Robert Accettura's
Fun With Wordage

This really isn’t very accurate. I don’t know the details of the vulnerability or even if there actually is one, but I question the marketing around the Zero Day Initiatives vulnerability report. The big news seems to be “only 5 hours” after the release.

This isn’t really accurate if you think about it. It would be if Firefox 3 were a tightly controlled product that nobody could see a final version of. Reality is that the entire source code lives in CVS, there are nightly builds, and formal release candidates posted. Could someone have downloaded it after release and found a security issue? Absolutely. Is the timing a little suspicious considering everything was done out in the open? Yes.

It wouldn’t have made any waves if a vulnerability was found in a release candidate. It would have just been patched and a new candidate posted.

The advantage to the open source development process is the transparency through the entire process. The code in the release build isn’t remotely new or surprising. Many people had been running it for days prior to the actual release.

Again, it’s possible it all happened in 5 hours. But I doubt someone discovered a security hole, documented it, then it was verified and confirmed in just 5 hours. Especially considering the open nature of the development process and how easy it is to check things out in advance.

Facebook today released the code behind their application platform. What that entails:

This release includes the API infrastructure, the FQL parser, the FBML parser, and FBJS, as well as implementations of many common methods and tags. We’ve included samples and some dummy data to help you get started fast.

It’s mostly licensed under Common Public Attribution License (CPAL), with the exception of the FBML stuff, which is MPL. It’s actually Mozilla code, and seems to be based on Firefox 2.0.0.4. I wonder if they plan to upgrade to Firefox 3? Some enhancements that would presumably give would be JavaScript 1.8 support and native JSON encode/decode. Or at least the latest Firefox 2 release… but I digress.

Before releasing their API last year, Facebook bought Parakey, founded by Blake Ross and Joe Hewitt of Firefox fame. I don’t know if this code is actually derived from the unreleased Parakey, or even written by them. For all I know it could have been written by Facebook developers well before they were even acquired. Though if I had to place a bet, I’d guess this is code from Parakey. The code all looks pretty well scrubbed of anything that might give away Facebook secrets.

Big Buck Bunny, the new open movie made using Blender is out. It’s rather good, and impressive when you realize it’s made with open source products, meaning the only barrier to making one yourself (assuming you’ve got a rendering farm, or the patience to let your workstation churn out the pixels) is your skills. You can download it from the website (h.264 available) or watch on YouTube. I’d recommend the download so you can appreciate the HD quality. Some more screenshots can be found on Wikimedia Commons.

The first open movie was Elephants Dream back in 2007. Elephants dream used proprietary audio software. As far as I can tell, Big Buck Bunny didn’t.

Between the two I think I like Elephants Dream more. It was a little darker, but struck me as a little more entertaining. That’s my personal opinion though. It will be interesting to see what the next one is.

Sun was initially thinking of a commercial fork for MySQL with some enhanced things like encryption and compression backup for commercial users. Obviously this created some outcry. It appears they’ve now reconsidered and those features will be open source. To quote Kaj Arnö:

…expect Sun/MySQL to continue experimenting with the business model, and with what’s offered for the community and what’s offered commercial-only. We won’t always know the right answer from the beginning, but we want MySQL to be the most popular database for both paying and non-paying users.

The willingness to listen to community feedback, and look for a balance means Sun may not prove to be a bad thing for MySQL, of course time is the ultimate test. More than once a product has been written off after an acquisition only blossomed, or has failed when success seemed certain.

Balancing open source in business is no easy matter, both from producing and from consuming. It forces many people into new rolls, developers, visionaries into lawyers, and lawyers into tech savvy computer elitists. There’s no standard model for everyone to follow as every project and every company is unique. Striking a balance in such a dynamic and evolving environment is tough, when there’s no simple formula to help model business plans, it’s even more complicated.

Given open source adoption in the enterprise is on the rise, and corporate backing of open source seems to be following that, I suspect there will be some innovation in this field in the next few years as some of the more clever individuals find new ways to strike that magic balance.

Google announced the project lists for Summer Of Code 2008. Some of the more interesting projects from my perspective:

Adium

• Data Detectors for Adium

Dojo Foundation

• Native cryptography API for Google Gears
• Dojo-Charting improvements
• Dojo GFX Enhancement

FFmpeg

• AAC-LC Encoder
• MLP/TrueHD encoder
• Apple Lossless Encoder for FFmpeg

Gallery

• Facebook / Flickr Style Image Region Based Tagging

Inkscape

• SVG Fonts

Joomla!

• Multi-DB support, and Database abstraction layer implementation for Joomla!

