October, 2008

Centrify streamlines administrator tasks in mixed environments

On Oct. 21, Mountain View, Calif.based Centrify Corp. added DirectAuthorize to its suite of products for integrating Active Directory into mixed Linux and Windows environments. DirectAuthorize streamlines user access rights management so that administrators no longer have to configure rights separately on Windows servers and then on non-Windows servers. By consolidating information in a centralized location, DirectAuthorize eliminates redundant rework.   

DirectAuthorize arrives as the third member of a line of products created to ease the task of managing mixed environments with Active Directory. The other two products, DirectControl and DirectAudit, perform centralized authentication and auditing.  

“Typically we serve customers who are looking to introduce Linux, Hewlett-Packard, AIX, or Unix into their environments, and also often VMware.” Centrify CEO Tom Kemp said. “In terms of access rights and password management, that ends up being a lot of sticky notes next to your screen.” DirectAuthorize replaces non-Windows systems’ authorization infrastructure with that of Active Directory, which allows admins to move all user authorization information to a central location and to manage it from that location.

In SourceForge.net election, Torvalds and Gates tie for first

If the U.S. presidential election were strictly in the hands of U.S.-based open source developers and aficionados, Democratic candidate Barack Obama would be the hands-down winner, with 56% of the vote compared with 30% for John McCain and 14% for an unspecified independent candidate. Hardly surprising in view of national polls, the results were tallied on SourceForge.net, an open source code repository, of SourceForge.net users and Slashdot.com readers. But the SourceForge.net poll had a number of other questions and this is where the results get interesting, humorous and embarrassing.

The pollsters asked if the U.S. should appoint a national chief technology officer. Surprisingly, the votes were evenly divided, with yeas narrowly edging out the nays, 51% to 49%. The funny and embarrassing part is that the pollster then asked  respondents, open source developers and readers, mind you, to choose their top candidate for the job. And Linus Torvalds, the creator of the Linux kernel, tied for first with the king of proprietary software, Bill Gates. On an open source software site. Is there a disconnect here?

Even worse, the night before the official results were posted, the draft version of the results misspelled Torvalds’ last name as Torvolds. Given Torvalds’ creation of software that has been a huge success — running servers and desktops all around the world — couldn’t SourceForge.net spell his name correctly? (The mistake has since been corrected.)

And while we’re on the subject of Torvalds, he gave a candid 10-minute video interview on –what else — Linux (what else?) last month during the Linux Foundation Kernel Summit in Portland, Ore.

Torvalds said that this year’s attendees were more concerned about the development process itself than pressing technical issues, but he gathered that the process wasn’t irretrievably broken since no one complained. “That’s a good sign,” but some tweaking of the process might be in order, he admitted.

 The Linux community continues to create first-rate code by involving people who really care about the work, Torvalds added. “The secret of real quality is making sure people are proud of the code they write,” he said. “It’s making sure people are involved and taking it personally.” Sounds like good advice for just about any workplace.

Ubuntu founder’s new mantra: Free the clouds

In a webcast to announce the release of Ubuntu 8.10 on Thursday, Oct. 30, Ubuntu founder Mark Shuttleworth said he believes the emerging layer of cloud frameworks should remain free open source just like the hypervisor. Instead of making money from the frameworks themselves, companies should seek to make money from tech support and intellectual property assurance, he said.

Shuttleworth wasn’t sure exactly how many people use Ubuntu software for free or with paid support. “‘I have absolutely no idea,” he said. “But our growth is outpacing anyone else.”

An indicator that seems to support that growth is that 25% of those who have downloaded Ubuntu said they use it in production versus development, he said.

The three key metrics for measuring platform success are levels of user adoption, commercial partnerships and user satisfaction, Shuttleworth said. It’s hard to quantify adoption without compromising privacy, he said. But users have grown so fast that the London-based Canonical Ltd. has taken extra care to ensure that the core base doesn’t feel neglected because of the expanding base of new users, he said.

As for partnerships, Canonical is working with as many of the top 10 original equipment manufacturers (OEMs) as it can and, in fact, is in the position of having to choose from competing hardware vendors, he said. London-based Canonical Ltd., the commercial backer of Ubuntu, has “several million” dollars in annual revenues but has not yet earned a profit.

“I have the patience to see the company through any downturn, but I think [the current global fiscal troubles] will be good for Canonical,” he added. “There’s no prospect of a squeeze on Canonical.”

“Our core business has had very positive growth” and could be in the black, but Canonical has chosen instead to devote resources instead to advancing the desktop in three ways: enhancing touch, bringing games close to three-dimensional imaging and adding additional Web capabilities and cloudlike computing to the desktop, he said.

Without those research initiatives, Canonical could be profitable in two years, but Shuttleworth said he doesn’t mind waiting three to five years if the extra time helps the company create the futuristic desktop he envisions. Shuttleworth also said he doesn’t believe that anyone can make money selling a Linux desktop, and he considers that positive. The only way to make money on the desktop is through services, which is a trend affecting the whole industry now, even Microsoft, he said.

