it. Linux of course can be just as easily managed, but it’s just not as big a dot on the radar as Windows.

One reason for that is the fact that Linux takes a different skill set that Windows. And the supply of that skill set is much smaller than what is available for Windows.

But as virtualization continues to centralize application management and deployment (think Altiris for Windows and Linux), and as we move more toward the seamless windows in servers offering Windows-based applications, there is less reason to run Windows for management reasons and more reason to focus strictly on upfront costs.

I’m curious about Microsoft’s plans to face this threat to its desktop domination? Or is this in fact part of its plan? Where are things headed really?

Some people may be familiar with my writing/blogging about Windows Mobile, Mac applications, or Freeware and Free & Open Source Software for Windows & Macs. Microsoft gave me a unique way to discuss why I’m so interested in getting Open Source and Proprietary software products to work together. You can find three short videos of me talking about what I do and why I do it at…

Microsoft Open Source Heroes - Todd’s profile

There are a couple of minor detail glitches in the text part. But, you know how things get lost-in-translation :-) In any case, it is an interesting way for me to say “hello” to you all. So, Iet’s see how this works.

Hope to “see” (read) your comments to the blog topics Dustin and I write about for Inside Port 25.

The last time I installed PHP on Windows for serious testing (with Windows that is) was probably in 2002. It was a really painful process that involved (if I recall correctly) manually copying ISAPI DLLs and other obscure (to me) files to various directories to get it up and running with the Apache web server for Windows. And, after installng it… well, there were still some oddities that left me uncomfortable. However, the story from Microsoft, Zend, and SpikeSource for the past week has been that FastCGI fixes those performance issues. I’ll find out what installing and configuring PHP for Windows and IIS is like when I test it out myself this weekend on Windows Server 2008 in a virtual machine (in case I mess up :-). In the meantime, check out the commentary from Microsoft’s Hank Janssen about working with Zend to optimize PHP for Windows…

PHP on Windows

You can also find a video about configuring PHP with IIS7 and then modifying Wordpress to use IIS7’s Forms Authentication.

Installing PHP Applications on IIS7 (13 minutes)

You can see and hear Hank himself along with John Bocharov talk about the SQL Server Drive for PHP running on Windows at..

John Bocharov and Hank Janssen: Introduction to SQL Server Driver for PHP (SQLPHP)

Since I had “Windows vs. Linux” on the brain (as opposed to “Windows and Linux”, which happens now and then as well), I was thinking back to a recent meeting I had for the Baton Rouge Information Systems Security Association, which is part of the national ISSA. We were discussing upcoming topics, and one item that came up was log management.

Things that we all agreed needed to be discussed in a presentation were issues such as:

* How in the world do you view the logs from all of your servers?
* How do you filter out noise from important events?
* How do you store logs for future review, audits, and regulatory compliance?

The funny thing about that discussion is that the group that had the biggest problem understanding possible solutions were those that ran Windows.

Outside of enterprise settings, log management is just a completely under-served Windows market. Now, don’t get me wrong, there are plenty of log management solutions that work just great with Windows; some are open source, and some are commercial. But that’s not the point. The real issue is even if Linux and UNIX sysadmins aren’t actively managing their logs, they at least understand that it is possible. But a lot of Windows sysadmins don’t even think about this problem, much less try and pursue a solution.

This reminds me of the Shapir-Worf Hypothesis, which I learned in an anthropology class at LSU a long, long time ago. Essentially, Shapir-Worf says that the language you think in has a very big impact on how you think. A tad simplistic, but it makes sense to some extent.

It seems to me that an IT’ish Shapir-Worf is also at play here. Your view of the world in IT, and the problems and solutions available in that world, is in large part dictated by your platform of choice.

Obvious? Perhaps.

So, I just pointed out how this has limited Windows sysadmins to some point. In what way has this limited non-Windows sysadmins? What about Linux sysadmins?

I just read an interesting if short blog from Ann All about Linux in the SMB market. Basically, the question is: How far has Linux penetrated into small and medium sized businesses?

That’s a great question.

I’m a big fan that, in most situations, the best product is the most supportable product. Now, with a platform choice like the one people make between Linux and Windows, there are a lot of variables that go into “supportable”, including:

* Knowledge of the OS. Easy enough. Do you have the knowledge, or can you find someone that has the knowledge, to manage the servers. Far too often I see people with Windows and Linux servers that are horribly configured and frighteningly insecure.

