Open Source

MySQL Going Closed Source

I was a little concerned when MySQL AB was purchased by Sun, however Sun had a pretty long history with open source and mostly seemed to know how to balance things. When Sun was purchased by Oracle, I was quite uneasy knowing Oracle has a way of killing everything that isn’t Oracle. Seems like that time has finally come. Thankfully there are some forks of MySQL already. It might be time to start reading up and making sense of them.

Mozilla Open Source

Why Open Source Is Pretty Awesome

At some point I think it’s easy to take things for granted. Being able to alter software to meet your needs is an awesome power.

Today, a tweet rehashed an annoyance regarding a tactic on websites to alter copy/paste and put a link with tracking code in your clipboard. I could opt out, but that doesn’t fix when websites roll their own. It’s a fairly simple thing to implement. In my mind there’s little (read: no) legitimate justification for oncopy, oncut or onpaste events.

So I did an hg pull while working on some other stuff. I came back and wrote a quick patch, started compiling and went back to working on other stuff.

Then came back to a shiny new Firefox build with a shiny new preference that disabled the offending functionality. A quick test against a few websites shows it works as I intended by simply killing that event. You can’t do these things with closed source.

Of course I found the relevant bug and added a patch for anyone interested.

A 15 minute diversion and my web browsing experience got a little better. Sometimes I forget I’ve got experience on that side of the wire too 😉 .

Around The Web

2012 Presidential Candidate Websites

Back in 2008 I did a special segment in my “Secrets In Websites” series for the 2008 Presidential Elections. It was quite popular (almost crashed the server). I decided to do it again, but slightly revised for 2012.

Open Source Web Development

Introducing “It’s All Good”

Several months ago I was looking for a good way to monitor not just my server, but the actual services on the server. Just responding to a ping doesn’t mean everything is OK. As the old saying goes “if you can’t find it, build it”. The result of this is a little project called It’s All Good.

At its core it’s a light framework for checking various aspects of a server and deciding if things are operating within defined parameters or not. So far it has “out of the box” support for:

  • CPU Load – As simple as it sounds. Check that your CPU load doesn’t exceed a threshold you define.
  • Disk Usage – Sets off an alarm when your server is running low on disk space.
  • SMTP Ping – This makes a connection to your SMTP server to check that it’s online and operational.
  • MySQL Check – Checks to see if it can make a successful connection to a MySQL server.
  • HTTP(s) Check – This can connect to a HTTP or HTTPS server and check that it connected successfully as well as check that for a condition on the page. This is handy to make sure a web app is up and running or that your SSL cert isn’t expired.

Like I said, it’s just a framework, so adding other checks are relatively easy. There’s lots more I want to include (memory, disk IO, process monitor for example). It’s designed to monitor the host, not a series of servers (though technically doable). This isn’t Nagios, it’s a way to get a quick glance at your key services on a host.

On its own it doesn’t send any notifications. It’s designed to be combined with the keyword monitoring feature of services like Pingdom, Monitis, Host-Tracker, SiteUptime, or among others. This way you not only check services, but the server itself. If anything fails, you will be notified by your monitoring provider.

It’s All Good also has a UI for an admin to view which can give you the status and a basic rundown of its polling data. It’s also designed to so that it’s pretty easy to read on mobile devices like the iPhone, making it a great dashboard for on the go.

Lastly it’s designed to be pretty light and quick, so unless you are monitoring a ton of things on your server, it shouldn’t have any real overhead.

So far I’ve only implemented real support for the checks for Linux. I suspect most will work on BSD, and Darwin (though not all). Windows still needs some help. Patches are welcome. I’d also like to support things like IP whitelist/blacklists (automated via RSS fetches), and lots of modules to extend what it can keep track of.

Licensed GPL v2.

Mozilla Open Source Security

Zero Day Vulnerability

This really isn’t very accurate. I don’t know the details of the vulnerability or even if there actually is one, but I question the marketing around the Zero Day Initiatives vulnerability report. The big news seems to be “only 5 hours” after the release.

This isn’t really accurate if you think about it. It would be if Firefox 3 were a tightly controlled product that nobody could see a final version of. Reality is that the entire source code lives in CVS, there are nightly builds, and formal release candidates posted. Could someone have downloaded it after release and found a security issue? Absolutely. Is the timing a little suspicious considering everything was done out in the open? Yes.

It wouldn’t have made any waves if a vulnerability was found in a release candidate. It would have just been patched and a new candidate posted.

The advantage to the open source development process is the transparency through the entire process. The code in the release build isn’t remotely new or surprising. Many people had been running it for days prior to the actual release.

Again, it’s possible it all happened in 5 hours. But I doubt someone discovered a security hole, documented it, then it was verified and confirmed in just 5 hours. Especially considering the open nature of the development process and how easy it is to check things out in advance.

Mozilla Open Source

Facebook Open Sources Platform

Facebook today released the code behind their application platform. What that entails:

This release includes the API infrastructure, the FQL parser, the FBML parser, and FBJS, as well as implementations of many common methods and tags. We’ve included samples and some dummy data to help you get started fast.

It’s mostly licensed under Common Public Attribution License (CPAL), with the exception of the FBML stuff, which is MPL. It’s actually Mozilla code, and seems to be based on Firefox I wonder if they plan to upgrade to Firefox 3? Some enhancements that would presumably give would be JavaScript 1.8 support and native JSON encode/decode. Or at least the latest Firefox 2 release… but I digress.

Before releasing their API last year, Facebook bought Parakey, founded by Blake Ross and Joe Hewitt of Firefox fame. I don’t know if this code is actually derived from the unreleased Parakey, or even written by them. For all I know it could have been written by Facebook developers well before they were even acquired. Though if I had to place a bet, I’d guess this is code from Parakey. The code all looks pretty well scrubbed of anything that might give away Facebook secrets.

Around The Web Open Source

Big Buck Bunny

Big Buck Bunny

Big Buck Bunny, the new open movie made using Blender is out. It’s rather good, and impressive when you realize it’s made with open source products, meaning the only barrier to making one yourself (assuming you’ve got a rendering farm, or the patience to let your workstation churn out the pixels) is your skills. You can download it from the website (h.264 available) or watch on YouTube. I’d recommend the download so you can appreciate the HD quality. Some more screenshots can be found on Wikimedia Commons.

The first open movie was Elephants Dream back in 2007. Elephants dream used proprietary audio software. As far as I can tell, Big Buck Bunny didn’t.

Between the two I think I like Elephants Dream more. It was a little darker, but struck me as a little more entertaining. That’s my personal opinion though. It will be interesting to see what the next one is.

Open Source

MySQL Staying Open

Sun was initially thinking of a commercial fork for MySQL with some enhanced things like encryption and compression backup for commercial users. Obviously this created some outcry. It appears they’ve now reconsidered and those features will be open source. To quote Kaj Arnö:

…expect Sun/MySQL to continue experimenting with the business model, and with what’s offered for the community and what’s offered commercial-only. We won’t always know the right answer from the beginning, but we want MySQL to be the most popular database for both paying and non-paying users.

The willingness to listen to community feedback, and look for a balance means Sun may not prove to be a bad thing for MySQL, of course time is the ultimate test. More than once a product has been written off after an acquisition only blossomed, or has failed when success seemed certain.

Balancing open source in business is no easy matter, both from producing and from consuming. It forces many people into new rolls, developers, visionaries into lawyers, and lawyers into tech savvy computer elitists. There’s no standard model for everyone to follow as every project and every company is unique. Striking a balance in such a dynamic and evolving environment is tough, when there’s no simple formula to help model business plans, it’s even more complicated.

Given open source adoption in the enterprise is on the rise, and corporate backing of open source seems to be following that, I suspect there will be some innovation in this field in the next few years as some of the more clever individuals find new ways to strike that magic balance.

Mozilla Open Source

Self Serving Sausage Fest?

Does that title accurately describe open source? Via Valleywag I found this blog post from Psychology Today which I’d recommend reading. This is really the most interesting part:

First, there’s street cred: People want to garner approval from their peers and build their reputation. Second, there’s self-actualization: Working on these projects is enjoyable in and of itself, and it also provides the opportunities to practice your skills, collect feedback, and grow as a geek. Third, there’s pure altruism: Let’s save the world, one squashed bug or “[citation needed]” at a time.

Interesting stuff. I definitely fall in the “practice your skills, collect feedback, and grow as a geek” category.

Also noteworthy: 97.8 percent of open source programmers are male. Like there was any surprise that it’s somewhat of a sausage fest on #developers. Anyone ever check the ratio on about:credits? Come up with an automated way to do that’s licensed under MPL/GPL/LGPL and you’ll earn some serious street cred not to mention save the world and practice your text analysis skills.

I guess this is even more extreme than the Dave-to-Girl ratio.

Open Source

Public Domain vs. Open Source

Ok, I promise to slow down on the use of X vs. Y on this blog, but after this post. CNet has an interesting blog post by Stephen Shankland essentially asking is public domain software open source? A very interesting question.

This little bit of information from Richard Hipp, founder of SQLite, I found to be particularly interesting:

“…The consensus there seems to be that ‘public domain’ is valid and is a proper subset of ‘open source’–except in France and Germany where the concept of ‘public domain’ is not recognized…”

In my opinion, as long as the project stipulates that all contributions be released as public domain (defined as intellectual property not owned or controlled by anyone, and available for use by anyone for any purpose without restriction) for perpetuity, I think that in itself is an open source license. It’s also the cleanest and most easy to read.