The Mozilla Project

• Natural language parsing for automatic calendar event creation
• Powerful search engine for SUMO
• Support OpenID as an account login in Bugzilla
• Google Contacts Extension for Thunderbird

MySQL

• Streaming Enabled MySQL Driver for PHP
• MySQL query analyzing tool
• New in-memory storage engine
• Memcached for Query Cache

PHP

• Implement Unicode into PHP 6

Pidgin

• Master password support for pidgin

WebKit

• WebForms 2.0 Support
• Improving and Extending WebKit Inspector

WordPress

• WP-storage
• Integrated Caching Solution
• Improving the search system

Does that title accurately describe open source? Via Valleywag I found this blog post from Psychology Today which I’d recommend reading. This is really the most interesting part:

First, there’s street cred: People want to garner approval from their peers and build their reputation. Second, there’s self-actualization: Working on these projects is enjoyable in and of itself, and it also provides the opportunities to practice your skills, collect feedback, and grow as a geek. Third, there’s pure altruism: Let’s save the world, one squashed bug or “[citation needed]” at a time.

Interesting stuff. I definitely fall in the “practice your skills, collect feedback, and grow as a geek” category.

Also noteworthy: 97.8 percent of open source programmers are male. Like there was any surprise that it’s somewhat of a sausage fest on #developers. Anyone ever check the ratio on about:credits? Come up with an automated way to do that’s licensed under MPL/GPL/LGPL and you’ll earn some serious street cred not to mention save the world and practice your text analysis skills.

I guess this is even more extreme than the Dave-to-Girl ratio.

Mark Pilgrim has a great picture of the top laptops on Amazon.com right now. What I found interesting is that the first Windows laptop is #6 (and no it’s not running an Intel), The #1 and #2 goes to Mac OS X and Linux.

1. Apple Macbook 13″ (2.4GHz)
2. Asus Eee 4G 7″ (900MHz)
3. Asus Eee 4G Surf 7″ (800MHz)
4. Apple Macbook 13″ (2.4GHz)
5. Apple Macbook 13″ (2GHz)
6. HP Pavilion DV2740SE 14.1″ (2Ghz AMD Turion 64 X 2)

Taking a look at the competition it’s pretty clear why. The Times They Are A-Changin’.

That new 9″ Asus Eee looks pretty nice. What would be ideal is if they made the 7″ with a higher resolution and kept the price the same. 9″ is a little large for this class of mobile computing.

Lately I’ve been using rsync to keep two hard drives in sync. I’ve been thinking of switching to rsnapshot since it would give me with incremental backup which is much better. What I’ve yet to figure out is if it can handle resource forks (with Apple’s special flag in rsync), and HTS+’s. Google hasn’t returned much on the combination, so apparently there’s very little experience out there. As a result I guess I’m sticking with the more simple rsync until I see otherwise.

Ok, I promise to slow down on the use of X vs. Y on this blog, but after this post. CNet has an interesting blog post by Stephen Shankland essentially asking is public domain software open source? A very interesting question.

This little bit of information from Richard Hipp, founder of SQLite, I found to be particularly interesting:

“…The consensus there seems to be that ‘public domain’ is valid and is a proper subset of ‘open source’–except in France and Germany where the concept of ‘public domain’ is not recognized…”

In my opinion, as long as the project stipulates that all contributions be released as public domain (defined as intellectual property not owned or controlled by anyone, and available for use by anyone for any purpose without restriction) for perpetuity, I think that in itself is an open source license. It’s also the cleanest and most easy to read.

So Microsoft will open up with information on many protocols/formats, and provide a “covenant” not to sue open source developers. Note the exception. Microsoft reserves the right to sue companies who commercially distribute such implementations. They need to get a license. As Microsoft put it in their principles:

Open Source Compatibility. Microsoft will covenant not to sue open source developers for development and non-commercial distribution of implementations of these Open Protocols.

As far as everyones reaction to this, Arstechnica wins with the best quote:

“Instead of offering a patent license for its protocol information on the basis of licensing arrangements it knows are incompatible with the GPL—the world’s most widely used open source software license.”

It may settle some curiosity in regards to how close certain reverse engineered implementations are to the actual protocol, but beyond that I don’t think it will make any difference. I think this caveat would limit most projects ability to utilize the information. I don’t think any major project is willing to utilize code subject to that limitation.

For example I mentioned just the other day that Exchange compatibility would bring about the most corporate adoption to Mozilla Thunderbird. Well this could potentially help make that a reality, except Mozilla’s commercial arm would be subject to trouble come release time. Not to mention any downstream commercial distribution that includes it (including many Linux distributions) unless they include a version without this code.

It may however be possible for a company to sell a product and offer a GPL licensed open source “plugin” or “addon” that adds the functionality. So for example Thunderbird would ship as usual via Mozilla Messaging and various Linux distributions. If you wanted exchange compatibility you would need to go to mozilla.org and download the addon for it. Similar to the current process for the provider for Google Calendar. However this adds a nasty extra step for users. It’s far from ideal.

The other notable thing in my mind is this part of their principles:

Industry Standard Formats. Microsoft supports many data formats promulgated by standards bodies in its products today. We will apply Principle II with respect to any standards-based data formats in our high-volume products. We will incorporate customer advice from our Interoperability Executive Customer Council and our ongoing community and customer engagement efforts to give us guidance to prioritize which standards we support in any given product release.

We want OpenDocument.

So despite all the media attention, I don’t think open source gained much today. There’s potential (OpenDocument getting priority would be nice), but really no big win. I just don’t see projects giving up GPL, and I’m pretty sure this agreement would violate GPL.