[Thu Dec 30 17:02:23 CST 2004]

Information Week publishes a list of the most overrated and underrated trends in 2004 that is well worth reading if only to get a different point of view. For example, they include open source software in the most overrated money saver category:

Compare Red Hat Inc.'s midtier standard price for Linux with tech support ($799) to a roughly comparable Windows Server 2003 license from Microsoft ($999), and you begin to see how the numbers really crunch. And those are just list prices. (...) In addition, there are costs associated with open-source software that aren't always obvious.

Other interesting picks: "fly-by-night blogs" among the most overrated new media, "the Google guys" are most overrated e-commerce execs and cell phones are considered overrated tech toys. {link to this story}

[Thu Dec 30 15:44:34 CST 2004]

Information Week publishes its annual list of Innovators and Influencers for the year 2005, where I read about Robert Drost, senior researcher at Sun Microsystems. Apparently, he has been working on a new tecnique to allow computers to transfer data wirelessly between computer chips at speeds up to 100 times faster than what is possible now. As the article stresses,

If it works in mass production, it could help Sun differentiate its wares from do-it-yourself PC clusters. "People just slap together a number of Linux boxes and call it a supercomputer", Drost says. "But there's a class of applications that requires massive bandwidth".

Yes, there is indeed, but I still wonder if it is possible to live off that niche market. Cray and SGI both tried and I would say it is safe to say now that they failed. Yes, it may be possible to make some money from that particular niche market (supercomputer and high performance computing), but perhaps only as a part of a larger business and not "striking it alone". In any case, Sun appears to be onto something that could be big. Hey, at least they are innovating! {link to this story}

[Thu Dec 30 15:39:15 CST 2004]

Yet another old time giant that may succumb to the new ways. JetBlue airlines has announced that it is pulling out of Sabre. Apparently, only 2% of their sales were carried out via Sabre while 75% came from online bookings via their website. To top it all off, tickets purchased through Sabre were more expensive too. Other airlines may or may not follow suit, but the reality is that many of them do sell more tickets using the web than old methods. And there are still people out there who claim that the .com revolution did not change much after all. Sure. {link to this story}

[Wed Dec 29 19:46:31 CST 2004]

I am more and more excited by the work of the Mozilla developers. These guys have managed, in just a few years (yeah, yeah, it was a long wait), to give Microsoft a run for its money. After a long time where Internet Explorer was the king of the jungle, the Firefox browser is truly innovating and pushing the envelope further and further every few months. I now read about Wikalong, a new Firefox extension that allows you to to take notes of any document you are viewing so that the next time you visit the same page the browser shows up your notes in the margin. Needless to say, this is extraordinarily useful for research purposes. According to the article, one can associate not only notes but also pictures and other links to a given web document. {link to this story}

[Tue Dec 28 09:36:43 CST 2004]

Much has been written about how SSH works, but Brian Hatch's series of articles on SSH published by Security Focus are definitely my favorite:

• SSH User Identities
• SSH and ssh-agent
• SSH Host Key Protection

By the way, his Linux Firewall-related /proc Entries is also well worth a read. {link to this story}

[Tue Dec 28 07:45:02 CST 2004]

If you are running a MySQL database you should know by now how to perform backups. In any case, if you are still looking for an easy to understand article on the issue NewsForge published today Backing up your MySQL data. It all boils down to a couple of commands:

# mysqldump -u -p -h sample_db > /usr/backups/mysql/sample_db.2004-12-16

... or, if you would like to compress the data on the fly:

# mysqldump -u -p -h sample_db | gzip > /usr/backups/mysql/sample_db.2004-12-16

{link to this story}

[Tue Dec 28 07:37:04 CST 2004]

JavaPro publishes an article on how to use X10 wireless technology and Java to turn out the house lights remotely. It does not look nearly as difficult as it sounds. Apparently, X10 Wireless Technology Inc., the manufacturer, makes it pretty easy by now and all you need is to plug in the correct module to the PC and that is about it. There is no need to rip up all the walls. So, I searched around the Web a little bit and came across Bruce Winter's CM17.pm Perl module. Yet another project to add to my todo list. {link to this story}

[Thu Dec 23 12:23:25 CST 2004]

Some Federico Biancuzzi interviews Richard Stallman for O'Reilly Network. Most of the questions are appallingly simple, repetitive and/or plain stupid, but one still has to admire RMS's incredible ability to synthesize ideas in a very logical and consistent manner, no matter what we think of his sometimes radical ideas. Where else can you read a clear explanation of what free software entails better than this?

