Tuesday Mar 23, 2010

Oracle Announces Latest Release of Oracle® Berkeley DB

Anybody still have doubts as to Oracle's commitment to open source? They just announced the latest release of Berkeley DB with support for Google Android!

And a new SQL API based on SQLite...

This is looking very good!

Wednesday Jan 27, 2010

Selecting your processor : SPARC or Intel?

Usually I don't directly point to an article somewhere without having significant things to say about it... but this time will be an exception because my colleague Karim Berrah definitely hit the nail with this one.

Have a look at his blog entry on this subject and ponder your next choice more wisely now that you have many more elements to base your decision on.

Wednesday Jan 13, 2010

Can government clouds be any other way than full of open source?

These days, I keep reading how open source will be everywhere in government clouds, and how this is, for some strange reason, something that is new to everybody on the planet, or should be.

The thing is... look around! Most of the cloud computing technologies that we are going to be using in the years to come is directly, or based on, open source. This is not really news, since you can really consider cloud computing to be an evolution towards very high dynamicity of what we've been doing in the past up to now. And the result of what we've been doing is a huge collection of fantastic open source software. So fantastic, actually, that in the European area, in particular, open source is really what is driving the government IT business.

So of course, it seems logical that all the solutions for developing networked based applications (call it client-server, grid, 3-tier, SOA... cloud... you name it) is the basis of what we're now seing put in practice to build the clouds of tomorrow. Or the clouds of today, actually.

Yes, some new technology has appeared, in particular around provisionning, since that is one of the key differentiators between the N-1 iteration (SOA) and the current (Cloud) of our computing model. But even that new technology is very often open source itself.

Cloud computing is a world of open source. Which is interesting because there's a lot of money to be made there. It's a world of services, integration, very fancy support models... all that is needed to deploy mission critical applications.

But because cloud computing is using open source, not only do clouds offer the means to scale from zero to very high loads in just moments, but they also offer the means to start at zero with zero software costs, and then you scale your costs from services / consulting at the start to full-fledged 24x7 enterprise-class support when your cloud becomes a production machine with revenue, or any other source of value (homeland security, education of the populations, taxes management...)

So yes, government clouds (and any other clouds) will be based mostly on open source technology. We shouldn't be surprised. We had it comming, for quite some time. And it's a good thing.

Friday Oct 23, 2009

Evil maids attacking? Nothing new. Really!

So, I've been reading Bruce Schneier's blog on the Evil Maid Attack. He's falling to one of the behaviors he usually criticizes. Just a new holywood industry plot for something not really new, not really changing the world.

The thing is... The assumption is that thee attacker has access to your laptop. Which has always been an issue. Inserting a keylogger into your hardware (keyboard cable on a desktop, or a bit more subtle on a laptop, but nothing beyond the capabilities of your typical spooks) and you get the same access to all keystrokes, including those for the passwords to the encrypted disks, firefox datastores, and pretty much anything else.

So appart from having a fancy name... nothing new.

It's like Java... If you let an attacker change your bytecode loader / verifyer... yeah, they break your system. But then again... it's not really running java anymore at this point.

Same here... if you let an attacker change the behavior of your machine (hardware or software) then you're not really running your machine anymore at this point either.

Sure, multi-factor authentication is the solution. But "Evil Maid Attack" is just a fancy name for something not really new.

Thursday Oct 22, 2009

2020 FLOSS Roadmap version 2009 is out!

So the new version was published and announced about 2 weeks ago, right after the Open World Forum in Paris (quite an impressive event, with a very interesting speech from Mark Shuttleworth). Check out the new (2009 edition) of the 2020 FLOSS Roadmap! Very interesting reading!


Friday Oct 16, 2009

You know you've been using OpenSolaris too much when...

... when you start typing "pfexec" in Linux instead of "sudo" and wondering why it doesn't work.

Time to "alias pfexec sudo" for me. :)

Thursday Oct 15, 2009

Oracle Beehive and IRM

Just out of the session at Oracle Open World on Beehive and IRM. I think these 2 products make a fantastic combination. The capability of sharing extremely sensitive documents between users is known for a long time. My friends at Cyber-Ark Software have been doing it for quite a few years now.

The issue I have with this Oracle combination is that it is windows targetted. The IRM client/plugin for desktop, which provides great functions like preventing copy/paste, printing, re-saving the documents, only runs on Windows...

In Europe, where many (if not all) of the governments are progressively moving to open source (Linux desktops, OpenOffice.org productivity suite...), this basically locks them out of that market.

Last day at Oracle Open World

The first session I listened to today was about security coding best practices. It was interesting to learn that Oracle finds 87% of their security bugs internally, 10% through customers finding them, and 3% from external non-customer sources...

I can't help but wonder how many more, and how much faster, they would find, were they to open source the software. :)

Our history at Sun has shown us that open sourcing our OpenSolaris operating system definitely increased the code quality by helping us find, and correct bugs (including security ones) much faster.

