Entries Tagged 'Linux' ↓

Just my luck

I don’t travel much – I really don’t. I may travel 8 to 10 times per year, and this is light compared to many of the ‘air warriors’ I know out there. Yet, the three most significant events in open source this year – Red Hat’s acquisition of JBoss, Oracle’s Unbreakable Linux, and Microsoft’s partnership with Novell all occurred during a flight, making research, writing, and talking to the media hard to do.

I am in the process of finalizing the 451 take on the Microsoft and Novell announcement for distribution on Friday. Please check the blog on Friday afternoon for more coverage of this announcement. And, if you’re a 451 subscriber, we’ll be sending out the Market Development (MD) article on this topic as part our daily MIS email for Friday.

More soon…

Some great quotes on IDS from them what evade it…

Random quotes from a discussion on the Daily Dave pen testing list regarding the IPO of Sourcefire, the security company founded by Marty Roesch, the inventor of the Snort open source intrusion detection system (IDS). Priceless stuff, seeing comments on IDS from those who avoid it.

“Making IDS part of a defense in depth strategy is giving it some credit for actually providing defense, which it doesn’t do. The people who win the IDS game are the people who spend the least money on it. This is why security outsourcing makes money – it’s just as worthless as maintaining the IDS yourself, but it costs less. Likewise, Snort is a great IDS solution because it does nothing but it does it cheaper.”
— Dave Aitel

“…Defense in depth. It’s an extra barrier. You don’t not run an AV just because someone can write a custom virus it won’t detect. You run simple and automated systems that can deal with the 90% of threats that are easily managed in order to free up valuable human resource to look into the 10% that really do need to be understood. It does work; it’s just that, when working, it only has a limited role to fill and is not a one-stop-shop-one-size-fits-all-be-all-and-end-all-turnkey-security-solution. But then again, nothing is. Or at any rate, no automated system is. The only thing that really works for security is people. Lots and lots of people, looking at what’s going on and thinking about it and worrying about whether something’s wrong or not.
— Dave Korn

Enough people here know about how IDS’s don’t live up to nearly any expectations, or how they.. do? I personally don’t believe in them in any way, I would implement them once I am done with a lot of other security measures. Now, if I am to look at what they give me vs. another box for compromising which sits in a critical location… I am not sure what choice I’d make. For some reason, people equate Intrusion Detection to IDS devices. IDS devices are signature based and try to detect bad behaviour using, erm, a sniffer or equivalent. Intrusion detection is everything which will help detect an intrusion. IDS won’t unless it’s too late, and keep you busy while you’re at it.
— Gadi Evron

I think that you are throwing away a technology because of the fact it doesn’t live up to the hype the sales monkeys have spewed. While I will agree that IDS’ are not the end all be all, they do provide a very important layer within the defense in depth strategy. Yes you can evade them, and yes most companies want to just plug them in and forget about them, but that doesn’t make the idea wrong. I am a little biased,
— Kevin (BASE Project Lead)

Nobody says it needs to be a one-size-fits-all solution – it’s just that there is a difference between something which is capable of detecting/preventing only a bunch of known exploits vs. something which is capable of preventing a known class of attacks…
–Joanna Rutkowska

Unfakeable Linux

I woke up this morning and checked out Red Hat’s web site, after receiving an email from my contact at Red Hat Corporate Communications. What did I see? UNFAKEABLE LINUX in a mega-font. Red Hat has posted a response to the Oracle announcement. Take a look. At the end of the FAQ page, Red Hat indicates that there is more to follow.

This will be an interesting marketing and PR battle to watch, although I suspect those of us in the open source media and analyst community will end up doing a lot more than watching. Yesterday was an insanely busy day, between our Mark Shuttleworth coverage in the morning and our Oracle coverage in the afternoon and early evening. Many thanks to Nick Selby, the 451 security analyst and open source aficionado extraordinaire for his coverage of the Ubuntu angle yesterday.

What I really want to know is what existing Oracle and Red Hat customers think about the news. Someone in the press should reach out of the user community and capture this perspective.

“Fundamentally, this is free software in a proprietary wrapper”

Earlier today, we reported on our discussions with Mark Shuttleworth on the release of Edgy Eft and the speculation about whether Oracle might announce a partnership or closer business ties with Ubuntu. We weren’t playing All The President’s Men – it wasn’t a major scoop when we said that nothing would happen today between Ubuntu and Oracle.

As Shuttleworth told us later, “We’ve made no secret of the fact that Oracle’s a key player in the ISV market for any OSV. If we ever announce full certification of Oracle on Ubuntu it would be a decisive moment for the project. I do believe we’ll get there, there’s growing demand for it among Oracle’s customers, so I think it’s likely to happen eventually.”

Later, Oracle announced that it would support Red Hat Enterprise Linux as part of its Unbreakable Linux program, by providing its own patches, fixes, updates and back ports, in addition to its own binary distributions of the operating system.

After the announcement, Shuttleworth told us,

“It’s a very interesting move by Oracle, and sends exactly the ‘services based’ message I would expect them to want to send. On the one hand this is a hell of a shot across Red Hat’s bows, on the other, it further entrenches Red Hat’s position at the centre of the Linux-for-the-enterprise game.

“I think we can expect Oracle to get frustrated with supporting someone else’s codebase. If it takes off from a business perspective, then fine, but I really doubt that large numbers of people will switch from Red Hat to Oracle as a provider of support for Red Hat. Red Hat, certainly, is not going to make it easy for customers to live on both sides of the fence, and most companies will want SOME access to Red Hat. So if Oracle wants to make money from ‘owning a linux stack’ then I don’t think this is a winner. On the other hand, if they just want to keep a lid on Red Hat, without rocking the boat too much, then this works fairly well.

“Fundamentally, though, this is still free software in a proprietary wrapper. The pricing may be different, but it’s still old-school thinking. I don’t think anybody who will consider jumping to Ubuntu from Red Hat will pause very long on the Oracle option.

As Martin Schneider and Raven Zachary wrote tonight in our Market Insight Service, “What intrigues us is the possible end game for Oracle. Does it plan to buy Red Hat in the future at a reduced price? If that is the plan, isn’t it hurting itself by essentially creating a variant of the distro? And how will these potentially converging code bases be rectified if Oracle makes an acquisition attempt of Red Hat later on?”

Shuttleworth: “No Oracle Deal…Today.” (but stay tuned)

Rumors buzzed, but nothing during today’s keynote at Oracle OpenWorld by Larry Ellison regarding Oracle’s commitment to Linux – possibly in collaboration with a major Linux vendor. Whether Ellison used the word, “Ubuntu” in this speech, we believe that an Oracle-Ubuntu partnership is in the cards, based on an interview this morning with Mark Shuttleworth. Let’s not get all excited – this may not even be that big a deal. Ubuntu may not even be Oracle’s focus but instead one partner among several – we’ll see.

This morning, Canonical CEO Mark Shuttleworth said he wasn’t announcing an Oracle deal “today,” but he did indicate that an Oracle-Ubuntu partnership was not a matter of if, but rather of when. [By the way, the time of the call – 4am ET/9am BT – didn’t sound promising for a dramatic, surprise Shuttleworth cameo on stage in San Francisco similar to that at Sun earlier this year, but who knows – Shuttleworth gets around, and could be burning off the jet lag]

“There has been a tremendous amount of interest in Oracle on Ubuntu” Shuttleworth told us, “and that will be one of the strategic steps we’ll take in due course.”

His comments were in the context of discussing Canonical’s server-oriented ISV approach, and he said that there has been, “a tremendous amount of interest,” in Oracle on Ubuntu. Shuttleworth reiterated that it would be, “Tactically valuable” for Oracle to cut a deal which would give it more influence over a Linux distro. Now he tells us that it would be both strategically and tactically valuable for Canonical and Ubuntu to cut a deal with Oracle.

We’ve noted before that, thanks to Shuttleworth’s endowment (Shuttleworth made his fortune in the sale of his company Thawte to Verisign in 1999 for approximately 1.2 smazillion dollars) Canonical has the wherewithal to build its operating system and surrounding community infrastructure while being relatively insouciant in its approach to the paid engagements which would be so crucial to a purely commercial enterprise.

Since the release of Dapper LTS in June, 2006 (at which time we said that we believed that Canonical had around a dozen commercial support contracts), Shuttleworth says that Canonical has seen significant uptake in commercial discussions, negotiations and the number of contracts signed, and that the discussions have been taking place between Canonical and significantly larger enterprises. Canonical says its commercial pipeline now includes many much larger enterprises, including a Spanish enterprise engaging in a 400,000 desktop deployment (it is currently, Canonical claims, deciding whether to roll out Dapper or Edgy).

