Updates from Roberto Galoppini Toggle Comment Threads | Keyboard Shortcuts

  • Roberto Galoppini 4:46 pm on April 3, 2007 Permalink | Reply  

    (almost) Open Source Security: StillSecure takes off the wraps and tell us about Cobia 

    Yesterday StillSecure, a firm founded in 2000 specialized in creating secure network infrastructure software, announced Cobia, an (almost) open source modular framework for networking and security.

    Christian Koch, Network Engineer at a technology infrastructure services company, said:

    The convergence of networking and security is increasingly requiring administrators to deploy solutions once and then redistribute them across the network as needs evolve. Cobia is the first real option for those who understand the benefits of using an open, modular, software-based approach to networking and security, and how it enables users to take advantage of advances in general computing hardware to dramatically decrease cost of ownership.

    Currently the Cobia platform is in the beta phase, and apparently its community, currently reaches over 1,000 users involved.

    There are two Cobia licenses, the community one, named after the company StillSecure Community License 1.0, is not approved by OSI and I believe it doesn’t qualify, since it requires you to sign a Contribution Agreement if you distribute modified version of the software.

    Mitchell Ashley, StillSecure CTO, summarized Cobia characteristics as follows:

    1. Cobia is a software platform for networking and security.

    Cobia can operate on a variety of hardware platforms (Intel/AMD) including off-the-shelf servers and computers, hardware appliances, blades such as blade servers and blades within network infrastructure gear.
    2. Cobia is plug-n-play network and security modules.

    [..] Cobia is all about modularity, right down to its software architecture. Cobia Modules for networking and security are available today on the Cobia site. Additional modules are under development and as the Cobia community grows, I anticipate there will be a variety of people creating modules for Cobia.[..]

    7. Virtualizing the network.

    [..] Cobia ushers in virtualization for networking and security right now. Today, you can run Cobia as a VMware instance on Windows or Linux. Download Cobia from the site ready to run in VMware.

    Technorati Tags: commercial open source, security, cobia, stillsecure

     

  • Roberto Galoppini 8:12 am on April 3, 2007 Permalink | Reply  

    Free Software Award: Sahana won the annual award for Projects of Social Benefit 

    Sahana , an Open Source Disaster Management system that addresses the common coordination problems during a disaster from finding missing people, has won the 2006 Free Software Award for Projects of Social Benefit awarded by the Free Software Foundation.

    The Free Software Award for Projects of Social Benefit is presented to a free software project that intentionally and significantly benefits society through collaboration to accomplish an important social task.

    Sahana was created, in the wake of the tsunami that devastated Southeast Asia in 2004, to compensate for the devastating consequences of a government attempt to manually manage the process of locating victims, distributing aid and coordinating volunteers.

    Four members from the Sahana team (Chamindra, Pradeeper, Mifan and Ravindra) were present at the meeting to receive the Free Software award for Project of Social Benefit!! This is a truly great achievement, kudos to you all!

    As reported by Anuradha Weeraman besides the four members from the Sahana team (Chamindra, Pradeeper, Mifan and Ravindra) other notable attendees were present, like Bruce Perens and Ted Ts’o.

    The presentation by Mako Hill on “Defining Free Culture” was quite informative on some of the good work he’s been upto lately. Eben Moglen’s oratory was impressive as always and Gerald Sussman confounded the audience with some deep mathematics. RMS spoke on software patents.

    The Sahana project leader Chamindra de Silva said:

    We are deeply honored to receive this award and were so excited we traveled half way around the world from Sri Lanka to attend the ceremony today. The Sahana project is all about a cohesive disaster response between multiple agencies and bringing them together to help victims. None of this would have been possible without the work of the wider free software community, and we would not have been able to bring benefit to the victims and the people who help the victims without that. It is a credit to the whole community.

    Technorati Tags: sahana, FSF, FreeSoftware Award

     

  • Roberto Galoppini 7:33 am on April 2, 2007 Permalink | Reply  

    Open Source Production: Time-based release management 

    Martin Michlmayr, a well known Debian developer and formerly Debian Project Leader, is completing his doctoral thesis at the University of Cambridge with a thesis entitled “Quality Improvement in Volunteer Free, and Open Source Projects: Exploring the Impact of Release Management“.

