...making Linux just a little more fun!

<-- prev | next -->

Notes from Linux World 2005 - San Francisco: Linux World goes Enterprise

By Howard Dyckoff

With a deluge of product announcements and a heady debate on the future of software patents, the Linux World Conference and Expo (LW2005) sailed into San Francisco in early August. Debian announced its intention to go more commercial, and Darth Vader and representatives of the Evil Empire up north made an appearance as well.

This was fun as always, but some of the flavor of past LW conferences was missing.

To some extent, this was less a Linux World conference and more an Open Source Software conference, with many major companies showing off their Open Source credentials. Just look at the keynote presenters, starting with Oracle, HP, and IBM, (See the conference website) then there were the Red Hat and Mozilla presentations. Certainly there were good panels, like the one OSDL presented on software patents, but the 500 pound gorillas dominated.

Of course, IDG, the conference organizer, did say that the "prevailing theme of this summer's conference program will be Linux in the enterprise." They did emphasize that the "conference program will illustrate how enterprises are reaping the business benefits of Linux and Open Source," so there were presentations on Grid offerings and on calculating the ROI of using Open Source Software in the Enterprise.

Many alumni I spoke with noticed the change in emphasis and were wistful for the older, Linux bad-boy attitudes and the give and take of technical presentations where peers openly disagreed. To be sure, there was some of that, but there were more suits and better shoes at LW2005, and that boosted attendance at both the conference and the expo. Perhaps this is the inevitable fallout of getting corporate elephants to dance...

Strong set of conference tutorials

Linux World had an opening day of tutorials organized into 1 or 2 sessions of 3 hours, followed by three days of conference sessions and the Expo. I did see a few folks who went just to a tutorial and then the Expo, even though the keynote speeches were open to all.

The topics spanned included Samba and its administration, hardening Linux systems (taught by Bastille Linux creator Jay Beal), a Linux cluster hands-on lab, Xen and other Virtualization Techniques, a session on the Novell kernel debugger, and a detailed look at Google APIs and utilities. There was also a 2-part Linux system administration track. Each tutorial had a book of slides and some additional reference material. Since they were priced fairly, this was a good deal.

Jay Beal's system hardening materials were based on material from his security talks website, which includes links to an earlier BlackHat presentation on locking down Solaris and Linux that was shrunk a bit for his LW2005 tutorial. Of course, many of his points are incorporated in the Bastille Linux scripts, which also offer good explanations for its many security options. Use those scripts and check out the security talks link.

The tutorial for web developers on using Google utilities and APIs was taught by Deryck Hodge of the Samba team. It covered custom searches, using the Google API as a Web Service with Perl and Python, gcli as an interactive "shell" for Google searches, GMail tricks, XML parsing, and building custom maps for display. He promised to have "code and tutorial stuff" available on his updated website.

There also was a 3-day, conference-long session on Linux System Administration in a large room that was open to any full conference participant. That tied in very nicely with the 'free' (as in beer) Linux certification exams offered by LPI, the Linux Professional Institute — Expo attendees were offered the exams for only $25 instead of the usual $100, so a newbie could (with some outside reading) attend part or all of the 3-day session and have a good shot at the basic certification.

Good track of security presentations

Several of the security presentations were led by Jay Beal (who presented the Linux hardening tutorial), but many other presenters rounded out the topic. The first session, "Linux Security Report", was presented by Coverity creator Seth Hallem. He advocated using static code analysis to find as many potential bugs as possible, and his tool (Coverity Prevention, a spinoff from a grad project at Stanford University) is very good at finding those static bugs. His main point was that good static analysis will run down more code paths than test cases can, and will check all variables, working toward a goal of zero compromising defects. Large software vendors like Oracle, Cisco, and Sun seem to have joined the Coverity static analysis camp.

He presented a lot of statistical data: security vulnerabilities go up with more code (but Linux seems to mostly reverse this), developers spend about 40% of their time on reworking buggy code, the vast majority of security flaws are from detectable bugs not caught by limited test cases, etc. One key result: Linux was very good in comparison with commercial software of its size and complexity.

Another key result: over half of the bugs in Linux were in the device drivers, with only 1% in the kernel (and most of these due to the addition of new features). That's especially good, since many Linux installations will not use the problematical drivers. They discovered 1,008 defects in other parts of version 2.6.12 outside of the file system and kernel. Below is a pie chart of those defects.

Two slides about defects in Linux code (security vulnerabilities go up with more device driver code):

Linux Bugs - Pie Chart

A white paper on bugs in the Linux kernel is available here (requires registering with Coverity).