Shuttleworth says that these larger enterprises have expressed keen interest in further development of Oracle-on-Ubuntu, and that closer ties are, strategically, steps that Ubuntu will take in due course.

Another area of speculation has been of consumer related OEM deals with HP or Dell. Canonical says that it is not announcing any OEM deals right now with any manufacturer in the West, but that it is just about to announce a ‘quite significant’ OEM deal with an Indian computer manufacturer (he was about to, but a Prague-based Canonical staffer stepped in and said it was premature to make the actual announcement, so we reckon it’s coming along pretty soon now).

Shuttleworth believes that there is not much value or cost benefit to OEM deals for Ubuntu in the US, Europe and other developed markets, but that in specialist markets (workstations for CAD and specialized industries) and in the developing world, such arrangements can be quite valuable for all involved.

One of Canonical’s other initiatives has been in developing its kernel and software to get Edgy to work with the feature sets of all currently shipping Intel kit, designed, Canonical says, to leverage Intel’s penetration in the developing world.

Ubuntu’s determination to consider the wide proliferation of Plug n Play (PnP) devices, especially on notebook and laptop computers, such as PCMCIA cards, removable storage devices, peripherals and, of course, multimedia devices, cameras and such, led to a rethink about how these devices were getting loaded at boot time. Upstart – which replaces init as the first process to run on boot, essentially allows administrators to dynamically reconfigure the operating system to consider the hardware and networking components available at boot time, permitting dependencies (one thing has happened, therefore another thing can happen). Apple has gone a similar route with its Launchd, released in Mac OS X v10.4 Tiger – a single, standardized interface to all programs started automatically by the system.

By moving to Upstart, Ubuntu says that Edgy boot times are significantly faster than before, but there is far more to faster boot time at work here. In addition to highly useful functionality such as permitting the addition of removable media to be loaded at boot time, Edgy promises a game-changing look at the Linux Terminal Server Project. LTSP itself is a modern implementation of the old X-Server, which allows administrators to deploy a server to which thin clients attach via an SSH tunnel and download their linux kernel across the network at boot, then start an X-Windows server which looks to a remote display manager (such as GDM or KDM). Users interact with applications which are run on the server.

The LTSP has adopted Ubuntu as the core for LTSP version 5. Shuttleworth says Canonical believes it can point to compelling evidence indicating significantly lower total cost of ownership for LTSP as a tool for enterprises to migrate from Windows to thin-client-based Linux. Red Hat and Novell have spent a lot of time convincing enterprises to adopt Linux to the current level; the FUD surrounding another switch, to yet a different model of open source, may sound just too groovy or too weird for CIO’s to even contemplate at this point.

If it has truly revamped thin client infrastructure to the extent that there is a measurable TOC advantage to migrating to Linux on thin clients from Windows, Canonical has the chance to make enterprises sit up and pay close attention. But there’s still very little – and we mean very, very little – money being made here. And as we have pointed out, enterprises are aware that there is always the risk that if Shuttleworth tires of this project, it will die.

This is getting really interesting.

Red Hat quarterly earnings results

Red Hat announced its fiscal 2007 second quarter earning results yesterday (press release). This was the first quarter that included consolidated JBoss financials. JBoss accounted for $7m of the total $99.7m in revenue for the quarter. Although Red Hat indicated that this was the 6th consecutive quarter adding more than 10,000 new customers and the 18th consecutive quarter of sequential growth in total revenue, profit was down 34% compared to the same quarter in the prior year, due to an increase in operating expenses. Quarterly cash flows from operating activities failed to meet Wall Street’s expectations.

The result? Red Hat’s stock price is down from 26.32 at closing yesterday to 20.20 right now, a drop in 23.25%. That’s a loss of more than a billion dollars in market capitalization overnight. Seeking Alpha has posted a transcript of the conference call, if you are interested. It’s only a matter of time until Red Hat regains that billion dollar market cap loss – there’s still a lot growth in this space, especially with the broader product and services strategy that the company is taking.

Red Hat moves ahead with JBoss integration

Red Hat made an announcement yesterday concerning its acquisition of JBoss. The deal closed over 90 days ago and Red Hat was ready to talk specifics about integrating JBoss’ products and services into the Red Hat portfolio. This announcement has two main components:

  • JBoss subscriptions are now available through Red Hat’s global channel partners, providing a much greater reach than existed previously.
  • The Red Hat Application Stack aimed at LAMP and Java deployments. The stack includes Red Hat Enterprise Linux (RHEL), JBoss Application Server, Apache Tomcat, JBoss Hibernate, and support for MySQL and PostgreSQL. Additional LAMP components, such as Apache Web Server, PHP, and Perl, are included as part of RHEL.

In addition, Red Hat remains committed to JBoss multi-platform support. Although its new stack offering is specific to RHEL, the full range of JBoss subscriptions will remain available for other operating systems, such as Solaris and Windows.

Marc Fleury on Oracle Linux

Marc Fleury, Senior Vice President and General Manager of the JBoss division of Red Hat (formerly CEO of JBoss, Inc.), has posted a blog entry, “Wall Street, Oracle and Game Theory,” about the viability of Oracle Linux. It’s a bit more detailed than what I’d expect from an SVP of a public company regarding potential competition, but it’s a good read. I think Marc overstates the complexities of Oracle doing a new distribution, but his comments on the demand for Oracle Linux are interesting (backed up by a “study” – I’d like to get the source).

“Does ANYONE REALLY WANT ANOTHER LINUX DISTRIBUTION? Please raise your hands.” – Marc Fleury

Marc – go check out Ubuntu. I know that your Red Hat colleagues are. 😉

Introducing the CAOS Research Service

I am pleased the announce today the we have officially launched the 451 Commercial Adoption of Open Source (CAOS) Research Service and the first CAOS Report – “Stack and Deliver,” covering the open source stack provider space. For more details on these announcements, I invite you to take a look at the two press releases that were sent out today:

The 451 Group Introduces the 451 Commercial Adoption of Open Source (CAOS) Research Service

The 451 Group Cuts Through the ‘Single Throat to Choke’ Hype from Open Source Stack Providers in New Report

Many thanks go out to Dennis Callaghan, Chris Noble, and Nick Patience, for working with me on the first CAOS Report, as well as all of you who took part in the end user survey, vendor briefings, and discussions both on and off the record. Also, many thanks go out to Rachel Chalmers for so diligently covering the open source space for The 451 Group for years and years and also authoring our special report, Cashing in on open source software, which was published last December.

I will be blogging about the various components of the CAOS Research Service in the days ahead.

What I did at LinuxWorld

Last week, I attended LinuxWorld San Francisco to meet with vendors, participate in a Mobile Linux panel, and to simply experience the main LinuxWorld event. Although IDG World Expo produces LinuxWorld in more than 15 countries, LinuxWorld San Francisco is the flagship event. This was my first time as an attendee of LinuxWorld San Francisco, and only my second LinuxWorld ever, having attended the Boston event last spring. Prior to joining The 451 Group in February, LinuxWorld was not a priority for me as an independent consultant and writer.

Linux is synonymous with servers, but this is old news to the LinuxWorld crowd and not the hot topic at the show. Although, servers, both software and hardware vendors, dominate the expo floor. The hot topic this year was Mobile Linux, with Motorola and PalmSource as platinum sponsors (along with the usual suspects, IBM, HP, Novell, and Oracle). In contrast, the theme of LinuxWorld Boston was Virtualization, although this remained a major topic in San Francisco, as well.

I enjoyed the sessions on Mobile Linux, especially “The State of Mobile Linux” presented by Bill Weinberg, Senior Technology Analyst at the OSDL. Bill did an excellent job in explaining the potential of Linux in the mobile market, backed by research data. I had the pleasure of sitting on a panel, “Keeping Mobile Linux Competitive“, moderated by Bill, although the attendance was light due to the fact that it was the last session on the last day of the conference.

Regarding Mobile Linux vendors, the Motorola and PalmSource keynotes lacked much substance, with both companies using the stage to express their support of Mobile Linux with future announcements pending. I found the information presented by Trolltech and a la Mobile to be more interesting, actually. Trolltech announced its Greenphone (I want one!) and a la Mobile had its ‘coming out’, although only showing a prototype of its technology. Keep an eye on these two and how they will fit into the mobile market. Motorola seems to be planning to go it alone with its own internal Mobile Linux project. Motorola is the second largest mobile device manufacturer behind Nokia.