    Time Time by gastronauten

    I happened to know about his thesis reading an article on linux.com, and I saw also Matt Asay posted on the subject, so over the weekend I took my chance to read it.

    First I wish to public thank Martin to mention our paper “Capability Coordination in Modular Organization: Voluntary FS/OSS Production and the Case of Debian GNU/Linux“. He cited our findings talking about release management in volunteer teams and also about problem of organization when a coordination effort is required to accomplish complex goals.

    I totally agree with him when he states that the ‘release when it’s ready’ policy might heavily affects large (complex) projects, because:

    It can lead to delays, out-of-date software, and frustration, and it also means that users and vendors cannot plan, because nobody knows when the software will actually be released.

    I remember Mark Brewer, Covalent CEO, saying that, even if Covalent has about 40 software engineers involved with Apache, they can’t assure that a feature will be available at a certain date. He also did similar considerations talking about road-map’s decisions. No wonder though, that is the way it is when it comes to community-driven Open Source projects.

    Getting back to Martin research his abstract reports:

    This dissertation explores why, and under which circumstances, the time based release strategy is a viable alternative to feature-driven development and discusses factors that influence a successful implementation of this release strategy. It is argued that this release strategy acts as a coordination mechanism in large volunteer projects that are geographically dispersed. The time based release strategy allows a more controlled development and release process in projects which have little control of their contributors and therefore contributes to the quality of the output.

    I read some chapters of the paper, and I was impressed by the quality and the depth of his studies. I believe that the introduction of time based releases leads to a more controlled development, positively affecting the resulting overall quality. In his words:

    [..] the time based release strategy can be considered as an important means of quality improvement in FOSS projects.

    Kudos to Martin to honestly have highlighted that there are problems in Open Source projects, he also stressed the importance of Regularity and the Use of schedule. As a matter of fact the use of schedule claims a project management function (release manager), reducing somehow the degree of independence among contributors. Our research in this respect stated that:

    [..] a pure modular structure – that is one lacking of hierarchy, such as a market – embeds flexibility, but it lacks coherence, the ability to coevolve after adapting to change.(cfr. Langlois Richard “Do firm plan?” 1995)

    A hierarchy is a must, then, when you need to manage a complex activity coordinating many contributors, either volunteers or employees. Martin makes clear that policies and infrastructures are needed to support his release strategy.

    Reading the paragraph “Limitations and Future Research” I would suggest another question:

    Introducing time-based release management could move developers’ focus from software’s effectiveness to meeting release targets? How to balance the trade-off between time and quality?

    Technorati Tags: Open Source, Modularity, Hierarchy, Coordination costs

     

    • Simon 11:22 am on April 28, 2007 Permalink

      How to balance the trade-off between time and quality?

      I think this is the key question.

      GNOME has happily released versions with key features missing because they weren’t ready in time. This just isn’t viable for a commercial provider of desktops, who would then have to cover for the “failure” of the open source model, probably by not shipping that version of GNOME in their desktops.

      Ubuntu similarly has shipped releases with major holes in them, again something that the proprietary world would not do, because it would slow adoption, and defeat the commercial point of a release.

      Sure clearer time tables, and clearer planning may be good for organizing the work, but ultimately deadlines will go whoosh, if the work isn’t done, and that is how it needs to be if people depend on the product finally delivered.

    • Roberto Galoppini 7:29 pm on May 1, 2007 Permalink

      Simon,

      I totally agree with you, at the end of the day time-based release management can address few issues indeed, but it is not a panacea.

      In another post I mentioned that within an hybrid production model paid employees are often responsible for less attractive tasks, as results from “GNOME, a case of open source global software development”, also by Martin.

      Corporate production has to be on Time on Budget. The firm solves the problem of finding the efficient management of human resources through time not allowing the free entry and exit, and delegating production control to a manager.

      Community-based production on the contrary allows volunteers to enter and choose their tasks. Volunteers choosing what to do apply for tasks they like, and that they are likely to accomplish effectively. They can also freely exit from a project though, or not to end their tasks on time.

      Do you agree?

    • Jon 3:58 pm on March 3, 2008 Permalink

      I don’t see why dropping features to hit a target is necessarily a hallmark of F/OSS process failure. Consider Microsoft pulling WinFS from Vista.