Evil Empire at LW2005

Among the surprises at LW2004 was the appearance of Microsoft in sessions and in the vaulted Golden Penguin Bowl contest. This year had Microsofties competing with Google geeks, who won handily, but the crew from Redmond performed fairly well, actually listing almost as many UNIX variations as the winning Google team in the final round. In the spirit of the occasion, the MS trio came dressed as 2 Imperial Storm Troopers and Darth Vader (where did they get those great outfits?!!).

That was fun, but is this the proverbial "wolf in sheep's clothing" syndrome? Is MS trying to put on an Open Source party hat while surrounding and assimilating Linux as just a better Unix that's easier to manage with MS tools and utilities? Or are they genuinely turning over a new leaf?

Bill Hilf, Director of Platform Technology Strategy at Microsoft, presented one of the more surprising sessions, S42: "Managing Linux in a mixed environment... at Microsoft?: A look inside the Linux/Open Source Software lab at Microsoft". His biography showed a long history of open source credits, including being a senior IT architect at IBM and leading Linux technical strategy for their global markets organization. He was one of the storm troopers, answering most of the Penguin Bowl questions. Unfortunately, his on-line LW2005 slides consist only of the title slide. He was also interviewed the day before on Slashdot.

Hilf said that MS wanted a real expert on Linux and Open Source software, "...not someone to kill the penguin." He also noted that his team regularly uses "over 40 different flavors of Linux and BSD, plus several commercial Unix" products.

Hilf spoke the language of the audience and certainly had the right credentials; it felt like a peer was addressing the audience. Hilf gave us spins and feeds, diagrammed a very large test data center of over 300 clients and servers, and showed us real Linux servers running Open Source software at the evil empire. He also explained how reluctant MS co-workers were eventually won over (after uncovering SMB errors with a Samba SMB Torture suite) and became interested in his lab as an integration test bed. But he gradually tempted everyone present with current or beta integration tools based on MS tech, especially the MS Virtual Server. He said it was a full product (minus a box) worth $1000 and most attendees made sure to get the software as they left.

His last (and most persuasive) effort, was a demo displaying the ease of scripting in Monad/MSH, a kind of .Net enhanced Bash shell with POSIX features. And it's good, very good. Its a familiar shell environment that also leverages the .Net infrastructure and can control services in both the Linux and Windows spheres. It's also a trail of honey to win some mindshare among system administrators and younger Linux users. Here's more on MSH.

All this will make it easier to integrate Linux and Windows - in fact, any Unix work-alike - yet it seems specifically planned to favor managing the integration from the Windows side.

After LW2005, at the Intel Developer Forum in San Francisco, Microsoft announced its upcoming Virtual Server upgrade would support the virtualization of both Linux and Solaris operating systems on Windows servers. Is this a new strategy to surround and 'assimilate' Linux? (Remember that magazine cover before the Web showing Bill Gates as a Borg? What will another year or two bring?)

Just after LW2005 there were articles about a potential deal with OSDL and Microsoft to do so-called independent research on the prospective advantages of Windows and Linux. Was this the camel getting its nose in the tent, or is this just a continuation of the rapprochement started with Sun in the last year? After all, back in July, OSDL leader Stuart Cohen said he could "...see Microsoft participate in software that runs on top of Linux in the future."

Is a deal with OSDL good for Linux and the community? While truly independent research helps us all, there is probably no way that the results would not be exploited by Microsoft (and they probably expect to pick up some points with their latest version of WinServer). As I finish this article, there seems to be a complete rejection of the joint study by OSDL. It seems that OSDL asked MS to release its Office Suite on Linux as a test and MS balked. Figures...

Keynotes and press conferences -- DCCA is born

There were many press announcements but among the most significant was the announcement of the Debian Common Core Alliance. Although there isn't a clear consensus on whether or not this is the best thing for Linux, most long term Linux users at the conference seemed accepting if not enthusiastic about the development, along with large doses of skepticism. Several sources suggested that a common core may be the best that the Debian community can muster since so many organizations and individuals are involved. But the needs of the large base of Debian users makes this move necessary.

One commenter opined that having a common core (supported by less than 70% of the Debian organizations) would not actually create more Debian forks, but also may not significantly reduce the current number of Debian forks.

Ian Murdock, co-creator of Debian Linux, introduced the the DCCA at a press conference on the first day of LW2005. Key among the goals for the first common core release is full Linux binary compatibility, which means supporting the LSB Linux Standards Base (DCC will be compatible with LSB packages which use the RPM format by using the 'alien' tool to translate the package into native Debian format, since LSB specifies the format, not the RPM suite). A major secondary goal is having more regular release cycles. DCCA hopes to track LSB releases, roughly an 18 month cycle. Beyond that, the goal is to create a 100% Debian core that can support enterprise business users and their applications and accelerate acceptance of Debian.