If you buy a house, you are free to change it. If you don't know how to change it yourself, you can hire a carpenter or a plumber to change it for you. The same with software. Every user can take advantage of the the freedom to change the software. If it's free, you can persuade your cousin the programmer to change it for you, or you can hire someone

Nonfree software is controlled by its developer. The developers often implement malicious features —for example, to spy on the user or to restrict the user. Sometimes they keep the malicious features secret. But they also figure that people will be so desperate for the software that they will accept it even with malicious features. Users can't remove the malicious features, because they don't have the source code.

This cannot happen with free software, because free software is controlled by the users. If ever a free program had a malicious feature, any programmer could remove the malicious feature and release a modified version--and all users would choose that version, including nonprogrammers. You won't have to make this change yourself, because someone else will have done the job for you before you get it.

{link to this story}

[Mon Dec 20 18:13:38 CST 2004]

While reading an old thread from the Linux kernel mailing list, I came across this great description of the new development model by Lee Revell:

Part of the reasoning behind the new development model is that if you want a stable kernel, there are many vendors who will give you one. The new dev model is partially driven by vendors and developers desire to get their features into mainline quicker. There is an inherent stability cost associated with this, but the price is only paid by users who want stability AND the latest kernel.org kernel. The big players all seem to agree that the new development model better suits users and their own needs. The distros are in a better position to determine what constitutes a stable kernel anyway, they have millions of users to test on. Let the vendors AND the kernel hackers do what they are each best at.

{link to this story}

[Sun Dec 19 12:33:38 CST 2004]

I have been reading quite a bit lately about the AMD64 platform and, more specifically, the x86-64 open source ports to the architecture. No, I still cannot afford buying a new machine. Actually, most of what I run here at home is old junk (hey, Linux still runs fine on old system with little memory, especially if you choose Debian-based distros). In any case, Open Magazine published a good summary to "the 64-bit wars" that includes a nice chart with the pros and cons of all the contenders (AMD Opteron, IBM POWER, Intel Itanium and Sun UltraSPARC) as a follow-on to their Battle of the I/O Heavyweights article that showed a significant lead for the AMD64 architecture in the heavy I/O benchmarks. Now, I also came across an article from Windows IT Pro where they talk about David Cutler's preference for AMD64 too. For those who never heard of Cutler before, he used to work for Digital, where he led the development of VMS prior to moving to Microsoft to develop their Windows NT kernel. Add to that Linus Torvalds' own comments about AMD64 and it would seem as if this is a serious contender to Intel's Itanium architecture. For the time being, I am more familiar with Itanium than anything else (mainly due to my first-hand experience supporting and testing SGI's Altix servers), but my interest in AMD64 is definitely growing. It looks like a winner, based not only on performance but also (and this is usually far more important) the price and broad use in the industry. {link to this story}

[Sun Dec 19 12:17:14 CST 2004]

Ever considered to leave big corporate America and become your own master? NewsForge publishes a short article about the promising future of Linux consultants that includes a few nice tips. These people are doing a little bit of everything: system administration, network administration, help desk personnel, architects, developers who write custom programs... Most importantly, as one of them explains:

"My business has not grown because I have positioned myself as a Linux consultant, but because I can frequently go into a bidding situation and do a project for 30 to 60 percent less than my Windows competitors," says Dale Laushman, principal of The Uptime Group, Inc., a consultancy focused on networking and systems. Laushman recounts a particularly memorable project in which he won a contract to replace La-Z-Boy Furniture Galleries' outdated frame relay network with a Linux-based system and commodity off-the-shelf PC components. With a competitor quoting $60,000 for a Cisco-powered network and T1 service, the advantages of Laushman's $20,000 open source system, which also enabled the compression of traffic between stores without additional hardware, were clear.

The key appears to be not to sell Linux (or even open source) as the product, but rather a solution to the customer's problems at a lower price than the competition. I suppose there is no surprise there, right? Fanatics and evangelists love the technology but customers do not give a damn about the aesthetics of the code. All they care about is that it works and the price is affordable. Why should it be any other way?