      The company I work for will not consider using Debian for any server because of the lack of any kind of predictable release cycle. Indeed, having a commitment to (say) 12 month release periods, and missing that commitment, would be better than none at all.

  • Roberto Galoppini 1:56 pm on March 31, 2007 Permalink | Reply  

    Open Source Marketplace: SourceForge’s Long Tail and Blueprints 

    Savio Rodriguez in response to my post about the post about the SourceForge’s initiative, said that, being SourceForge the place where to look for if interested in OSS products, the idea of making a marketplace out of it sounds quite natural. Rodriguez addressed also other interesting issues.

    For emerging projects or for projects with a small development team/community, a majority of the 144,548 projects on SF (i.e. Longtail projects), getting included in the Marketplace would make a lot of sense. [..]
    Experience tells me that customers are cautious when it comes to spending money. When they do, they want to spend with vendors that have a strong future. So, for longtail projects on SF, I’m not sure that the SF Marketplace will change much of this customer behaviour.

    I just received SourceForge Update: 2007-03-30 Edition email, and in the top 25 projects’ list there is about no trace of large projects who already have support & services business attached. I know that is not easy to turn a user in a customer, but many are downloading packages that do need some work to be setup in a working environment.

    Blueprint Blueprint by sweetsexything

    Alex Fletcher commenting Savio’s post come out with some examples of the diversity of use cases for open source, showing how an open source package can be a key component within customized solutions, regardless if are developed in house or otherwise.

    Commenting the examples Alex wrote:

    The associated process involved much more than downloading and running an executable version, but did not entail the purchase of a commercial version or indemnification protection from a vendor. [..] This is exactly what needs to be standardized for open source products across the board.

    I do totally agree, but the construction of open implementation standards could be highly expensive. SMEs, creating and supporting most of the commercial open source products in the “long tail” are not going to do that, because too busy with daily activities. In this respect the previously mentioned Observatory of European SMEs finded that:

    Small firms have a short-term perspective and expect quick and concrete results.

    Could eventually SF help them to get paid to produce vertical, clear, good blueprints?

    Technorati Tags: Commercial Open Source, SourceForge, Marketplace, blueprint

     

  • Roberto Galoppini 7:22 pm on March 30, 2007 Permalink | Reply  

    European Open Source Observatory news – 30 March 2007 

    IDABC‘s Monthly Open Source News Service has been just released. The Open Source Observatory ‘s monthly new service keeps us updated on news related to the use of FLOSS in the European Public Sector.

    Some interesting spots:

    IT: Umbria to promote Open Source in schools
    Open Source News – 27 March 2007 – Italy – Policies and Announcements

    The regional government of Umbria is investing 100.000 euro to promote the use of Open Source in local schools. The Italian region will soon train students, teachers and education management in the use of this type of software.

    DK: Open standards made mandatory
    Open Source news – 19 March 2007 – Denmark – Policies and announcements

    Denmark is making the use of open standards mandatory in state, region and municipal governments starting next year. This was announced on February 23rd by Helge Sander, minister of Sciences, Technology and Innovation. His plan comes eight months after a resolution in the Danish parliament.
    FR: OpenMairie, competitive Open Source services for medium-sized cities
    Open Source News – 15 March 2007 – France – Deployments and Migrations

    OpenMarie, a French Open Source project aiming to develop governmental applications for medium sized French cities, is increasing the competition in the market for applications for public administrations.

    Technorati Tags: Open Source, IDABC, Italy, Denmark, France

     

  • Roberto Galoppini 11:45 am on March 30, 2007 Permalink | Reply  

    GPL: Linux’s father is pleased, and Google doesn’t see any problem. Everyone is happy? 

    The GNU GPL draft for the long-awaited third revision has now been read by a multitude of people, and all changes went under deep scrutiny. The blanket prohibition on DRM has been removed, and the SaaS loophole has not been fixed. As a result both Linus Torvalds and Chris DiBona are happy.

    chooseChoosing sign by elston

    Today reading Fabrizio Capobianco’s post, I understand there is a “minority” that is not welcoming all these changes. Before Funambol wrote the Honest Public License people at Affero worked on the Affero License and also my friends at Partecs spent some efforts to find a countermeasure at the service loophole.