DCC is not a Linux distribution. Its better thought of as a software repository with common fixes and updates. Individual distros will use that core and also contribute to it. ISVs would also certify applications to that core. Among the initial DCCA founding members are Xandros, Knoppix, Linspire, Mepis, and SunWah. More Debian distros and some hardware vendors are expected to join by year end.

The first DCC release is expected in mid-September. It will be based on Debian 3.1 and should be certified to LSB 3. DCC version numbers are based on the major version of LSB.

Bruce Perens of Open Source Labs spoke favorably about DCCA at the initial press conference and also the next day at panel of Linux/Open Source software authors linked with the PTR/Perens publishing project. Check out the PTR site for downloadable books.

According to Bruce, the DCCA will provide a way to "certify to a Linux distribution, [while having]... multiple support providers who... differentiate themselves at a higher level up the stack." He also noted that globally Debian Linuxes have 2-3x the installed base of SUSE Linux, and this will expand that base.

I spoke with Ian Murdock just before the article submission deadline, and he said "We're in heads-down mode, working on DCC 3.0, the first version of DCC, based on the 2.6.12 kernel... On the engineering front, it's going well." Ian commented on the partner certification program, "...at the end of the day our goal is to have a core that ISVs, etc., can certify to... An ISV would certify once and that would be it."

Ian added, "Debian is a community project. We are also becoming active as the DCC in other Linux projects. For example, we don't want to define our own standards; we want help LSB to define formal standards that will be used for all Linux versions, such as package-name issues, and then we'll do a specific implementation for Debian. We want to be additive to existing projects, not reinvent anything."

"I'd love to see DCC play a role on the LSB project; standards with implementation associated with them are always more successful than generalized standards. If DCC could become a reference implementation, it would make LSB and DCC stronger and also make the whole Linux world stronger."

Freeing Up Software Patents

Open Source software and the future of software patents were touched on by 2 different keynotes, one by RedHat deputy general counsel, Mark Webbink, and also in a panel moderated by Stuart Cohen, CEO of Open Source Development Labs, as well as the author panel. Webbink spoke about the innovation-crushing effect of software patents and called on Microsoft to refrain from using software patents against users and individual developers. (Software Protection and the Impact on Innovation)

Software patents are more contentious than copyrights and hardware patents, which cover a single object or entity. Software patents typically try to patent ideas, processes, sequences, and even appearances. A pharmaceutical patent would typical cover a single formula or drug family, specified fairly precisely. Software developers run afoul of software patents more often because they are more vague and there have been too many granted for trivial or non-unique 'inventions'.

There currently are over 150,000 software patents, growing at about 10,000 a year. Webbink noted patent searches often cost $5000 each. Searching and analyzing even only 3000 patents would cost $1.5 million. He added that MS alone plans to file 1000-2000 software patents a year.

"What if Dan Bricklin had patented VisiCalc? that would have locked up spreadsheet software through the year 2000." Webbink said many current software patents are not that significant. He noted that MS has a patent for adding and removing white space in a document.

He stridently criticized the patenting of software code alone. Patents should be applied only to unique inventions. He concluded by saying that software patents are used primarily to block innovation by competitors.

OSDL hopes to create a patent repository that will support the Open Source software community and not to restrict innovation. This would be accomplished by major ISVs, like IBM, Oracle, Novell, Red Hat, etc. giving their intellectual property to OSDL or another non-profit to administer.

Perens, at the author panel, noted that "... every large Open Source software project infringes on some patents, but these are bad patents," adding that "we need significant patent reform in the US". He was also skeptical of the OSDL patent pooling idea, as many of those patents may be encumbered by cross-licensing agreements and won't be that useful in defending Open Source software. "This is spitting in the wind", he added, and not reforming existing law.

Diane Peters, general counsel for OSDL, recently offered more detail on the OSDL Patent Commons project. See this report for OSDL's position.

Eben Moglen, Chair of Software Freedom Law Center, spoke at the OSDL panel keynote and supported the project. "OSDL is the ideal steward for such an important legal initiative as the patent commons project... there is strength in numbers and when individual contributions are collected together it creates a protective haven where developers can innovate without fear."

Of Swag and Collateral

The Expo had a lot of vendors and a lot of freebies, including a program of free sessions on each day. Among the best freebies were Linux penguins, cloth creatures from Sun Wah and Novell, both cuddly. There was also the 10-inch Dilbert doll from EMC. My fiancee loved all of them!

