Monday Nov 02, 2009

Meet up at the Government Open Source Conference

I'll be joining a number of government customers and some of my colleagues from Sun at the Government Open Source Conference (GOSCON) this Thursday.  Join me, Dr. Harry Foxwell (published author of "Pro Opensolaris") and Bill Vass (Sun Federal President and COO) at the Reagan Building in downtown Washington D.C on November 5th.

Sun is a leader in open source development communities and we have a wide variety of very popular projects including MySQL, Glassfish, Java, OpenSolaris, OpenOffice and more.

See you there.

Wednesday Jul 22, 2009

Open Source and the US Government

Sun has long been an advocate in the use of Open source software in the government (both US and abroad).  In fact, Sun Federal President and COO Bill Vass has created a series of blog entries about why the government can benefit from open source.  These reasons include:

Now, Sun and a broad array of industry giants have created the Open Source for America Consortium. In addition to Sun, founding members include Oracle, Google, Red Hat, Gnome foundation, Mozilla, Collabnet and others.  The board of advisors includes a number of industry and government luminaries that I've had the pleasure of working with in the past including:

  • Dawn Meyeriecks (formerly of DISA as well as AOL)
  • Marv Langston (former DoD Deputy CIO)
  • Bill Vass
  • Art Money (former DoD CIO)
  • Simon Phipps (Sun's Chief Open Source Officer)
From the OSA web site:

The mission of OSA is to educate decision makers in the U.S. Federal government about the advantages of using free and open source software; to encourage the Federal agencies to give equal priority to procuring free and open source software in all of their procurement decisions; and generally provide an effective voice to the U.S. Federal government on behalf of the open source software community, private industry, academia, and other non-profits. The mission incorporates three goals: (1) to effectuate changes in U.S. Federal government policies and practices so that all the government may more fully benefit from and utilize free and open source software; (2) to help coordinate these communities to collaborate with the Federal government on technology requirements; and (3) to raise awareness and create understanding among federal government leaders in the executive and legislative branches about the values and implications of open source software. OSA may also participate in standards development and other activities that may support its open source mission.

While some consider the "open source" movement to be a religion or political agenda designed to socialize software or kill proprietary vendors, what it really boils down to is simply developing software outside the company firewall so that you can take advantage of the strengths of the community.  To quote Bill Joy (former Sun co-founder), "Innovation often happens elsewhere."

Sun offers a wide variety of supported, enterprise class open source projects including MySQL, OpenSolaris, OpenSSO, Glassfish and more.  Download some open source Sun software today and you too can start experiencing the benefits of open source.

Federal Government customers can contact Sun's sales office in McLean VA by calling 703 204 4100.

Friday Oct 31, 2008

Trip Report: DoD Open Conference sponsored by AFEI

Yesterday I attended the DoD Open Technologies conference sponsored by the Association For Enterprise Integration. The presentation slides have been posted. It was a well attended event at the Reagan building in Washington DC.  The keynote address was provided by Sun Federal's president and COO Bill Vass.  Bill pointed out how, during his time working at OSD (before he came to Sun), the intelligence agencies were beginning to adopt open source software for a number of reasons:

  • More secure
  • Higher quality
  • Lower procurement barriers
  • Faster deployment
  • Lower cost to exit
  • Allows government participation and customization

He also pointed out that software (whether open source or proprietary) is developed in Russia, India and China. He left no doubt that the government is using and should continue to use Open Source software throughout their IT programs.  Feel free to review all of Bill's slides.

Mark Tolliver (formerly of Sun) for Alamida software discussed the importance of software component analysis (SCA).  SCA is the process of auditing your software to determine:

  • What OSS components you are using
  • What licenses apply
  • What vulnerabilities might exist

In one example, he used his company's tools to scan a piece of ISV software and found that 65% of it consisted of OSS software.  His experience shows that the industry average is now up to 50%.  This causes a number of issues because licensing issues and vulnerabilities in OSS software become YOUR issues when you deliver a product to your customer.  If you are not fully aware of all of the components, you may be passing on vulnerabilities from older versions of software that have already been fixed in the community.  SCA is important because you can't secure what you don't know that you have.

His recommendations to the government included:

  • Require vendor to document OSS code contents
  • Audit code acquired
  • create a strategy for application security
  • Enforce ongoing training for engineers on how to get the code, vet the code and integrate the OSS code
  • Document the use of all code for future generations of maintainers
  • Use automated scanning tools (his product, of course)
    • Static Analysis
    • Dynamic Analysis
    • Compositional analysis
    • Anti-virus

John Garing CIO of Defense Information Systems Agency (DISA) described how the Hitler had trouble invading Russion because of differences in the train guage standards between the two.  He drew parallels between this and his current personal problem in the DoD where they have contracted with two different Collaboration solutions (to provide competition).  A person chatting in one community can't "see" or interact with a person in the other community.  To summarize, open standards and open interfaces are key to getting services faster to the warfighter.