    Congratulations to the Free Software Foundation for daring, choosing is always difficult and I believe that it wasn’t easy to take an unpopular decision, but I guess they had to.

    Changing topic: Will OSI eventually be able to sort out what to do with the attribution thing? They were supposed to close the issue within February.

    Post Scrittum: Steve Mills, IBM Software General Manager, and Matthew Szulik, Red Hat CEO, are happy too. The former said:

    At some point you become so shrill and beyond what’s required that you lose the audience and the audience moves on to something else. We’ll have to see what finally evolves through the [GPL] process, it’s going through an update and the Free Software Foundation has a particular view of free software. Free software is a wonderful thing but there’s also a business model.

    while the latter said:

    I think the draft we saw last night was much better than the earlier drafts, especially around patent infringement and TiVo-ization.

    Technorati Tags: GPL, GPLv3, Affero, OSI, FSF, attribution

     

  • Roberto Galoppini 7:05 pm on March 29, 2007 Permalink | Reply  

    OpenOffice.org new release: The Italian OpenOffice.org Association announces version 2.2 

    “OpenOffice.org 2.2 just released”

    Trieste, 29th of March 2007 –The OpenOffice.org Italian Association (PLIO) is proud to announce the release of OpenOffice.org 2.2, the latest version of the leading open-source office suite. OpenOffice.org 2.2 also protects users from newly discovered vulnerabilities, where users’ PCs could be open to attack if they opened documents from, or accessed web sites set up by, malicious individuals.

    In version 2.2, users will immediately notice the improvement in the quality of text display in all parts of OpenOffice.org. The reason for this is that the previously optional support for kerning, a technique to improve the appearance of text written in proportional fonts, has now been enabled by default. OpenOffice.org’s unique pdf export function has also been enhanced with the addition of the optional creation of bookmarks feature, and support for user-definable export of form fields.

    openoffice.orgOpenoffice.org ads by factoryjoe

    (More …)

     

  • Roberto Galoppini 6:22 pm on March 29, 2007 Permalink | Reply  

    GPL: OSI’s President blesses GPLv3 draft 

    Michael Tiemann, President of the Open Source Initiative, today posted about the last draft of the GNU General Public License, just released by the Free Software Foundation.

    As result from the FSF Press Release changes include:

    tiemannTiemann by pdcawley

    • First-time violators can have their license automatically restored if they remedy the problem within thirty days.
      .
    • License compatibility terms have been simplified, with the goal of making them easier to understand and administer.
      .
    • Manufacturers who include the software in consumer products must also provide installation information for the software along with the source. This change provides more narrow focus for requirements that were proposed in previous drafts.
      .
    • New patent requirements have been added to prevent distributors from colluding with patent holders to provide discriminatory protection from patents.

    Tiemann commenting the draft wrote:

    I have read the newly released draft of GPLv3 carefully, and I believe it is a stunning accomplishment. (Disclaimer: not only am I no Einstein, I am also not a lawyer. However, my 20 years of experience with free software, the GPL, and 18 years of commercial experience should count for something.) My reading tells me three things. First, the GPLv3 is familiar; it is not as if everything we know must be relearned. Second, the GPLv3 deals with corner cases which, if left unfixed, will collapse, taking all our good work down with them; collapse is bad enough, but predictable collapse is shameful. Thirdly, the GPLv3 reaffirms that in spite of all the growth and all the success that the free software movement has enjoyed these past 20+ years, the goal of the Free Software Foundation remains centered on software freedom, and that the only prohibition they uphold is against those who seek to undermine such freedom. It is encouraging to see an organization maintain principle in the face of prosperity.

    This morning, with GPLv3 on one monitor and the OSD on the other, I read a license that should have no trouble achieving OSI certification. Based on my reading, I encourage the Free Software Foundation to submit their final draft when they are ready so that the whole open source community can review, discuss, and recommend to the OSI board whether they, too, see what I see. If so, we should see a much-needed update added to the roster of OSI-approved licenses, and we will be in a position to encourage those whose business depends upon fairness to offer them a licensing choice that is both sound and safe.