“I remain confident that this is the right business model for the industry,” Shuttleworth predicted. “Software will shift away from licensing.”

SE-Postgres tightens SQL security

This post was contributed by Joshua Kramer. For more information about Kramer, go to the EnterpriseLinuxLog About the Editors page.

In the theater of IT operations, security has moved to center stage. Attacks have become more complex, and legislative bodies have passed laws that require data protection. In just the past year, Nevada and Massachusetts introduced legislation requiring that consumer data be protected. 

 In 2006, Oracle introduced its Audit Vault, which purported to restrict access to data even from database management administrators. This kind of tool is extremely valuable in the fight against those trying to steal personal information.  

In early 2009, another player will offer a similar — and perhaps more secure — way to restrict data access As part of its yearly feature update, the PostgreSQL group plans to implement a module called SE-Postgres in the database core. This module inherits security rules and contexts from the SELinux rule set of the host OS to control access to tables, individual rows of data and even individual columns. Currently SE-Postgres is available as a patch to the Postgres 8.3 database (for those who don’t mind compiling source code). 

This inheritance of rules applies to all facets of SELinux and therefore gives you power beyond simply restricting access by role. When SE-Postgres is configured properly, a client’s SELinux context is propagated to all data it touches. For example, rows inserted by a subject with SystemHigh privileges will carry the Secret label. A query submitted by a subject with user_t privileges will not return rows that have such a label. For the most part, referential integrity is preserved; a table join will fail if one of the objects required in a table is disallowed by SELinux context. There are a few minor exceptions, but those will be closed as the project progresses.

Bush meets CodeWeavers’ challenge for free software

On Tuesday, Oct. 28, software company CodeWeavers will offer its products for no charge. CodeWeavers’ mission is to mission is “to transform Mac OS X and Linux into Windows-compatible operating systems.”  

Several months ago, CodeWeavers CEO Jeremy White promised that if President Bush achieved one of his five lame duck goals– to improve the state of the nation by the end of his second term — White would offer his company’s products nongratis for one day.  

This week, through a fluke of global economic equilibrium - or astute presidential leadership, ahem - Bush met one of the goals; gas prices fell below $2.79 in the Twin Cities. White’s lame duck challenge page now reads “Goal achieved. My bad!” He will offer a Pro version of either one Mac or one Linux CodeWeavers software product for 24 hours starting midnight CST tonight. A  product upgrade and support package renewal will be available in one year for $35.

Whirlwind Tech Tour explores remote administration tools

This week, SearchEnterpriseLinux.com launched its Whirlwind Tech Tour, a new site feature in which we ask Linux professionals a weekly question and post their answers side by side. This week we asked about remote server administration. Done correctly, remote server administration enables companies to distribute resources and prepare for disaster recovery. It also requires a strong toolset to perform these roles well.  

Which tool is best for remote server administration in a Linux environment, and why?

 Jay Lyman, an open source analyst at Boulder, Colo.-based 451 Group, recommends the General Public License-licensed Virtual Network Computing (VNC) system for its user-friendly general user interface. This tool works with Open Secure Shell (OpenSSH) to perform tunneling, a method to establish secure connections between local and remote networks.  OpenSSH itself received several mentions in our IT pros’ responses .

As Kristian Erik Hermansen noted, the tool does more than tunnel. Hermansen’s description of OpenSSH’s capabilities: It can “forward graphical applications to remote machines, create a series of tunnels, redirect traffic over a SOCKS proxy, and perform way too many other features to mention.”  

Serge Wroclawski expected SSH to be at the top of respondents’ lists but suggested they trade it in for more automated remote administration tools. He advises managing remote server configuration with tools such as bcfg2 and Puppet. 

“Remote server management is a multidimensional problem, and managing the Linux OS is only a part of it,” said Ideas International Inc.

CEO Tony Iams Iams outlined several considerations in approaching this problem, but concluded that  “perhaps the most important factor in choosing a remote Linux management tool…is to make sure it integrates smoothly into the dominant management tools and procedures that are already in place.” 

Do you have a question you’d like to see asked and answered? Email it to  editor at searchenterpriselinux.com class=”MsoCommentReference”> . To see the complete responses from our IT pros, go to the feature main page.

Collective Linux development model will be tough to beat, report says

The humble penguin is mascot of quite a treasure.

According to an updated Linux Foundation study, to build from scratch today, the Linux kernel would cost $1.4 billion; a typical Linux distro, $1.2 billion. In addition, Fedora 9, the current community version of Red Hat’s operating system, would cost a whopping $10.8 billion to replicate in current dollars.

The study also quoted a report from Framingham, Mass.-based IDC that appraised the collective value of the entire Linux computing ecosystem at $25 billion. That’s quite a trajectory for Linux Torvalds’ kernel in just 17 years.

The conclusion underlines the obvious: Linux has become a computing powerhouse, running everything from tiny mobile devices to the largest banks and supercomputers. While the software’s open code and modular construction are inherent advantages, the massive Linux community of individual and corporate developers who share the task and cost of improving the software are key to the platform’s success, the report concludes. In contrast, proprietary software companies, which must shoulder their development costs in isolation, will ultimately be hard put to compete with the open source model, the report concludes.