One of the main topics discussed in the press room was the absence of Red Hat, at least in an official capacity. I posted a blog entry about this last week, “Where is Red Hat?.” While Linux extends far beyond the historical success of Red Hat, the absence of the most well-known Linux vendor was disappointing to some and confusing to others.

Most of my time was spent in meetings, and juggling between meetings and attending sessions was a challenge. [Note to IDG World Expo – please schedule a day of press and analyst briefings at the beginning of the conference so that we can actually attend the sessions!] I had the opportunity to sit down with Coverity, Trolltech, Codeweavers, Storix, Greenplum, SpikeSource, Sun, Novell, Scalix, Hyperic, Collax, a la Mobile, SugarCRM, Funambol, and EnterpriseDB. If I had more time during the three-day period, the list would have been longer. While walking the expo floor, I had the opportunity to check in with some other vendors.

So how did my experience in San Francisco compare with Boston? Take a look at my prior summary post – “LinuxWorld Boston – was it worth it?” From the summary…

I’m glad I went, but I found this conference a bit muted. Attendance felt low, vendors had mixed feedback (where are the end-users?), and there were no major news announcements

The above quote regarding LinuxWorld Boston basically sums up my experience at LinuxWorld San Francisco. The notable exception was a more lively show floor (resulting in less vendor disappointment in terms of lead generation). I am glad I went, but this is what I do for a living. Would I have spent the time and money to attend LinuxWorld San Francisco if I was an IT director? Probably not. Who exactly does LinuxWorld cater to? Software vendors, analysts, and the press? It’s convenient for me to have many of the people in the industry all in one place for meetings, sure. Does that make for a sustainable business model?

IDG World Expo has already announced that LinuxWorld Boston is no more, having been replaced with a smaller NYC event in February 2007, the LinuxWorld OpenSolutions Summit. Hopefully the smaller venue and limited focus will add a touch of intimacy that is missing from larger events.

LinuxWorld: Where is Red Hat?

Computer Reseller News (CRN) Australia has posted an article today by Paula Rooney entitled “Red Hat a no-show at LinuxWorld.” I’m still at LinuxWorld (expect a recap posting tomorrow) and the absence of Red Hat on the expo floor is one of the main topics within the media room amongst journalists and analysts. Who knows what is going on behind the scenes between IDG World Expo, who operates LinuxWorld, and Red Hat. Drama? Arrogance? Fiscal responsibility? A mix of each? Who knows!

The lack of an official presence by Red Hat and their new addition, JBoss, at LinuxWorld, is confusing to attendees and now a story with the media. A $10,000 Red Hat mini-booth or a sponsored developer party at the conference could have avoided this situation. While Red Hat may say that this is the wrong venue to reach out to existing and prospective customers, not showing up is a mistake, in my opinion, and is generating the wrong kind of buzz for a company already under attack by alternative distributions. Red Hat, more than ever, needs an active presence, and needs to keep the positive buzz.

Update 1 (08/17/06): NewsForge, “Day two at LinuxWorld: Red Hat is MIA, but Golden Penguins A-OK

Part III: Shuttleworth on HBD, ImpiLinux, Geographical Ubuntu Appeal and Gnome v KDE

In Part I of our multi-part series of discussions with Canonical CEO and Ubuntu founder Mark Shuttleworth, Shuttleworth covered the delay in the release of Dapper, and something of a history of the open source and free software movements. In Part II, Shuttleworth spoke specifically about Dapper in the Enterprise, and a bit about how Canonical will make money on Ubuntu. In this final installment, we delve into the geographics of Ubuntu’s appeal; the investment by Shuttleworth’s venture Capital fund, HBD in ImpiLinux, and ever so gingerly broach the religious topic of KDE versus Gnome — not just as the Linux desktop, but as Mark Shuttleworth’s Ubuntu desktop.

Shuttleworth spoke at length with The 451 Group, and his remarks are presented here, along with insight and commentary from 451 Group analysts who cover the worlds of open source and enterprise software. These include Rachel Chalmers, Martin Schneider, Raven Zachary and me, Nick Selby.

Geographical appeal of professional services
In terms of professional services and Ubuntu adoption, we’d have thought that demand for would be in greenfield markets, predominantly in Africa, eastern Europe, Asia and South America. But we’re very curious, of course, about adoption in the United States, Germany and the UK. We’re particularly interested in takeup in the US, for its sheer market size of course, and Germany, which has been a real leader in open source, free software and Linux adoption. In fact German enterprises are so inured to the switch to Linux and we’d think that if one can make it there as a professional services organization, one might make it anywhere.

Mark Shuttleworth: Well, the US is quite strong in terms of general Ubuntu uptake; about 15% of our overall footprint is in the US, which is very strong for a particular country. But it does suggest that Ubuntu is a more global project than most sorts of new technology companies, which tend to focus on the US as an early adopter marketplace. Very strong markets for Ubuntu are in Europe, where we have had a large early-adopter presence and are now starting to see more formal ecosystem emerge.

And in South America, which has long been an early adopter of open source and Linux in general, they now see Ubuntu as the right answer on the desktop from a free software point of view; and now more and more out in Asia, where the emphasis is a little different because of the kind of consumer electronics an PC industry expertise out there. The emphasis in Asia seems to be more in pre-installation, and certification of the OS on desktop hardware that’s kind of cutting edge, which is stuff that we really haven’t had to deal with before.

Nick Selby: It’s interesting to hear that 15% of Ubuntu’s takeup is in the US – that surprises me a bit, because of the overall international adoption numbers we get from sites like DistroWatch, as well as my experiences in Germany. More interesting to me though are the differences between the US and Asia in terms of the pre-installation of Linux on hardware. That’s a business I would have hoped to have taken off in the US more than It has, and even with the success (by its own standards) of Linspire selling pre-configured Linux hardware, it really hasn’t caught on. I wonder why. Perhaps it’s because of the fact that the vendors engaging in it don’t have the bandwidth or the resources to really deliver on the promise of pre-configured Linux that just works out of the box.

Raven Zachary: 15% for the US doesn’t seem too out of line when you consider the data on population and computer ownership by country. The US accounts for about 5% of the human population, but is the birthplace of the personal computer and has high levels of discretionary income. If you take a look at NationMaster, the US ranks #2 in personal computers per capita (San Marino, a country with less than 30,000 people, ranks #1). However, when you think of the US as but one of 191 or so countries, then yes, 15% does seem high.

ImpiLinux and HBD
Shuttleworth’s venture capital fund, HBD (it stands for Here Be Dragons, an allusion to the scary parts at the edges of old map coverage, which pretty much sums up Shuttleworth’s Avast! attitude towards innovation) has, among other investments, invested in ImpiLinux, a localized African-language version of Ubuntu. We wondered whether the demand for this software is strong enough that it would support that kind of commercial development, say, of localized Spanish or Asian language versions of Ubuntu?

Mark Shuttleworth: Our strategy with Ubuntu is very much to allow local, regional groups to customize it and produce something that is strong locally. In the case of Impi there’s a strong commercial imperative there, and that is related to the need for a local company which can provide services and support at a layer above what we would typically provide globally with Ubuntu. So that’s almost an orthogonal investment to the overall picture of Canonical with Ubuntu; Canonical’s role is to create a global ecosystem and to make that ecosystem self-sustaining by keeping the cost of production as low as possible and keeping the results, the product, effectively as general as possible. Whereas in the case of Impi there’s a very specific opportunity in South Africa, which required a vehicle dedicated to it. It is not part of the broader Canonical work.

[B]oth [ImpiLunux and Ubuntu] are driven by my belief that free software and open source are going to be major forces over the next ten years and so investments in both of those are interesting, but they have quite different strategic perspectives and viewpoints and approaches. Impi focuses on producing integrated solutions which include a much greater degree of diversity of proprietary software, and meets the needs of people who need something right now, where as Ubuntu is more about creating a universal platform, which is spreading very quickly and which will become pervasive over the next ten years.

Martin Schneider What really jumps out at me about this is how a lot of the commercial development around Impi is mimicking (in an interesting manner) some business plans of very large proprietary software companies. For example, a company like Sage Group has a single centralized development team, but fosters and supports a very large international reseller base that does most of the localization work. This typical 100% indirect model has worked for several open source firms as well – Compiere being a fine example.

So really, this model is not very different from existing ones, save for the costs are much less. But what is interesting is that a venture-type company can be the lead (given the open source development happening outside traditional “walls” of a vendor organization) of the project, not a vendor per se, and thus the amount of management and other overhead is less, and the company can focus more on fostering product development communities and identifying new markets to saturate.