Monday Oct 12, 2009

Second day at Oracle Open World - Exhibition floor and public sector

So today's my second day on the conference. So far, it's enlightening. 

The exhibition floor opened today. It's huge. It's in Moscone South AND Moscone West. Will the conference still fit in Moscone next year? :)

On the floor, I saw my friends from Cyber-Ark Software. Pity Udi Mokady, their CEO wasn't there. It's always a great opportunity for an interesting discussion when we meet. These guys have a great solution for sharing with extreme security information between people / entities.

I also attended a general session on Oracle in Public Sector. I and several other people left in the middle. Comments I heard (and share totally) included "this is useless, it's only focused on North America". Pity for a session that was not labled as being focused on only the North American market (1/3rd of the world market)... The speaker then details the multiple tracks focused on public sector... and they are all US centric. Oh well... I DO know Oracle has a global public sector team. They just don't give that idea here at Oracle Open World.

On a side note, I'm playing with a social networking tool called Aka-Aki... run it on your mobile. It tells you who's around... and you can chat, hook-up. You post your status there, it updates Twitter, which updates Facebook, which updates Plaxo... you get the picture. It's very popular in Europe... but for some reason, I seem to be the only user in San Francisco city most of the time. The only user the system has identified in the region is in Fremont... not really walking distance. Pity, as it would have been fun to meet other users. There has to be at least a few geeks at Oracle Open World. Come on, geeks of the bay... Try Aka-Aki! Find me there as "ggravier". :)

Sunday Oct 11, 2009

My first day at Oracle Open World

OK... And officially my first Oracle related post. :)

So, today was the first day of Oracle Open World. I'm rather impressed!

First, this morning, at the SaaS / Cloud computing session of the partners' track, I learned that Oracle has a new SaaS focused sales model where you pay as you grow. Let's SaaS providers buy a (from a limited number of Oracle products) licenses in volumes that grow with their business. They can buy small, when they have small numbers of customers... and then, when they grow their business, they can increase the number of licenses... this is a great step in the right direction, and probably a response to the open source "pay at the point of value" model where you don't pay at all to begin... but only pay for support when what you have becomes mission critical and you need to be sure that it works... Let's see how far Oracle pushes that model... but I like the beginning.

Next, this evening, was the general keynote session. What a blast! It felt like the good old days of Sun Microsystems. All the keynote was done by Scott McNealy except a small part by Larry Ellison. Scott even did 2 of his top-10 lists. Lots of laughs in the room. Many serious points. Great review on Sun's track record at innovation... and James Gosling even came on stage. Then Larry stepped up and talked about his plans for the future, more investment in Sun's key technologies (SPARC, Solaris, MySQL) and how the combination Sun + Oracle is a fantastic opportunity for changing the IT world. We're going to kick serious ass. In particular IBM's, which seems to be very (legitimately) afraid. Competition is going to get very fun. In particular given the performance numbers we're announcing when we put our strenghts together.

I'm impatient to see how this will all evolve, and I have to say, I'm keeping very attentive to what Oracle's strategy for pushing (or just using) open source will be. Sun's a big advocate of open source. I hope Oracle will be just as active an activist! But I'm optimistic!

Let's go kick some big iron ass in the IT world!

Saturday Sep 26, 2009

Content aggreagators... without our permission...


You may be reading this article from a site called ekschi(.com) ... If this is the case, note, and be aware that they are copying content directly from http://blogs.sun.com/gravax/ without my explicit (or even implicit, as far as I know) permission. We encourage you to read the original article directly on our blogs where they were written. Point your browser to http://blogs.sun.com/gravax/ for the original content you found on ekschi...

Tuesday Sep 22, 2009

AutoCAD Map 3D on Sun Ray - Geospatial in an ultra secure environment

I've been working with my colleagues at Autodesk, and we've come up with a very interesting way to run AutoCAD Map 3D (their geospatial solution) on our Sun Ray terminals. AutoCAD Map 3D is the only AutoCAD version that is certified on Citrix. This means that it's used both by people who need the geospatial features, but also the vanilla CAD features of the standard AutoCAD product.

What we've done is simply set up AutoCAD Map 3D and Citrix XenApp server on a Windows 2003 machine (running on really fancy Sun x86 hardware, of course). Install according to Autodesk's installation guide.

Then we set up a Sun Ray server (you know, Sun hardware - sizing guide here, Sun Ray Server Software) on which we installed the free Citrix native Solaris client. Install using Sun's installation guide. And then got a few Sun Rays.

Voila. Worked. Out of the box.

Now  the result is a very secure environment. The Sun Ray terminals have no hard disk, no local state... nothing of value to steal should an employee decide to walk away with one. By default, the USB port on the device isn't configured to enable USB attached storage to work, so impossible to copy data or insert viruses either. This is perfect for very sensitive environments.

But going beyond that, you can configure the system a-la SNAP, by turning on Solaris' Trusted Extensions, to boost up the security to military grade (EAL4+ certified), with segregation of hardware, network, data, processes... even your windows on the terminal have different security levels and it's not possible to copy from a high security level window (say your geospatial application) to a low security level (say a web browser on the internet) without approval by, e.g. a security officer.