No kidding. As far as this blog is concerned, the report and its conclusions preach to the converted.

American Idol vs. Britney: Why open source will prevail, Red Hat says

Red Hat CEO and supersalesman Jim Whitehurst sure knows how to keep things simple. In yet another global tour pitching Red Hat, Whitehurst compared the open source development model to American Idol, the TV show that propelled country singer Carrie Underwood to instant fame, and the proprietary software model to Microsoft’s much-scorned Vista operating system and Britney Spears.

According to a ZDNet.co.uk article, Whitehurst told a Singapore business forum that companies using open source software address their major software pain points right away and can then share the results quickly with the rest of the community. Proprietary software companies, on the other hand, are slowed down by the need to solicit user feedback and then fix the problems through a top-down, planned development cycle. That model, proclaimed Whitehurst, is on the decline, he said.

Look at the recording industry, Whitehurst said. They spend far less to market American Idol winners, whose appeal has been proven up front than they do on the multimillion-dollar marketing campaigns for Britney Spears that lack a similar advance-popularity litmus test, Whitehurst said.

Whitehurst’s analogy couldn’t be clearer (which assumes that the typical Asian businessman is familiar with American Idol and is old enough to remember records). Anybody else still got any old 45s kicking around?

Novell promotes SLES in 11-city Linux tour

Waltham, Mass.-based Novell Inc. wrapped up a whirlwind three-week U.S. tour promoting SUSE Linux Enterprise yesterday with a packed presentation at the Hyatt Regency in Cambridge, a relatively short distance from its headquarters. The tour, which began Sept. 25 in Dallas, included 11 U.S. cities. The final stop is Oct. 21 in São Paulo, Brazil.

Speaking before an 80-member audience, two Novell engineers presented SUSE as a comprehensive Linux platform with the tools and applications to run a seamlessly managed, automated data center and address OS, management applications and virtualization. They also hinted at future improvements in virtualization, security and file systems.

Geared more to prospects than customers, the lively discussion encouraged audience participation, rewarding questioners with Linux penguins that featured the Novell logo, of course. The presentation included an impressive demo of live migration, moving a new James Bond movie from server to desktop without interruption.

Hewlett-Packard Co., which sponsored the event, made its hardware pitch during lunch.

The event was a great way to get Novell’s message out there. And the view of Boston from the top of the Hyatt was fantastic.

Linux Foundation caves to pressure, closes summit to press

The Linux Foundation’s job is promote the use of Linux-based open source software, whose code is freely available for anyone to examine, modify and distribute as they please.

Yet the foundation’s first End User Collaboration Summit in New York City this week was closed to the press and the public, open only to guests by invitation.

Does anyone see a contradiction here?

While the purpose of the Linux Foundation is to promote the use of open source software, the foundation will hold a closed conference with several hundred attendees to discuss how to accelerate innovation in the platform.

In declining my request to attend the summit, the foundation wrote that “the end users there are completely paranoid about getting quoted in the press and made us close it.” The end users. That means the big IT guns in the audience. No doubt they came from many industries but had a heavy representation from Wall Street firms who like having access to open source code and modifying it for their own competitive advantage without allowing their rivals (who might be in the next seat) in on the secret. It’s a tight-lipped group.

Exactly how would the presence of the press infringe on the confidentiality of the conference attendees? Would it make them reticent to ask questions? Even with the press absent, their competitors were still there to pick up any nuance in a question. If the insistence on secrecy comes from the “end users,” the confidentiality problem would have been better solved by simply having attendees ask speakers questions privately, as I did to the CIO of Merrill Lynch following his keynote at LinuxWorld. (To his very evident annoyance, I might add.)

If the push for a closed meeting came from speakers, that’s bad, too. One summit speaker defended the closed meeting by saying his company requires advance permission to give presentations at a public event, and it makes such permission difficult to obtain. (That sounds like the recent Chinese Olympics, which created special locations for protests  but didn’t grant speaking permits.) How sad this is if corporations in the land of the free and the brave prevent their brightest developers from leading workshops and helping others because they might divulge corporate secrets. (And based on the workshops I’ve attended, that’s highly unlikely.)

Just this week, I struggled to find a user who would speak to me about his experience with a Fedora community project and a Red Hat spokeswoman explained that the Fedora project participants couldn’t speak to me either without getting prior corporate permission. (All this fuss over a new installer.)

Under the same principle of “protectionism,” what if the U.S. decided to close its borders to imports to boost local manufacturers and businesses? What if federal, state and local governments decided to close public meetings and decisions to avoid holding officials accountable for difficult (or slimy) actions?

I think the Linux Foundation caved on this issue. By closing the door on the press, it also closed the door to everyone except an elite handful. The thousands of Linux users who might have benefited directly or indirectly from the idea exchange and thought up new ideas on their own will never get that cross-fertilization opportunity.

Conferences on open source software should be open to the press and the public — period.