* Vendor support. Does the vendor actively support the product at a reasonable cost? This one bullet item could start a flame war, but I have to say that I don’t think either side is better than the other on this. At the end of the day, most SMB-level organizations have to pay a vendor for post-installation support.

* Community support. Again, another flame war possibility here, but in my opinion both the Windows and Linux camps do well here. If nothing else, both camps have some very smart people in forums and newsgroups that can help.

* Third-party support. Okay, here is where Windows has a lead. Let’s be honest, there are a lot of really cool commercial applications for Windows and not so many for Linux.

All that said, Linux really packs a punch when it comes to upfront costs. Most people use free versions of Linux (e.g., Debian, CentOS), the servers run powerful and free software (e.g., Apache, PHP), and it just works.

So why isn’t Linux in more than “a fourth” of SMBs?

P.S. And of course, there is PHP on Windows..

When I read Bill Hilf’s See Change blog entry reflecting on Microsoft’s Feb. 21 Open Source Interoperability announcement, I didn’t think this direction shift would be felt by the Internet Explorer team. I mean IE7 doesn’t leak like Firefox 2 does (on both my Windows and Mac boxes). But, IE7 sure breaks a lot of web pages (including my personal Windows Mobile focused blog) that Firefox renders without issues. But, check on the announcements made today (March 3) regarding Internet Explorer 8.

Press Release: Microsoft Expands Support for Web Standards

IE Blog: Microsoft’s Interoperability Principles and IE8 by Dean Hachamovitch, General Manager, Internet Explorer

Dean’s blog comments…

Microsoft recently published a set of Interoperability Principles. Thinking about IE8’s behavior with these principles in mind, interpreting web content in the most standards compliant way possible is a better thing to do.

We think that acting in accordance with principles is important, and IE8’s default is a demonstration of the interoperability principles in action. While we do not believe any current legal requirements would dictate which rendering mode a browser must use, this step clearly removes this question as a potential legal and regulatory issue. As stated above, we think it’s the better choice.

…really caught my attention. I wasn’t paying much attention to IE8’s development up until today. I was just waiting for Firefox 3 to get further along in its development before trying it out. Now, I’m paying attention to IE8.

You know, I’m really starting to wonder about OpenOffice after reading this note from Ed Moltzen. So great, OpenOffice 2.4 is about to be released. That’s.. boring. Who really cares? There just doesn’t seem to be much of a vibe around OpenOffice anymore.

Obviously, the problem here is Google. Without question, Google stole all of OpenOffice’s thunder (well, what thunder there was) with Google Docs.

Personally, I use Microsoft Office 2003 (yes, I’m behind the times). I write a good bit, as a consultant I work with documents internally in our office as well as with clients, and, frankly, Office just works. But if I had to change, I’d just take the plunge and try an online office suite like Google Docs. Why take the effort to jump to OpenOffice just so I can.. well, nothing. What does OpenOffice offer me that would make me want to change? Not much. Google Docs is another story. Everything is “up there” in the Big Network In the Sky. How cool.

I think OpenOffice is going to get more and more marginalized over time. I don’t see how that can’t happen.

P.S. Okay, okay, so OpenOffice gets a mention about how well the overall architecture works and its impact on Microsoft. I’m still not blown away.

Todd just commented on WISP (Windows, IIS, SQL Server, PHP) and I have to say I’m curious. I have to admit I wonder how viable WISP really is. With LAMP (Linux, Apache, MySQL, PHP), most developers are relying on the built-in “free” of, well, Linux, Apache, MySQL, and PHP. But with Windows that’s not the case. At a minimum, you have licensing cost for Windows, and also SQL Server if you aren’t using Express.

An obvious rebuttal here is that the savings is in systems management. If you have systems administrators that are used to managing Windows, then I can certainly see where Linux may be a bad idea. But it just seems to me that most people that want to run most of the open applications, such as phpBB, Moodle, and Mantis are going to be at least familiar with Linux.

Speaking of Moodle.. well, maybe I’ll hold off on Moodle for a later discussion.

Anyway, please, someone tell me what real advantage WISP has in the real-world? If nothing else, most Windows-based web servers are doing .NET these days. I just don’t see PHP on Windows often—at all.