Want to make it even more scalable, move the database store (MySQL - which includes geospatial extensions natively - or Oracle) to one of our Thumper-class machines... CPU and disks all in one box...

This is probably the most convenient, and lowest cost-to-manage solution for running AutoCAD Map 3D today. And you get all these benefits thrown in as well! :)

Monday Jun 08, 2009

Microsoft's unremovable add-on to Firefox

See, this is why I think we should all be extremely careful when it comes to using Microsoft software.

Recently, one of the Windows updates resulted in an add-on being, well, added, to Firefox. This happened with the Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009.

First, I'm really upset that this didn't ask my permission to add the Firefox add-on. That alone is enough to break whatever confidence I had left in that company's way of dealing with user's property.

Second, when I realized what was going on, and that there was a significant security risk to that add-on, I decided to remove it. Unfortunately, Microsoft decided that I'm not supposed to remove that add-on. Maybe they think they know better than me. As a result, the add-on's uninstall button is greyed out. The only way I found to remove it was to follow the instructions on Annoyances.org.

Just to make sure this is really clear, I'll repeat those instructions here :

  1. Open Registry Editor (type regedit in the Start menu Search box in Vista/Windows 7, or in XP's Run window).
  2. Expand the branches to the following key:
    • On 32-bit systems: HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Mozilla \\ Firefox \\ Extensions
    • On x64 systems: HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Wow6432Node \\ Mozilla \\ Firefox \\ Extensions
  3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
  4. Close the Registry Editor when you're done.
  5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
  6. Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
  7. Right-click general.useragent.extra.microsoftdotnet and select Reset.
  8. Quit Firefox (or else step 10 won't work)
  9. Open Windows Explorer, and navigate to %SYSTEMDRIVE%\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation.
  10. Delete the DotNetAssistantExtension folder entirely.
  11. Restart Firefox
  12. Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.

Now repeat after me : "I don't trust Microsoft to want the best for my PC... ever. I am convinced that many more times in the future, they will resort to this kind of behavior and install code that poses a risk to my machine without asking me and making very sure I can't remove it easily".

If you have to use Microsoft software for specific tasks (I have to), be extremely careful with what they install on your machine without telling you.

If you want to be able to trust your machine, use an open source operating system such as OpenSolaris or one of the Linux variants (I like Ubuntu). But don't even start thinking you can trust Microsoft with your machine. They just proved to the world it's a trust incorrectly placed.

And while you're at it, ditch MS Office... go for OpenOffice.org. You're better off from a security perspective... and already all set to send and work with documents that all major governments are starting to define as their standard format.

Wednesday May 13, 2009

HADOPI - Maintenant on fait quoi?

Bien sur, on continue a luter!

D'abord, le processus n'est pas encore fini... et il reste de nombreuses etapes. C'est clair que cette loi est mauvaise. Elle ignore une bonne partie des mecanismes existants de telechargements et de partages. Elle oublie, de plus, que la plus part des outils P2P modernes sont en train de recevoir (ou ont deja recu) des fonctionallites de dissimulation (cryptographie) et d'anomymisation (Tor, ou IP2)...

De plus, elle stigmatise un protocole (BitTorrent) qui a des utilisations tout a fait legitimes par l'industrie (Sun Microsystems met a disposition ses logiciels OpenSolaris, OpenOffice.org via BitTorrent pour realiser des economies majeures de bande passante).

Enfin, elle place la France en porte-a-faux avec la legislation europeenne. A ce sujet, je me demande si il ne serait pas possible a une association, disons, par exemple, l'APRIL (Frederic, tu lis ceci?) de mettre en place une structure (des avocats, du conseil, peut-etre meme du financement) pour qu'un internaute "puni" par l'HADOPI puisse simplement remplir un formulaire et se voir mis a disposition une assistance et une procedure simplifiee pour porter sa plainte directement aux autorites europeennes...

Alors? Quelle sera la prochaine etape pour combattre cette loi inutile, retrograde, archaique, et injuste? :)

Tuesday May 12, 2009

Why closed, proprietary platforms are to be avoided... whenever possible!

Those who know me know I am very much against Apple's commercial behavior. With the iPod, they sell a closed, proprietary platform, which is bad enough, but they also completely control what you can put on it.

The following article explains what happened to an author who wrote a nice application, and, after some updates of it, saw it banned from the Apple Store.

 Apple basically has right of life or death on the software you write for their platform. Even if they don't really understand what it does (the article explains why this is the case)...

Of course, you can always jailbreak your phone (which I recommend anybody stuck with an iPhone do as soon as they can) but this voids guaranty, and some may not like it...

I chose a phone with a truly open platform : Symbian OS. Open Source. Easy to write code to. And anybody can install what they want on the phone. And it's stable! Ditch your closed phone platform. Get one that is desgined with 21st century principles!




« February 2017