Nick Selby: ‘Spreading very quickly’ is a fairly significant understatement: the initial take up, at least, of Ubuntu has been extremely high, with Ubuntu downloads dominating by insane margins the downloads from DistroWatch. Ubuntu has by most objective measures become the world’s most popular non-enterprise Linux distribution. Looking at the kind of innovation going on in the Ubuntu community, we wonder whether Canonical is demonstrating that philanthropy is the better fuel to support open source development — better even than commercial open source development, like that of, say, Red Hat. This is not, of course, to suggest that we think Ubuntu or Canonical is going to be causing panic in the boardroom of Red Hat any time soon.

Mark Shutleworth: I’d be very hesitant to jump that final conclusion. I certainly think that we have shown that it is possible to unleash a lot of constructive energy and to focus that energy and get good results in a relatively short period of time. I certainly also think that there is room for the Red Hat style approach where you identify a very specific set of services and features and functionality, a very specific market that you want to service, and you build an organization optimized for doing just that. So I think Red Hat has certainly carved out a sustainable, positive constructive place for itself.

We certainly have benefited by taking a quite an open and generous view in terms of intellectual property in terms of the way we organize and control our infrastructure by relinquishing a certain amount of control over exactly what goes in and what doesn’t go in and when it ships and so on. By acknowledging that we are part of a broader community, we get a lot more willingness from people who want to join that community and jump in and contribute their ideas and their work. To the extent that you can attract those kinds of contributions and turn them into something compelling that’s certainly a very exciting sort of model.

Rachel Chalmers: I’d love to know more about HBD’s other investments, and the software ecology in South Africa more generally… How does it compare with other regional hubs, like Ireland, Israel, Bangalore? Also about the relationship between Shuttleworth, HBD, Canonical and the Shuttleworth Foundation.

Mark Shuttleworth Well, HBD is a venture capital group based out of South Africa, which finds interesting companies in South Africa that have an interesting story and a potential for growth. HBD venture capital is largely run by a team out of Cape Town with relatively little oversight from me in terms of what they should be investing in or what they shouldn’t. The foundation, which is the vehicle that does a lot of the education- oriented work that I do, that gets more direct input from me.

I tend to find that I can be most productive if I focus on one or two key areas at a time, and over the last year or two Ubuntu has been the primary focus of my energy. That means that the venture capital group and the foundation have to a certain extent had more leeway to pursue what they find particularly interesting.

You’re touching on a very interesting subject – and that is, what is the relationship between a company like Canonical and a broader, free software project like Ubuntu? One of the things that we have been most careful to do has been to maintain as clear as possible a line of separation between those two. And to recognize that there definitely is room to let go of the certain amount of control of the underlying platform, in favor of broadening the pool of participation effectively. Because something like Ubuntu is better if it is something where other companies, other individuals, feel that they have a real, meaningful ability to come in and contribute. They get to shape it, they get to help set the priorities, and help make it better for themselves – and in the process, they make it better for us and for all of the users of it.

Raven Zachary: Maintaining a clear line of separation between Canonical and Ubuntu is fairly easy right now, with the bulk of the activity occurring on the Ubuntu side. How clear will the line of separation be once Canonical is generating more than $50 millon U.S. per year in services revenue?

One of the more heated debates in the Linux world has been over the relative merits of the most popular Linux desktop managers, Gnome and KDE. Ubuntu was developed with Gnome as its primary desktop environment, but Kubuntu quickly sought parity. With ordinary punters and Linux luminaries trading shots on the subject – none other than Linus Torvalds weighed in, on KDE’s side – we wondered whether we or anyone should read any political statement into the recent reports that Shuttleworth had switched his main desktop to KDE from Gnome?

Mark Shuttleworth: No, not at all. I need to maintain a fairly even perspective across the project, and we do have a lot of KDE users in the broader project and in the community as a whole. So I tend to run both.

My laptop runs a Gnome-based environment, the traditional Ubuntu environment, and that’s my primary computing environment. My desktop, which I use for development when I’m at home basically, that’s a KDE-based desktop, so I use Kubuntu on that.

And I’m also running Xubuntu [‘ZOO-boon-too’], which is an xfce-based environment, but only on a specialist computer where it particularly suits the hardware and the application that I have there.

We see the Ubuntu project as kind of an umbrella for specialty groups which have more specialist focus and they each produce a version or a flavor that’s optimized either for a country, or for a certain type of desktop environment, so I need to create space for all those different groups, but there’s no suggestion that we would shift the primary focus of what we do from one desktop environment to another.

The 451 Group was delighted to have the opportunity to present Mark’s comments here (we will post a mp3 recording of his comments in the near future, for those of you curious about what Mark sounds like). The 451 CAOS Blog – Commercial Adoption of Open Source – covers the business of open source each business day. We encourage your comments and questions.

The 451 Group is an independent technology industry analyst company focused on the business of enterprise IT innovation. The company’s analysts provide critical and timely insight into the market and competitive dynamics of innovation in emerging technology segments. Clients of the company – at vendor, investor, service-provider and end-user organizations – rely on 451 insight to support both strategic and tactical decision-making for competitive advantage.

Linux – faults and all

Fault-tolerant systems vendor Stratus Technologies has offered a Linux option on its x86-based ftServer hardware since 2002 – but it’s never really taken off, largely because it was a non-standard distribution, with all the problems that brings for ISVs, compatibility etc. Just recently, however, Stratus and its technology partner NEC have been showing off a beta version of its latest release, branded FT Linux by Stratus and (more aggressively) “Unstoppable Linux” by NEC. This time things look better. It’s based on Red Hat 4 and the Linux 2.6 kernel, and the pair have contributed their work on memory management and mirroring, device driver hardening and rapid disk re-synchronization – plus sundry quality improvements – back to the open source community.

Why do we care? There are a number of reasons. For a start Stratus and NEC have significantly lowered the cost of FT computing over the last few years by migrating to (almost) standard x86 servers. They are now in a position to start tempting the significant installed base of fault-tolerant servers running Unix systems to make a move. Those users, most of them long overdue for upgrades, have had nowhere to go until now – competitors such as Marathon Technologies at the low-end and HP’s NonStop (aka Tandem) at the high-end don’t offer a Linux option and Unix users haven’t warmed to the idea of shifting to Windows or a proprietary OS. (There are plenty of Linux clustering companies out there but 90% of them focus on scale-out clusters rather than high availabilty). Not only that, but an endorsement from an FT pioneer such as Stratus – which must live or die by the reliability of its systems – shows that Linux really can be as robust as any alternative OS that’s out there.

Part II: Canonical’s Shuttleworth on Dapper, Linux on the Desktop & Enterprise adoption

Recently, Ubuntu founder and Canonical CEO Mark Shuttleworth spoke with The 451 Group at length about Dapper, Ubuntu, and the trends and development of the open source and free software movements as they relate to enterprise information technology. Last week, we ran Part I of a multi-part series in which The 451 Group presents Shuttleworth’s comments along with insight and commentary from 451 Group analysts who cover the worlds of open source and enterprise software. These include Rachel Chalmers, Martin Schneider, Raven Zachary and me, Nick Selby.

When I got Mark Shuttleworth on the line it seemed appropriate to say thanks for the OS he supports which we use here at 451. I had moved my main desktop machine from Suse to Gentoo to a range of Debian-derivatives including Libranet and Xandros, before settling all my desktops on Ubuntu at Hoary Hedgehog, about a year ago.

Mark Shuttleworth: “That’s fantastic. We were very fortunate in that we set out to make things just work right about the same time as the [community developing the] underlying infrastructure – the kernel and the other pieces of the infrastructure – also set themselves that same kind of challenge. I think we get a lot of credit for [having done] work which was actually some fantastic work done by the broader community. We really were just at the right place at the right time in terms of stepping up to say it is possible to build a Linux desktop experience which will work in a predictable, sane fashion for people who are not necessarily … people who don’t necessarily see themselves as computer experts.

The DZ Factor…
Yet having much of the desktop ‘just work,’ as Ubuntu likes to say, still doesn’t bring substantial new enterprise users of Linux on the Desktop. As Rachel Chalmers said in her comment to Part I, “I think [Shuttleworth] is saying that the bulk of desktop Ubuntu adoption is likely to be among fellow-travelers. I think that’s true: people will choose Windows for convenience or out of laziness, Mac for its UI and Ubuntu for its righteousness.”