A panel of government and industry discussed a variety of topics related to open source.

Dan Risacher of OSD/NII reported that a new OSD guidance memo was expected to be released soon.  Dan is a big advocate of open source in the government.

Bdale Garbee of HP is an open source participant in the industry and suggested that government needs to go further to allow both government employees and system integrators to participate and contribute to OSS projects without running afoul of government property rights, employer policies or patent issues.  They also discussed the issues surrounding license and ITAR export control.

The afternoon panel discussed how tactical approaches to open source are being carried out.

Stu Lewin of BAE systems described their detailed creation of a governance board, processes, documentation and training to ensure that the OSS brought into BAE projects is properly vetted, licensed, documented and maintained.

Allan Hardy of Lockheed Martin described how they audit OSS use and perform risk mitigation.  He noted that OSS touches every stage of the software life cycle from proposal through design, test, documentation and support.  He credited a strong process as well as ongoing training of engineers to a successful use of OSS.

Colin Roufer is a lawyer at Boeing and discussed the legal issues surrounding OSS. Important points include:

  • There is no negotiation of a license such as the GPL.  Get over it
  • The GPL does NOT require that you give the source to everyone in the world, one those who receive the binary
  • The recipients of GPL code are bound by the same requirement to pass source code and license down to second level recipients

Peter Vescuso of Black Duck software described a case study of a small company who provided OSS to Broadcom.  The Broadcom chip was in turned built into a Linksys router. Linksys was in turn bought by Cisco.  At this point, Cisco did not know that there was OSS content as was not properly conveying that information to its customers.  OSS management requires a cross-function team including:

  • legal
  • purchasing
  • export control
  • QA
  • Configuration management
  • engineering


Open source is good for the government.  It can lower costs, improve quality and reduct time to mission accomplishment.  Sun Microsystems is the largest contributor of open source software in the industry.  You can take advantage of OpenSolaris, MySQL, Netbeans, OpenStorage and many other products today at low cost.

 Please join our OpenStorage launch on November 10th to learn more.

Wednesday Dec 19, 2007

Trip Report: DoD Open Conference sponsored by AFEI

Last week I attended:

3rd Annual DoD Open Conference
Sponsored by AFEI in McLean VA.  December 11-12th
Sun Attendees:  Jim Laurent, Tom Syster, Bill Vass (Keynote speaker) Paul Tatum

This is an annual conference attended by government, industry and consultants (Mitre/IDA) to discuss open source technology, open systems and open development methodologies.  Approximately 100 people in attendance.  The President and COO of Sun Federal Bill Vass was one of the keynote speakers.

It's clear from attending this conference again (this is my third time) that there is no avoiding the use of open source tools in the Federal Government.  Whether it is something as simple as glassfish and openssh or more advanced technologies like the UltraSPARC T1 and T2 processors, open source is everywhere in the DoD.

Nick Guertin, Directory Open Arch. PEO IWS Navy

Discussed the Navy's open architecture designed to achieve modularity, interoperability, standards compliance.
Discussed business issues and licensing issues around open source

Mark Tolliver, President of Palamida SW.  (formerly of Sun Micro)

Palamdia delivers auditing and compliance software that compares your software build to existing DB of open source projects providing you with an audit of which OSS you are using, there versions etc.

His experience in code analysis indicates that most projects consist of 30-50% open source components.  Many of these are often found to be below rev and have security vulnerabilities.  Most projects have 50% to 300% MORE OSS than they think they do.

Primary message:  Control your SW supply chain through:
    Compliance (his SW can help, of course)

Mentioned Solaris/OpenSolaris

Bill Vass discussed the value of OSS and Sun's use of it.

OSS is unstoppable because of:
    Security benefits
    No vendor lockin

Bill reviewed Sun's strong position in the open source communities and our benefits derived from open sourcing Solaris, Glassfish, OpenOffice etc.  Handed out complete JES CD kits to all attending.  (Sun was a platinum sponsor for the conference.)

He then lead a panel for Q and A including Dewey Houck of Boeing and Bob Gourley, former CIO of DIA.  Intelligence agencies a big proponent of open source.  There was active participation from the audience.

I received feedback from several people during the breaks at the Sun table that they didn't know Sun was so active and aggressive in the OSS community.

Terry Bollinger ASD/NII discussed open Source Governance including:

Evaluation of OSS
    Creating policy

Don Adams of Tibco discussed their Open AJAX toolkit known as Bossie.

Eric Pugh of OpenSource Connections discussed the use of the "Agile Methodology" and open source development for thePathFinder program, NGIC and GCGS-A.

Chris Runge of Red Hat provided two case studies of how open source technologies allowed something to happen that was "impossible otherwise."