VMWare, as part of its efforts to contribute to the Open Source software community, brought attention to itself by giving full user licenses to VMWare desktop for all Expo visitors who registered at the booth. (but it has been about 30 days and I still haven't gotten my license yet). This one does not expire...

Besides several CDs of software and collateral info, IBM also passed out a flashlight with a bright white LED. The interesting part is that this one is recharged by a USB port. (So if the power fails, you can find your way out of your cubicle...)

Besides its ubiquitous red baseball hats, Red Hat also handed out thousands of 4 oz. chocolate "Shadow" bars, which were tasty and included a slip under the wrapper with an offer code for $100 off any Red Hat class for the rest of 2005 (extra sweet... BTW, the code # is 458551W).

Novell also offered green SUSE hats at their booth, some of which were later found on the "Pike 'O Shame" at the Fedora booth, along with a few skewered cuddly SUSE lizards (the announced Open SUSE will have some proprietary Novell code which is encumbered by cross-licensing deals for now - but they intend to 'open' that soon, but apparently not soon enough for Fedora loyalists). See, this still is a colorful community!

Oracle ran its annual Linux install-fest on two "Birds of a Feather" (BOF) evenings (thanks to Kurt Hackel for organizing it so well) and participants at this BOF got trial SUSE and Red Hat software CDs and NEW Oracle 10g R2 CDs plus a light dinner. And I think that was the only food at the BOFs.

Of course, there were several great BOFs, including an open session with the notorious CmdrTaco of Slashdot. And that may have kept too many people up too late.

News and Press Releases

I received more PR emails about product announcements for LinuxWorld 2005 than all the other conferences I registered at for that last year. Some were major and some were minor. Here are a couple of bullets on a few:

(Some of these may appear in the NewsBytes section of the Linux Gazette. Here's a more complete list at the LW2005 Press site, But a few new efforts should be noted:

Splunking, anyone?

Although Google and MS may provide some competition, an SF startup is targeting the search and virtualization of Data Center logs and other info sources. The idea here is to allow systems administrators, support staff, and developers to diagnose and resolve problems faster by having needed meta data in one place.

Splunk finds and organizes multiple files in search databases and provides a report language. Data can be entered by reading files in specified directories, tailing live files, or listening to messages sent via named pipes. Currently, searches are by key word, time and specified text strings. The Splunk server has software that tries to discover event relationships across network and machine domains.

For now, you can get the free Splunk Personal Server from splunk.com, get a public beta of their new product, or go to the project pages.

Open Source Hardware?

OpenGear demonstrated very cost-effective KVM consoles with remote access features. Not very dramatic, except OpenGear is participating in the 'okvm project' (see the project page) which is developing Open Source console and KVM management software and is hosted as a SourceForge project. And okvm also is developing plans for open source KVM hardware. This stuff...

OpenGear currently sells an 8-port KVM for only $500 and a 48 port unit for only $1500 retail. A review in ITworld was very favorable. Visit opengear.com for more info on their KVM over IP products and the move to Open Source hardware.

Make the move

Resolvo Systems offers its MoveOver product in desktop and enterprise editions. The idea here is to automate the transfer of a user's Windows desktop settings, files, and environment to Linux. Resolvo makes a limited edition available free to individual users and has contributed source code to the new OpenMoveOver project on SourceForge.

As part of an LW2005 promotion, Resolvo is also offering its Quro Linux management product free to new registrants. It acts as a domain controller and LDAP server. Check that out at Resolvo.com.

Resolvo is partnering with CodeWeavers for migration to the CrossOver office suite and Moveover Enterprise was a Best Integration Solution Finalist for this year's LinuxWorld.

Resource Links

Session PDFs... Best if you use the expo web site to get the session number first.

Here is a list of the session tracks...

Here is a link for all the LW2005 Product Excellence Awards finalists... what the competition was...

And here are the actual LW2005 Product Excellence Awards winners...

(from LinuxWorld and Sys-Con Media)

LinuxWorld-Boston is scheduled for April 03-06 in 2006. And LinuxWorld-San Francisco 2006 will probably be held next summer. Drop in if you are on either coast then.

 


[BIO] Howard Dyckoff is a long term IT professional with primary experience at Fortune 100 and 200 firms. Before his IT career, he worked for Aviation Week and Space Technology magazine and before that used to edit SkyCom, a newsletter for astronomers and rocketeers. He hails from the Republic of Brooklyn [and Polytechnic Institute] and now, after several trips to Himalayan mountain tops, resides in the SF Bay Area with a large book collection and several pet rocks.

Copyright © 2005, Howard Dyckoff. Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 119 of Linux Gazette, October 2005

<-- prev | next -->
Tux