I’m not sure about choosing it for its righteousness as opposed to the fact that it just works, but it’s made me wonder: the vast majority of enterprise computers are folks who need a browser, email, prouctivity suite (without macro support) and calendar. What stops enterprises from imaging a nice Ubuntu (or whataver) distro and rolling out thousands of machines with Firefox, Thunderbird, OpenOffice.org and Evolution. For each machine they could save at least $239 in licensed software.

Doesn’t $239,000 per thousand such deployments interest enterprise IT purchasers?

Not so much, apparently. Our head of IT, David Zarnitzky, put it plainly: People are used to what they’re used to, and the disruptive cost of having them not be able to do what they’re used to isn’t worth $239 per user to us. Is it technically ‘better?’ maybe, but the cost of spending upwards of an hour with each person who gets a machine makes it not better.

That’s an extremely valid point. We put it to Shuttleworth: what’s the biggest barrier to enterprise adoption of Linux on the desktop in the enterprise.

Mark Shuttleworth: “The primary barrier I think is pure inertia, effectively, and the fact that you’re dealing with enormously complex interoperating systems. The advantage I think we are starting to benefit from in all of that is that, as companies and offices have become more distributed, more used to working using Internet protocols effectively as the glue that holds everybody together, to the extent that you support those protocols and are able to make employees full participants in the corporate workflow, the desktop is less and less of a particular issue.

“But fundamentally the big barrier to adoption is people’s familiarity with their way of doing things and their sense that any different way of doing things is going to be a risk to them – a risk which perhaps doesn’t make any economic sense to take on. So we certainly do see much greater rates of adoption in parts of the world which are embracing computing for the first time – the developing and emerging markets are powering ahead with Linux adoption because, for those folks, compatibility with yesterday is far less of an issue than functionality today and the ability to shape it and make it do the things that they need it to do.

“We do believe that free software on the desktop will become a reality even in the United States and Europe, but it will take longer to achieve that and it will start out in very tightly defined types of areas; fixed-function type areas rather than general purpose desktop type areas.

Rachel Chalmers: “I totally agree – never underestimate the power of conservatism and inertia, but acknowledge the fact that the biggest markets – Brazil, India, PRC – are essentially greenfield.”

Martin Schneider: “I agree that familiarity and laziness can and are huge barriers across the board. How many times have I seen a software vendor with an outdated architecture continue to sell load of products simply because the SMB space (for example) just is not willing to move wholesale to Web-based architectures? So sadly, the onus is on the makers of products like Ubuntu to make them as easy to install, operate (and inter-operate) as possible.

And I see this shift starting to happen. The one-click installation of LAMP capabilities now apparently available in Ubuntu allow users to run and get going, without having to even really know what is going on underneath. Once users can get an alternative OS (and all the necessary Web servers, databases, etc.) up and running as fast and easily as they could with something like Firefox, then we’ll see some real penetration beyond the ‘righteous indignants’ and open source zealots of the world. But the folks at Ubuntu seem to be moving in this direction with its installer buttons and key partnerships with more mainstream vendors like Sun to move beyond the evangelist phase and into the ‘let’s get this into people’s homes and offices’ phase.”

Raven Zachary: Pure inertia? I guess it depends on what inertia you are referring to. At my last company, everyone was expected to have Outlook, Word, PowerPoint, and Excel to communicate and do business (I didn’t and I got along just fine). Linux already provides tools to integrate with Exchange and Office. I don’t think the system is enormously complex, I think it’s just much easier to order another Dell for the new employee with the commercial software preloaded by an IT admin (who, by the way, doesn’t have budget responsibility or accountability to the investors). This type of inertia? Absolutely! Stick a Linux desktop in front of an HR analyst with Firefox, Evolution, and OpenOffice, and you’re not going to have a major problem on your hands. It’s just a matter of doing something different, and you just may save money in the process (the value of the HR analyst is another issue entirely!).

How Canonical Makes Money
One of the biggest questions on the minds of Ubuntu users has been, ‘What in it for Canonical?’ It must be said that no one at Ubuntu or Cannoical has been secretive about this: what’s in it for Canonical is money, though it cannot be denied that Canonical’s investment in Ubuntu has eleemosynary elements as well: it’s clearly got some mojo in terms of its unwavering support of free software. And how many Microsoft or even Red Hat employees would be encouraged to write something like, My first 48 hours enduring Ubuntu 5.04, a fairly hilarious and spot-on critique of Ubuntu’s interface, written by Matthew Paul Thomas, a Canonical interface designer. He wrote that on Shuttleworth’s dime, Shuttleworth’ time, which says much for Shuttleworth’s self-confidence. But how, specifically, is Canonical looking to capitalize on its investment? Shuttleworth spoke about Ubuntu generally, then Canonical’s sustainability model around it.

Mark Shuttleworth: “Ubuntu is in my mind the emergence of a second generation of Linux platform or Linux distribution. [It’s] built not on the idea that Linux should look like proprietary software, but that Linux should really deliver what free software can deliver. I should put that slightly differently: Ubuntu aims to deliver the real promise of free software, and that spans a number of different areas. First, we believe that the software should be highly functional and reliable, because we do believe that free software has a potential to be better quality software, that the processes that actually produce the software results in software that is better understood, better scrutinized, better tested, and so on. So we try to integrate all those processes into Ubuntu itself.

“Second, the software should be available freely, that there should be no licensing charges associated with it. And so Ubuntu is unusual in that it really is a commercial product, which has support contracts and certification agreements and training and skill certification infrastructure wrapped around it, but at the same time it is genuinely freely available: under open source licenses with no obligation to sign any sort of contract in order to use it – and that includes security updates and improvements over time. So Ubuntu is really fundamentally different from any of the other Linux distributions which have gone before it, because it takes a very strong stance in favor of what free software is all about, what Linux is really all about.

“The business model around Ubuntu is professional services oriented, so Canonical is the company which has effectively underwritten most of the development of Ubuntu – although there are now a number of other companies that actively are hitching their stars to the same wagon effectively and investing in the platform.

[More than 300 such organizations are around today: see this post for more – Ed.]

We have a very strong relationship with a broader community, which is called the Debian community, and that community has several hundred active developers in it, which means that Ubuntu has the ability to incorporate new work being done globally very, very quickly. And so we are able to present something which is very, very up-to-date at a relatively low cost in terms of the cost to produce at is a complete operating system type environment. So our biz model really is to offer efficient professional services, and keep the cost of producing the platform itself at a low enough level that we can make the whole thing support itself using professional services such as support, certification, training, and so on.

Rachel Chalmers: “Okay, that’s really interesting. Obviously Ubuntu’s wholesale buy-in to the Debian/Free Software Foundation philosophy has thrown up the best desktop distro so far: but I have to say that when he outlines his plans for Canonical professional services, it doesn’t sound like that huge a departure from what Red Hat and Novell SuSE have been doing. Is Ubuntu great BECAUSE it’s religiously Free? Now we get to find out. Hurd wasn’t.

Nick Selby: “It’s not clear from Shuttleworth’s comments here, but according to my understanding from published interviews with Canonical COO Jane Silber, I think the departure from RH and Novell is simply a matter of not locking people in to enterprise-wide contracts, allowing people to pick and choose which enterprise support they wish for specific servers. At a starting price of $750 per server, per year that could be extremely useful in running pilot programs at enterprises because it could reduce the risk to the cost of the hardware, a few hours’ installation time, and $750. That’s got to appeal to some as being a risk free way to try a hot new distro, but I wouldn’t go quitting the day job just yet over those kinds of revenues in the short term. True, Canonical seems, um, well funded. But this kind of model is also not un-imitatable: if Red Hat and Novell see it start to take off, what’s to stop them from offering it as an option as well? Then we’re back to a straight bake-off, and that same conservatism and risk-averse default position of enterprises kicks in to work against Canonical.”

Raven Zachary: Grow with care (and I believe it will). Ubuntu is on the path to become a major server distribution. Are we going to see a ‘buy now’ or a ‘download now’ button as our primary call to action in three years? Go look at Red Hat – it’s ‘buy now’. Go look at JBoss, it’s ‘download now’. An odd analogy, as JBoss is about to become part of Red Hat, but it’s still relevant (both companies have successful business models, but their level of transparency is quite different). I don’t think Ubuntu is that interesting if it morphs into a subscription business model. Why choose Ubuntu over Red Hat or SUSE in that scenario? Subscriptions sound too much like licenses (money moving from my capital budget to my expense budget).