    Technorati Tags: GPL, GPLv3, OSI, FSF, Tiemann

     

  • Roberto Galoppini 4:52 pm on March 29, 2007 Permalink | Reply  

    Open Source Licensing and Patents: GPLv2 has already adressed the issue 

    Reading Groaklaw I happened to know about “Potential Defenses of Implied Patent License Under the GPL“. a must read for people who thinks that GPLv2 is silent about patents.

    Laura Majerus, OSI Director of Legal Affairs and Partner at Fenwick & West, previously wrote “Patent Rights and Open Source – can they co-exist?“, already containing some interesting spots on the subject:

    no sw patentAgainst software patent by kianee

    Setting aside any arguments that the Preamble of the GPL is somehow not a part of the license, it seems clear that an author or modifier who distributes software under the gpl cannot assert his patent rights against subsequent users and redistributors of the GPL’d software. Thus, there is
    at least an implied license to those who receive the GPL’d software in any patents covered by the software.
    Why then, would anyone want to obtain a patent on an invention that is going to be distributed under the GPL?
    There are several reasons:

    1. the author may plan to license the patent to others to produce a revenue stream
      .
    2. the author may want to assert his[/her] patent rights against redistributors who do not conform to the GPL license terms (for example, by failing to redistribute under the GPL)
      .
    3. the author may want to have patent rights to use as an offensive or defensive weapon against infringers who are not using the GPL’d software and
      .
    4. the author may plan to also distribute a non-GPL’d version of the software.

    According to one reasonable interpretation, the GPL only precludes the patentee from asserting his [/her] rights against people who are practicing the invention by using his[/her] GPL’d software. People who independently create other software are not subject to this implied license. As an aside, it seems that the author could assert his[/her] patent rights against a competitor who is himself releasing independently developed software under the GPL, as long as it is not based on the original author’s distribution. The fact that the infringer himself distributes under the GPL is irrelevant as to whether he[/she] is infringing patents of others. The original author has not given permission for his[/her] competitor to use the patented technology.

    The author could sue people implementing his/her patents without using his/her GPLed implementation. Infringing activity falling outside the GPL scope are, in this perspective, subjected to patent infringement suit.

    The follow up article analyzes in more depth the impact of the GPL on the patent rights of the patentee, and various implied license theories that users of GPL’d software could use in defense against a patent suit.

    Read the full article.

    Technorati Tags: GPL, GPLv2, software patent, Majerus

     

  • Roberto Galoppini 6:27 pm on March 27, 2007 Permalink | Reply  

    Open Source Marketplace: SourceForge Marketplace about to launch 

    I just received an email from Sourceforge.net team, advising me about a new feature to buy or sell services for Commercial Open Source on SourceForge.net.

    forging Forging by stefmaxwell

    Dear SourceForge.net community member,

    As an active participant in the Open Source community, you may be excited to learn about a new feature that we will add to SourceForge.net in late
    spring/early summer. This feature will allow you to buy or sell services for Open Source software on SourceForge.net.

    Interested? Follow the link below and we’ll keep you updated as we move towards the official launch of this feature:

    https://ostg.wufoo.com/forms/marketplace-interest-list/

    Thank you for your continued support,
    The SourceForge.net Team

    Sourceforge’s marketplace apparently will be soon released, and I believe it is great time to, and no one is in the position to do it effectively as they are.

    They also opened a position for a Senior Marketing Manager, SourceForge.net Marketplace in Fremont, California. In the meanwhile they invite all SourceForge users to fill in a simple form, a sort of marketplace interest list.

    VA Linux’s quarterly report contains many forward-looking statements that involve risks and uncertainties. The software segment, focusing on SourceForge Enterprise Edition products and services, despite the increase in the number of customers, is of little importance nowadays, being less than 10% of the last quarterly results. It worth to notice that sales were primarily to customers located in US.

    Considering that their network of web sites serves more than 30 million unique visitors monthly I believe that they can easily open up new markets acting as the mediator.

    I wish them best of luck in the near future!

    Technorati Tags: SourceForge, Commercial Open Source, Marketplace

     

    • Andrew 1:49 pm on July 17, 2007 Permalink

      SourceForge has been a great forum and promoter of the OpenSource community for some time. I’m excited to see them get the exposure they deserve. I hope that “marketplace” won’t become synonymous with “giant sponser-driven site full of crap”, but that doesn’t seem to be SourceForge.net’s style.

← Older posts

Newer posts →

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel