September 2005

I had my first experience being on a radio program this morning. I was invited to the Thom Hartman show on KPOJ 620 AM to talk about the Bus Project and their upcoming visit today here at the OSL.

Radio moves fast. You have to be focused and ready to hit your points. Fortunately Jefferson Smith was along on the program with me before and he really had it down. I added a few bits but I’ll tell ya Jefferson did a great job getting in so many points on the air about GOSCON the trip today and just open source in general.

Feel free to listen to the interview and make fun of my less-than-experienced Radio ways …

I’m excited to let folks know that the Bus Project will be headed down to the Open Source Lab on Friday September 30th, 2005 (this Friday). The Bus Project is a grass-roots political activism group based out of Portland, OR.

Several months ago I offered up to the POSSE folks to visit the OSL. Well, they recently teamed up with the Bus Project to make a trip of it. The goals of the event will be to tour the Open Source Lab and see what we’re up to as well as raise awareness of open source and why its a “good thing” to local legislators. Finally, we’ll be talking a bit about Government Open Source Conference and what we’re trying to accomplish for the public sector.

It looks like we have some great local legislators lined up (the folks that brought us Oregon’s first open source bill should be in attendence) as well as some press to hopefully promote the event and GOSCON.

If you’re interested in “getting on the bus” get in touch with David Pool or get in touch with the Bus Project directly.

It’s really frustrating to see spin making “news”. David Sykes, the Symantec Australia Managing Director stated in an article in the Australian IT that “the time from the announcement of a vulnerability to its subsequent patching had ‘blown out’ to 54 days … ”

I love spin. The title of the article (”OSS Means Slower Patches”) makes me think “gee, all open source must have a slower patch cycle.” Okay, so, where is the evidence? When one says “blown out”, they usually have a point of reference … blown out from what?! The answer to this one is pretty simple and they clear it up in the article: “Symantec had not published previously statistics on the average time required to produce patches, but Mr Sykes said data showed the lag had previously been about 30 days.” Ahh, well, we’ll just take your word for it Mr. Sykes … you simply have no motivation in the matter.

The next quote just cracks me up: “Mr Sykes said the increasing popularity of open source software, such as the Mozilla Foundation’s Firefox browser, could be part of the reason for the increase in the gap between vulnerability and patch, with the open source development model itself part of the problem.” Ahh, right. This also makes complete sense. Afterall, we all know those lazy lots over at Mozilla don’t do a thing when a vulnerability is announced. “We’ll get it with the next service pack” I often hear them say. Not. C’mon, really? Is this Sykes guy for real?! Or is his head in the sand? The Mozilla Foundation is the most vigilant at responding to security vulnerabilities; far better than their rivals in the matter.

The one bit … the tiniest shred of truth in this article (and thus the horrendous spin on it) comes from one simple sentence: “In practice, large companies with around 10,000 employees were now looking at 50 days between vulnerability and the installation of patches across systems” Sykes said. Bingo. Now there is a statistic that I can reckon with. I’ll be the first to admit that managing Mozilla’s applications on an Enterprise scale is a bit difficult but not impossible. It is the same problem that organizations have with rolling out and updating any application that isn’t tied to the Enterprise update schedules and mechanisms. The fact is, Enterprise is still trying to figure out how to roll out Firefox and OpenOffice and keep it managed across their environments.

All that being said, we can see the spin. Firefox gains popularity. People start installing it across the Enterprise. People don’t pay attention to the nagging little red icon in the upper right-hand corner. People don’t upgrade. Yep, that sucks. So spin it. “OSS Blows Chunks” or “OSS Users are Doomed” or even “The End Cometh”. Yeah, that makes sense.

Through all the nonsense and spin there is the truth. The update mechanisms in open source software are maturing at a phenomenal pace. Windows Update is nice but what about all of your Linux or Mac users? The anser isn’t “sucks to be them”.

The spin merchants will peddle their wares and the open source community will continue to work diligently towards a better software stack that doesn’t suck.

We’re excited to announce that hera.kernel.org (aka master.kernel.org) has arrived at the Open Source Lab.

The machine was flown up from California where it had been hosted for the last several years at Orion Multisystems and had been moved to the OSL for access to increased bandwidth. We’re more than excited to have it land (literally) with us. Update: the other reason for the move was so the OSL could provide backups for this important machine … thanks Nathan.

Of course we have pictures of the actual event and you can follow along at home by watching the bandwidth graphs (hint: these are pretty boring).

Kees Cook came down from Portland to help get the machine up on the network. He even stayed for the 5th annual “Geeks and Steaks” (more to follow on that later). Thanks for the visit Kees … we look forward to seeing your mug around here more often (although not because things break).