An Ubuntu certification program was announced, and it would seem that the certification is one of the key areas behind a move towards enterprise adoption of Ubuntu.

Mark Shuttleworth: “The certification really does two things; First it allows a lot of people out there who have skills, to document those skills and to get those skills certified – there are tens of thousands of developers and systems administrators and infrastructure managers out there who are very comfortable in the Ubuntu and Debian infrastructure, but have never had an efficient way to certify those skills. So our announcement of a certification framework basically allows them to formalize their existing skills base.

“The other thing that it does do is allow larger organizations to find service providers that they can have real confidence in; it starts to professionalize the ecosystem of companies that provide professional support for Ubuntu and the Debian platforms. There are 300 companies around the wold now that have announced services based on Ubuntu or for Ubuntu. A lot of that work has largely been ad hoc and informal. So the certification is firstly to turn that into a more cohesive more traditional certified ecosystem.”

Next week, on 8 June, we’ll have comments from Shuttleworth on geographical demand for Ubuntu, localized versions, and the geographic appeal of commercial Ubuntu support. If you like or hate what you’ve read here, or have a comment to add, please register – it’s fast and free and leave us a note.

More on Sun and Ubuntu

Sun Microsystems and Canonical issued a joint press release yesterday regarding Ubuntu support for the UltraSPARC T1 processor and the related Sun server line. We touched upon this topic in part one of our interview with Mark Shuttleworth, the founder of Ubuntu, late last week.

While this news was expected, based on Mark Shuttleworth’s appearance during Jonathan Schwartz’s keynote address at JavaOne earlier this month, the press release is a more official stamp of approval from Sun to Ubuntu (and vice versa).

I think this news is significant for two reasons:

1) Ubuntu is moving from the desktop to the server space – providing a community counterpoint to Red Hat Enterprise Linux (RHEL) and Novell SUSE Linux Enterprise Server (SLES). We’ve had community Linux distributions aimed at the server market since the early days of Linux, but nothing like Ubuntu, which is less than two years old and is already the number one Linux distribution (based on tracking data from DistroWatch). There’s something special about Ubuntu, and I’m still trying to understand exactly what it is.

2) Sun is serious about opportunities to sell their hardware for use with operating systems other than Solaris (or OpenSolaris derivatives). We are seeing a true decoupling of the software and hardware aspects of Sun’s business. Sun played around with Linux support in the past, but this is different.

If Canonical puts together a strong services play for Ubuntu (as is planned), you could see Ubuntu as a major player in the Linux server market over time – whether that’s coupled with hardware from Sun, or other providers. I expect to see more Ubuntu hardware partnerships from Canonical this year.

Mark Shuttleworth Interview, Part I: on Dapper, and Ubuntu in the Enterprise

Recently, Ubuntu founder and Canonical CEO Mark Shuttleworth spoke with The 451 Group at length about Dapper, Ubuntu, and the trends and development of the open source and free software movements as they relate to enterprise information technology. In this multi-part series, The 451 Group will present Shuttleworth’s comments along with insight and commentary from 451 Group analysts who cover the worlds of open source and enterprise software. These include Rachel Chalmers, Martin Schneider, Raven Zachary and me, Nick Selby.

Ubuntu 6.06, the Dapper Drake, is scheduled to launch officially on 1 June. We’ve been running it here at The 451 Group for some months (in fact, this report was produced on it – see Open Source software at The 451 Group). In addition to its obvious desktop enhancements, much work has been done by the Ubuntu development team to appeal to a market which until recently seemed to have been beyond Ubuntu’s reach: the enterprise server.

When Shuttleworth originally suggested that the delay take place, the reasons given were to increase stability and reliability of Dapper, as well as devoting additional developer time to UI polish, to try to make Dapper stand out as a high-quality desktop operating system for large-scale deployment. While there was some grumbling of the ‘But-we-could-be-ready-in-time’ type from developers, it seemed that most people felt the stated goals were laudable, and the delay brief enough.

But, obviously, there was more to it than just making sure quality was up to snuff. While Ubuntu has versions for Intel, Mac and 64-bit architecture, could it have been that the delay was to prepare Ubuntu for another platform?

A possible answer emerged this May. At the JavaOne Conference in San Francisco, Sun Microsystems CEO Jonathan Schwartz, discussing the Linux distro which will run on its Niagara-based servers, brought out Shuttleworth (to some ooohs and ahhs) to talk about … Dapper in the enterprise in the context of Linux on Sun. Then Schwartz referred to Ubuntu as arguably one of the most important, if not the most important, distribution out there. Surely this was not coincidence, and we look forward to some concrete announcements.

Ubuntu’s Time Release Formula
Dapper had been scheduled for release on 20 April, 2006, but at Shuttleworth’s suggestion, the team agreed to delay its launch until 1 June. I mentioned to Shuttleworth that several of us had been running Dapper for some time, and that we were all impressed with its stability even in Beta.

Mark Shuttleworth: “I’m very glad to hear that … if you had significant issues at this stage we’d all be in trouble. Yes, Dapper is in very good shape. The original release date was [April] 20th; we pushed it back six weeks because we really raised the bar in terms of the level of reliability, quality assurance, testing, documentation, translation and so on that we want to achieve at release date.

“And so I’m quite excited about that – it’s the first time that we’ve done a release that can be widely considered as an enterprise quality release. That extra round of quality assurance gives us the confidence to offer three years of support on the desktop and five years on the server. So Dapper is in good shape. It is going to be a interesting challenge for us as an organization to have to speak compellingly about servers now for the first time, as opposed to desktops, where we’ve really built our reputation. But that’s very much what we’re focused on at the moment.”

Ready for the Enterprise
In terms of ‘enterprise-ready’, Ubuntu has been working on two main tracks: enterprise servers, and making rock solid and intuitive its desktop. We think that as a desktop environment, Dapper is perhaps the most sophisticated and easy-to-use Gnome-based desktop we’ve seen. It’s clear that the development team spent tons of time making laptop support as close to universal as possible – in terms of suspend with lid-close and button-and-F-key support, as well as enhancements to Red Hat’s NetworkManager to make wireless association and disassociation as painless as it is in Windows.

On the server side, Ubuntu has been spending lots of time making sure the server versions are enterprise ready in terms of stability, scalability and functionality, with support options enterprise can understand. To do that, we wondered whether new provisioning mechanisms have been integrated, or whether the Ubuntu team has have been concentrating on the QA, leaving and professional services (from companies like Shuttleworth’s Canonical) to effect deployment?

Mark Shuttleworth: “We have a team based in Montreal that is building up a support services portfolio that’s very much focused on servers and Dapper. There is, additionally, a team that’s working on management infrastructure, so providing people with a comprehensive framework to manage large deployments of servers. That won’t be released for Dapper, but all the foundations of it will be there so that Dapper will be manageable just as people have come to expect a Red Hat Enterprise deployment to be managed, through the web. We’ll deliver that same level of functionality with Dapper as soon as the other pieces of that solution are in place.

In terms of provisioning and so on, most of our focus at this stage is on the channel, and people who are in the pre-installation business, as well as on folks who are selling server-oriented equipment into the sorts of markets where we think that Dapper will be widely adopted: commodity servers, web servers database servers, directory servers, those kinds of ‘fire-up-and-forget’ type infrastructure that is not yet mission-critical, so its not yet at the heart of the business, but it is running the mail servers and the web severs and the all of that ancillary infrastructure that has become commoditized over the past ten years.

“It’s really interesting to see how changes in technology move into society and industry and become part of the mainstream. What’s particularly interesting to me about the open source and free software phenomenon is that it seems to be having almost a second significant round of impact on the technology industry. The first round of impact came in the early days of the Internet phenomenon, when it was free software and open source software that unleashed a flood of creativity, and allowed small and new companies to establish very significant Internet infrastructure very quickly.

“Today that remains the case; if you look at Internet infrastructure, in terms of web servers and email and to a certain extent also routers and firewalls and so on, much of it is dominated by products which are free software from end-to-end, or else it has very strong free software roots at the heart of it.

“That trend has continued unabated throughout the boom and bust of the dot com. Now we see that it’s very much the case that new infrastructure being created is, almost without question, planned, designed and built around components that are basically free software components.

“What is changing is the response of the very large-scale software industry to that phenomenon. In the early days of the dot com movement, free software wasn’t really threatening the established industry, but rather it was giving the established industry new ways to present itself, and to attract new customers and so on. It wasn’t like free software was attacking the large software industry, it was as if the free software industry was creating the industry of Internet infrastructure.