By the way, the article also contains some practical advise for those who are considering the move:

Jeff Schroeder, a Linux consultant providing Web and database development, email and Web site hosting, and network services through his businesses neoBox, BitRelay, and Red Wire Networks, says, "I might be the smartest geek around, but if my clients don't understand what I'm doing, it's a sure bet they won't come knocking when the next project arrives. In addition, almost everyone I deal with on a daily basis is non-technical." Schroeder goes on to stress that while running one's own business, or in his case, three businesses, is demanding, the variety and rewards often exceed his expectations as well. "My schedule is my own to command, and I take vacations or days off whenever I feel like I need a break. The industries in which I work -- natural foods, record labels, real estate, online sales, software, architecture, music groups, security, and design firms -- are quite diverse, which makes for a lot of exciting opportunities."

(...)

Skills outside the technical realm are especially important, given that many Linux consultants find most of their clients through networking rather than advertising. In Reifschneider's case, "I found our first client at a local Linux Users Group meeting." Schroeder says, "Virtually all my projects come through word of mouth." Reifschneider also credits tummy.com's Web site and its large array of useful Linux-related content yielding "naturally" high search engine ratings.

(...)

While most Linux consultants report a steadily growing market for their services, it's important to consider practical factors before quitting your day job. Laushman recommends, "Do any work that is reference-able, even if it means not getting paid, like setting up a Linux server for your father's friend's small office. Call everyone you know and let them know what you are doing, and ask them for leads." As for financial planning, Reifschneider advises, "Figure on at least three months of living expenses to get started. That allows a month to get going, a month to do work, and a month before the payments for that work come in. For software, we've found that it takes about six months."

{link to this story}

[Thu Dec 16 07:37:24 CST 2004]

Well, Red Hat has finally announced an open CVS repository for Fedora after much criticism. They also add:

After CVS access, the next big technical milestone for Fedora is the creation of a build system for use by contributors. Three AMD64 servers have been set aside and are being configured for use as build systems for x86 and x86_64 packages. Access to these build systems will be provided to a limited number of Fedora Extras contributors, who will act as beta testers of the build system. During this time, we will be hammering out a number of build system work flow issues.

It was about time. Red Hat has to show that they truly see Fedora as something other than a simple marketing tool. {link to this story}

[Wed Dec 15 15:08:26 CST 2004]

OSNews publishes that the OpenBSD project will soon release an alternative to CVS called OpenCVS. Let us wait and see what they come up with. I use CVS quite a bit, but have always felt leery about its security record. Hopefully, the OpenBSD guys will manage to inject some badly needed security into CVS. I know, there are some other alternatives such as Subversion but I am used to CVS by now. I suppose sooner or later I will give those a try, but for the time being I would rather stick to what I know. {link to this story}

[Sat Dec 11 11:21:51 CST 2004]

Computer World published some musings on secure passwords that presents us with a nice introduction to the passphrase-vs-passwords debate. The article contains a great reference to a series of articles that Jesper M. Johansson, Security Program Manager with Microsoft, has written on this very same issue (see: part 1, part 2 and part 3 of the series). They are worth the time. {link to this story}

[Fri Dec 10 17:41:21 CST 2004]

If nearly a week ago I wrote about my not-so-happy experiences with Fedora Core 3, today I read another review of the same distribution in Linux Planet . I could not agree more with its first paragraph:

The first thing anyone considering using Fedora needs to know is this is not a safe, sane Linux distribution. It's not meant to be. Fedora is the test bed for Red Hat Enterprise Linux, and is also the replacement for Red Hat Linux, with two major differences: there is no commercial edition, and it is intended to be a community project, rather than solely a Red Hat product. This is the playground for Red Hat engineers and random volunteer developers to go nuts and try out wacky new things, and users get to play along. It has a fast release cycle of 2-3 times per year, with shiny new things in every release. So you should expect a few bumps and lumps.

Well, and that is precisely what one gets. So, perhaps I should emphasize something here: I understand perfectly well that Fedora is no Red Hat Linux, the thing is in a permanent beta and we are told so before we install it, but I think it is still important to talk about it because way too many people out there are still recommending it as a default distribution for, say, home users. I could not disagree more. Fedora is strictly (or almost strictly) for hobbyists, developers and people who want to see what is up and coming for Red Hat Enterprise Linux, and everyone else should stay away from it. There is little doubt in my mind that I would not recommend it for your grandma's computer at home. {link to this story}

[Sat Dec 4 09:11:56 CST 2004]

Fedora Core 3 was released a few weeks ago, and it has received excellent reviews. So, I decided to install it on my workstation a couple of weeks ago just to be sadly surprised by its own shortcomings. I suppose it is to be expected ,since most reviewers simply install your latest Linux distribution, open a few applications here and there, browse to a few sites, send a few emails, write a quick document in their word processor and proceed to consider the test finished. In other words, it does not look as if the vast majority of these reviewers actually do use the Linux distribution they are writing about on a daily basis, least of all go through the experience of upgrading from a previous working system to a new one. In any case, I have been a little bit leery of Fedora for a while now. Its release cycle looks too fast paced to me, and I am not convinced they will be able to maintain a decent quality product if they continue doing things this way. Sure, it does look nice once installed, the desktop is well put together, nicely designed, with pretty graphics and everyghing appears to work smoothly. However, I am not so sure that its functionality is on a par with the one provided by Debian or Ubuntu, judging by how many things broke on my system after upgrading from Fedora Core 2. For starters, it wiped away my sound. All of a sudden, I did not have any sound whatsoever, and could not use XMMS or Real Audio. Yes, I understand the transition from OSS to Alsa is not an easy one, but the fact is that my sound was working fine under Fedora Core 2 and the upgrade broke it. So, as a consequence, I had to fiddle around with the kernel modules and load them manually in order to make it work. Yes, not a difficult task for someone like me who has been running Linux for years now, but I simply cannot see how that qualifies this distro as "user friendly" or "ideal for newbies" like so many other people argue. Mind you, my chipset is a plain VIA82xx so it is not as if I am running some wild and exotic hardware here.

In any case, had the problems been limited just to the sound that would have been nothing, but there is more. The gnome-terminal failed to refresh correctly, which means that my Inbox within mutt was distorted all the time and I had to constantly refresh it manually. The version of Firefox that comes with the distribution failed to display my search box in the toolbar as previously configured, crashed constantly and appeared to have a weird problem displaying the submit and reset buttons in many HTML forms. So, I decided to fire up up2date and try to update to the latest packages, just in case that fixed some of the bugs. Well, I must say that up2date should be considered itself a major bug. What a pain in the neck it is to use it in order to maintain the packages. It will bring anyone used to Synaptic down to his knees and crying in desperation. I had to manually configure the proxy by editing a file in vi (yes, I can do it, but I seriously doubt most newbie users out there can), wait forever until the application launched and slowly moved through its different sections and... well, it crashed twice on me. In the end, I had to move down to the directory where it saved all the RPMs that had downloaded, so I could install them all (once again) manually. After a reboot (God knows what could have happened without one), Firefox seemed to behave much better, but the problem with muttgnome-terminal was still there. I had to end up going back to xterm, which is what I have been using ever since, at least to read my email. Incidentally, since there was a new kernel available, I also installed it to see if it fixed my sound problems, but it did not (as I said above, I had to solve that myself by loading the correct kernel modules).

Some people out there may think that this is unfair, since it represents after all just one experience with Fedora Core 3. Well, I am sorry to announce that at least three other friends had similar experiences. Sound was also gone in one of the cases, the system started to freeze in another case, and the third had to completely reinstall the whole thing after just attempting to install Totem using yum rendered his desktop completely unusable. In conclusion, Fedora Core 3 must be one of the weakest releases I have seen since the Red Hat Linux 4.x days, I think. Add to that the fact that its release cycle is so short and I am not sure any particular shop can run its systems on this distribution, neither on the server nor the desktop. As the reviewer for eWeek says,

At this point, eWeek Labs believes it's safest to plan on updating Fedora every other version; pay for a distribution with a longer support term; or go with Debian GNU/Linux, which offers a fairly long-lived, stable branch.

{link to this story}

[Sat Dec 4 09:01:49 CST 2004]

Just in case anyone had doubts that Microsoft's security problem is not accidental or simply the consequence of its success in the market that makes it prey to evil hackers, I just came across an article discussing the serious security holes found in Windows by Desktop Google. In case you do not remember, Desktop Google is a little app that allows you to search your own Windows machine, creating a searchable index of data files, emails, word processing files, spreadsheets, etc. The main problem is that, apparently, it also identifies and indexes browser cache files, encrypted files and, even worse, allows other users access to your own information. As it could be expected, some people are pointing their fingers to Google, demanding that they re-write the application to correct this behavior. Needless to say, that would do nothing but just hide the problem under the rug. There is something more serious here that really needs to be dealt with and until the day that happens Google Desktop will be just one in a series of applications (including viruses and malware) to exploit these weaknesses in our technology. {link to this story}