“Today though the emphasis is starting to shift, because almost all of the the large software companies are seeing that users of software are starting to re-evaluate where they buy their software, and which software they buy, because of forces that have been unleashed by the free software movement.

“So for example, I think Oracle’s repositioning itself towards the higher end of the application space – with the acquisitions of PeopleSoft and other companies – is very much aimed at getting out of the commodity database space. They do have the very interesting acquisition of InnoDB, and they have talked about other operating system acquisitions, but fundamentally, most of their [M&A] activity has been about getting out of anything that can be described as a commodity.

“On the flip side I think we’re seeing Microsoft and other companies trying to shift the emphasis towards relationships and subscriptions – such as XBox live, and that home-entertainment, media type of experience – and away from software as a critical piece of infrastructure because that’s all becoming commoditized.

“So we see that trend absolutely continuing: anything that can be commoditized is going to become commoditized, and we see end-users becoming increasingly comfortable with the diversity that that brings. For example, in the consumer space, people are very protective about the desktop, but they’re not at all protective of the smart phone. So consumer adoption of Linux on the smart phone is enormous — people are absolutely willing to accept the idea that they might use new tools, new pieces of software, new user interfaces and so on, as long as you don’t threaten certain key applications that they’re comfortable with, that they know and trust.

“But we see even that traditional stronghold – the Microsoft Office stronghold – even that is becoming vulnerable, just because people are consciously aware that they need to retrain and embrace new ways of working.

“There are two big things coming down the pike in the traditional office space. First is the whole Web 2.0, ‘will-the-web-replace-the-desktop’ sort of question, which we don’t think is the case but it is certainly forcing people to acknowledge that maybe they will end up using office software in a completely different way.

“And second, the fact that Microsoft themselves have said that they need to reinvent in a profound way what the office suite is all about. We think that they will likely take on some big challenges in that respect, both around collaboration and around the user interface experience.

“Which means that people are going to be relearning and retaining in any event, so we see that as an indicator that this wave of change is ready to move very much from the back office, where it has been pervasive over the last ten years, to the front office which is towards peoples’ desktop computers.

“I hope that sets the scene: We really believe that now is the right time for open source and free software to be establishing a strong foothold in the consumer desktop and office type environments, and Ubuntu is a response to that – positioned to be offering the right things to the kinds of people who understand free software, and deploying it in the most effective way possible, either at the enterprise level or at a personal level, both in a desktop type environment and potentially also in a more consumer type application, a more embedded type application.”

Clearly, Shuttleworth’s a very interesting guy. We have lots of questions, though as the comments below begin to note. For example, what specifically about Dapper makes it the first enterprise-quality release, and the first to earn 3/5 years support? Just the QA? Extra features? The shot at server adoption? We’ll discuss this and more here and in other areas of the blog in the coming weeks.

On 2 June, read Shuttleworth’s comments on Ubuntu on the desktop, and Open Source and Free software in the US, and around the world.

From Rachel Chalmers
Regarding the trend towards free and open source software in infrastructure, maybe – it depends on the infrastructure. Tangosol, for example, a J2EE data grid startup, is defiantly closed-source and intends to remain that way. A lot of management and analytics companies take a similar approach. Anything math-intensive can still be patented and held as trade secrets, and the open source community isn’t especially quick to reverse-engineer such tools… Won’t this affect Ubuntu more and more as it heads for the enterprise server?

On Oracle and its acquisitions of PeopleSoft and InnoDB, you can use BEA as a counterexample. You don’t necessarily have to move up the application stack, you can also move out to new architectures, particularly SOA. The giant ISVs have their own huge operating revenues and cash reserves, which makes them far more resilient than I think a lot of entrepreneurs realize… BEAS and ORCL will be formidable competitors for a long time to come, and both are gradually embracing open source.

Regarding Microsoft trying to shift the emphasis towards relationships and subscriptions and that home-entertainment, media experience, that’s part of what Microsoft is doing, but it’s also selling dev tools and middleware into the enterprise in a way it never has done before. Dapper Drake’s going to be running in a lot of places that might otherwise be running Windows, and vice versa…

And I think in the cases of both Microsoft/Linux and Office/Web 2.0 this is an oversimplification of what’s likely to end up being a complex series of alternating battles and accommodations, ending with uneasy co-existence. We see this in our own company, where everyone’s writing stories in Word for Windows (or Word on Mac or OpenOffice on Ubuntu), then publishing them to the Web via a Linux server to be read by vendors, I-bankers and a growing number of end users…on their Windows machines.

I think his last point is sensible – I think he is saying that the bulk of desktop Ubuntu adoption is likely to be among fellow-travelers. I think that’s true: people will choose Windows for convenience or out of laziness, Mac for its UI and Ubuntu for its righteousness.

From Raven Zachary
Is Ubuntu shaping up to be a strong Linux server play? If that’s the case, we could see a community counterpoint to Red Hat and SUSE. Sure, there’s a ton of server distributions out there already, but the community seems to be supporting the idea of a primary community distribution, based on the impressive growth rate of Ubuntu. Fragmentation (“choice”) can slow down adoption.

Shuttleworth on stage with Schwartz at JavaOne isn’t primarily about snubbing Red Hat, as much as it could perceived as such. Sun isn’t the first server vendor to stand behind Ubuntu and this type of support is going to accelerate the use of Ubuntu as a server OS (much earlier than I thought it would).

When he says that he has a team up in Montreal working on a support services portfolio, is he talking about the commercial aspect of Canonical’s business model or is he talking about a partner? With the rate of adoption that Ubuntu is enjoying, I could a see a good business from Ubuntu support right now.

The database space is far from being a commodity in the mainstream. Enterprise users I am talking to aren’t replacing Oracle on critical systems, nor are they even considering it. Read-only databases, development, internal applications, non-critical systems – sure. But not the core…yet. We’re pretty early on when it comes to enterprise database migrations to open source. I do agree that there is more commercial longevity in the application space, such as PeopleSoft.

I think we still have a few years to go before Linux as an enterprise desktop OS gains much traction. A lot of people have been talking about Linux as an enterprise desktop OS for a long time. Yes, we’re getting closer, but I think we’re seeing now that it’s not a technical hurdle, but a cultural hurdle. The enterprise is highly dependent on Windows. That’s a slow ship to turn. When I do hear about Linux as an enterprise desktop OS, it’s in Europe or in the BRIC countries (Brazil, Russia, India, and China).

From Martin Schneider
I would agree/disagree with his application hints re: oracle. Yes, they are branching out from core Db sales and have been for many years, but to say that large CRM and ERP apps are not able to be commodified is kind of misleading. Yes, they are highly customized at the deployment level both vertically and for biz size etc. (maybe he means retek/profitlogic when he says this) and yeah there is more “mixing and matching” when a rep sells large software packages versus just selling a static dbase on a per server/cpu basis– and Fusion will only further this. But, the services are where it’s at in terms of incremental bucks, and until we see huge services gains (and see the services arm of Oracle become a major profit center) I am not sure that Shuttleworth’s comments are 100% on target, just yet.

From Nick Selby
From a security standpoint I think that Ubuntu has been perhaps better fished-out than most other distros at the same point in its existence, and it benefits of course from the years of Debian development. I’m waiting to see the first security product which is based on a stripped-down, hardened version of Ubuntu – don’t laugh! Sure, most security vendors start either at kernel.org and building up or Red Hat (like Securify) or SUSE (like Astaro) and tearing down to harden, but there have been some surprises out there. I know of several security vendors with hardened Debian at their heart (TriGeo Network Security comes immediately to mind) but it’s interesting to note that Barracuda started with, wait for it, Mandrake. It’s not inconceivable to me that the rapid and widespread development, the QA and stability associated with Ubuntu might attract some Linux-based appliance vendors targeting small to mid-size enterprise to start at Dapper.

Where the GPL Fails

The Kororaa project, a binary installation of Gentoo Linux, has received a note that it may be in violation of the GPL, as the project includes proprietary binary video drivers from ATI and NVIDIA along with the Linux kernel, released under the GPL. The post on the Kororaa site does not indicate whether the note was sent by the Free Software Foundation (FSF), but I suspect it was just a member of the community who believed that she or he was doing the proper duty as a member of the open source community.

News.com had a piece about the issue of proprietary software within Linux last month entitled “New Linux look fueled old debate“. In the article, I was quoted as saying “If Linux expects broader vendor support, the community needs to capitulate to proprietary software involvement,” which I still firmly believe.

What does the Linux community want more – proprietary hardware support or strict licensing requirements? Without proprietary video drivers, Linux has limited chance of being a platform for graphics-intensive applications. Sure, community drivers can be developed, but not for the high-end market. ATI and NVIDIA risk competitive exposure by releasing their drivers as open source. For them, Linux is a business opportunity, and the Linux community should be pleased that they are writing drivers at all, even if they are only available in binary format.

Open source is not an all-or-nothing proposition in 99.9% of the cases I’ve seen. Where it is strict, tends to be politically or philosophically motivated by the individual, not the enterprise.

Open Source & Free Software at The 451 Group

Open Source & Free Software At The 451 Group

When we talk about the model of open source and free software in the enterprise not being a zero-sum or all-or-nothing endeavor, we’re pointing not just to knowledge gained through our regular discussions with vendors, but also to our own experience. The 451 Group is not a large enterprise, but we share some of the same pain points as large enterprises: we have forward-facing servers, a complex intranet, geographically disparate offices and a highly mobile workforce.

In the interest of furthering the conversation about open source and free software, we thought we would share our experiences with a hybrid of open source, free and proprietary software. We don’t think we’re doing anything cutting edge, and that’s precisely the point: as an organization, The 451 Group has determined that the open source and free software it uses is stable, predictable, tested, supported, documented, updatable, secure and, if not enterprise class, certainly by any objective measure, business class software.

The 60 or so employees of 451 work at our offices in New York, London, Boston and San Francisco, plus telecommuters from around the country. Those employees almost exclusively run Windows, but there are some exceptions. I run Ubuntu (Breezy and Dapper) Linux on the desktop and maintain Gentoo and Engarde servers; Open Source Practice head Raven Zachary runs Mac OS X on an Intel dual core machine and Ubuntu, Fedora Core, and Windows under Parallels; Editorial Director Lee Bruno uses a Mac OS X Powerbook and our IT support staff run SUSE Linux on one of his two desktops – the other, his main work machine, runs Windows.

As an organization, 451 does not support the use of anything on the desktop other than Windows. That’s not to say that it’s not permitted (all those non-Windows users mentioned above are running company-owned machines), or that IT won’t offer unofficial help. But it does require that employees wishing to use a non-Windows OS are capable of doing it without hand-holding. Basically, we’ll let you run what you want so long as you don’t go crying to IT every time you want to type a letter or check your email.

On the desktops, most employees run Microsoft Office, and most also run Mozilla Firefox as the main browser. Gaim is used as a chat client, and several analysts use Thunderbird on Windows. Very few run Openoffice.org on Windows.

My desktop is the traditional Ubuntu Gnome environment; I run Sun Java 1.5 and use Jedit as my main text editor, plus Openoffice.org, Thunderbird mail, Firefox, Gaim and other typical Gnome apps.

Our servers run Red Hat Enterprise server and CentOS. Our main servers run LAMP stacks to run the 451 Group’s content management system. One of the most important the benefits of running LAMP on our systems is the fact that we are not stuck with any vendors to modify the code of our content management system.

The 451 Group’s in-house programmers develop and expand our site using PHP and store our content using the Open Source db servers MySQL and PostgreSQL. We’ve found that the configuration is very efficient, and runs without a hitch – our public website has been up and running for almost a year without a reboot on that machine. Our internal and forward-facing blogs are run on WordPress, which was fast and easy to set up. Similarly our Calendaring system for internal scheduling runs on Plans, an open source application which runs on Windows and Linux.

We use PHP based H2desk help desk trouble-ticketing software from Heathco Software (Heathco also makes a seriously excellent PHP-based website search engine which I have used on several sites).

Email and Open Source
Our email server comprises Qmail, Courier-IMAP, Clamav and SpamAssassin. Prior to the migration to that platform, we used POP and sendmail for mail delivery, but that afforded us no central mail storage or management. We chose Qmail because it is reasonably secure, and fast compared to Sendmail. Support of maildir folders was a very important consideration in our selection of Qmail and Courier-IMAP (if you’re curious about some of the advantages of IMAP over POP, have a look at this).

When spam messages spiked at 120 per day per user, we selected spamassassin. While the out-of-the-box spamassassin configuration is okay, it was insufficient to stop the amount of spam we were receiving. We tweaked the SpamAssassin configuration, adding Vipul’s Razor, Distributed Checksum Clearinghouse and special spamassassin rules imported from Rules Emporium. The resulting combination cut our spam by 98%. The small amount of spam that still gets through gets manually added into a special mail folder, where Spam Assassin’s Bayesian analysis feature indexes and adds it to its database for future recognition. It is worth mentioning that, to date, no employee has reported a false positive, and we haven’t had to upgrade our existing setup which was installed a year ago.

Email virus scanning
All inbound email is scanned using a copy of Clam-AV which was compiled from source and configured for fast scanning. Contaminated messages are inoculated, labeled as having contained a virus, and users can delete or ignore them. Automatic updates are run hourly against the ClamAV servers for new virus definitions (Evgenny Kaspersky poked fun at me for this: ‘Ah, Clam,” he said. ‘We’ve been clean for a year,’ I said. ‘That you know about‘ he said.).

Some of this is hard to set up, but any business of this size simply must have someone capable of doing this. The cost of my not running MS Office, Adobe Acrobat and Photoshop alone could pay for someone to configure everything I’ve mentioned above, provided I installed everything myself and don’t ask for support. And the good part about this setup is that once it’s installed, it needn’t be touched, sometimes for years – except for patches and upgrades.

With a highly mobile workforce, browsing the web and checking email from unsecured public networks necessitates either a VPN or, for us, tunneled connections and a Squid proxy. Freely available tools, like dsniff, tcp dump, ethereal and other network sniffers are routinely used by malicious folks of all skill levels to collect data like user names and passwords, URLs, text messages etc for fun or profit. To protect against this eavesdropping, we provide the capacity for remote users to create multiple tunnels for email – allowing analysts to connect to our servers from public wireless networks without sending passwords or messages in clear text. A connection is made to one of our servers where our OpenSSH server authenticates the user and allows them to login. On Windows machines we use Putty to create tcp tunnels to our mail server. Users don’t have shell privileges on the servers, which reduces the risk of maintaining this service.

Our mobile workers also need to enter important data into our content management system, via SSL. For other web traffic, we maintain a Squid open source proxy server to tunnel HTTP traffic and browse the web securely.

Remote Support
With such far-flung offices, remote tech support is a necessity. Open source applications and free software tools like Tight VNC tunneled through SSH have allowed The 451 Group to provide this.

We’ve tried to find open source methods to allow us to perform backups of laptop computers, but it’s been a challenge. Linux backup utilities can be complicated, but to be fair, Windows backup products come with challenges of their own. Eventually our programmers devised a fairly basic batch backup script which has effectively backed up machines without user intervention. Our NAS box runs a Linux kernel and SAMBA for NETBIOS.

PDF creation
In order to create Adobe Acrobat-formatted documents, we standardized on the open source PDF creator, a great tool that helps us print word documents or webpages and save the output to a PDF file. I use the standard *nix utility ps2pdf as well.

–Many thanks to 451’s Systems and IT Support Engineer Marco Maldonado for his extensive contribution to this post

Linux on Wall Street

I’m at the Linux on Wall Street Conference today in New York City. The web site lists the conference as “Linux on Wall Street”, but the show guide prominently displays “Linux/Open Source on Wall Street” – a sign of greater diversity. While the exhibition area is dominated by Linux hardware vendors and the big guys (IBM, HP, Intel, Red Hat, Novell, Unisys, Dell, Cisco), there are also a few software vendors – CollabNet, Sybase, Black Duck, ActiveState, and SourceLabs, to name a few. SpikeSource and JBoss are here as speakers, but not exhibitors (I’ll go check out the Red Hat booth and see if there are any JBoss folks hanging out). This one-day conference is in its 4th year.

Linux conferences and magazines are highly dependent on hardware vendors as sponsors/advertisers. What is going to happen in 5-10 years when virtually everyone has migrated to commodity hardware and the new customer acquisition phase is mostly over? Yes, people will continue to upgrade, but I don’t foresee this level of marketing for customer retention. Will services and software vendors pick up the slack, or will we see a reduction in vendor spend as I saw first-hand at LinuxWorld in Boston?


As we’re working our way through the world’s Linux distros – see comments to Raven’s post a few days ago for interesting discussion about Miracle Linux – thoughts of some have turned to Ubuntu. Wonder what Mark Shuttleworth would have to say about that? I think we’ll find out soon enough.
And here’s a good roundup of recent goings on by Lisa Vaas of eWeek.