NSA dev of SE Linux being incorporated into productions OSes such as RHAT and Suse.  First MLS OS that is part of the standard OS distribution

Real-time Linux enhancements working with IBM, and DDG-1000 (aka DDX program) in the Navy.
RHEL 4 + Real time kernel + IBM RT Java + Blade servers

Coming Soon:  Red Hat MRG = RHEL 5.1 = Messaging toolkit + Real time + Grid technologies
Important in financial/trading communities

Nick Weatherby of the Open Source Software Initiative discussed how industry is trying to facilitate OSS adoption by working with Government.

Created Government Technology Task Force to help accelerate and clear out obstancles in standards, procurement, legal issues.  Working with DISA, DoNavy, Army, AF, OSD, JFCOM, DHS, Justice, etc

Example:  FIPS 140-2 validation of the Open SSH libraries

working on IAVA security validation and Common Criteria process for Open Source

Ball Aerospace rep provided a case study of how they took a GeoSpatial toolkit developed for the government through the process of putting it on a public open source project.  Goal was to increase adoption of their framework thereby increasing their bus. oppty for consulting services.
Obstacles included ITAR approvals, Legal, internal politics, ownership issues.

Ed Beck of CSC in NJ

discussed how they used open source modules to reduce costs and increase speed in their deployment of an AEGIS missile update for Display console and systems management tools
Display console now 60% open source based
Sys. Mgt. tools now 40% OSS based

#1 issue was licensing.  DoD is very sensitive about the fact that using the GPL license might mean giving away technology to the bad guys.  Tools used included tcl/tk, Flex/Bison, XPM, Mozilla, etc

BG Gen. Nick Justice of the US Army

discussed value and benefit of OSS in the DoD including acceleration of mission apps, lower cost, increased security etc.  Mentioned Red Hat several times.  FBPC2 is a huge RH deployment.  Future Combat System (FCS) is apparently also going to RHEL.

General Justice is a very engaging and entertaining speaker.  By all means, if you get a chance to here him speak, do it.  He is one of the few high level military people who runs Linux on is laptop.

Andre Boisvert of Pentaho SW (formerly at Oracle, IBM and SAS institute)

Discussed how he had worked at various proprietary, closed source companies and has invested money in 3 new ventures using only open source.
OSS provides:
    Better Code
    Faster innovation
    Self policing of quality, security
Pentaho provides OSS business intelligence including ETL, OLAP etc
Zenoss provides OSS Systems management based on Python
Compiere for OSS ERP SW
Described OSS as a "disruptive force in the SW industry."

KS Shanker of IBM Federal

discussed the security aspects of open source and how he took the linux community through the Common Criteria eval process even though they didn't think it mattered originally.

David Wheeler of Institute for Defense Analysis discussed the security aspects of OSS
Vendor lockin = a security problem.
Open design is a fundamental in creating a secure systems
"Would the Trojan Horse have worked if it had been made of glass?"

Not ALL OSS is secure:
    Developers need to have security skills
    Needs to be widely used and reviewed
    Problems must be fixed on demand when found.

When I asked him when IBM was going to release its huge software portfolio (Tivoli, z-OS, ClearCase, AIX, WebSphere) to the open source community, he responded by pointing out that Websphere has incorporated Apache as its web server.  That sound to me like taking from the OSS community rather than giving.

Booz Allen Hamilton rep discussed the use of an Open Source Security Test Methodology.

Wednesday Oct 03, 2007

Scott McNealy's five reasons that free, open source software is good for Sun and our customers


Recently Scott McNealy spoke to the Sun OS Ambassadors at our semi-annual conference in Menlo Park CA.  He told us that he is frequently asked by customers:

  • Why Sun is doing this whole "open source" thing and giving away software for free?
  • How can Sun expect to make any money with free software?
  • How is this good for customers?

He gave us his five reasons.

  1. Free means low barrier to entry.  Stated another way, "College students and developers don't pay for software anyway, we want to make sure that the software they're using is Sun's, so why not give it to them." By providing our core OS, developer tools and web infrastructure tools to students, companies and independent developers at no charge, we gain mind share among those people who "join things rather than buy things."  When they move into the enterprise, they will start buying products and support from those companies with which they are familiar.
  2. Open source as a research and development multiplier.  Sun can multiply our $2 billion in R&D funds by leveraging the R&D of the open source communities.  Open sourcing of Java, OpenOffice, Solaris and other technologies allows us to take advantage of the HUGE R&D budgets of IBM, ATT, Nokia and others.  Not to mention the plentiful resources in the emerging markets in China, India and South America.
  3. Security. Whitfield Diffie has said, "the secret to strong security: less reliance on secrets."  As an anecdotal example, Java is the single largest platform in the world installed on billions of devices (much more widely deployed than MS Windows).  Yet you would be hard pressed to name a Java virus.  This is due in part to its open, community driven development model.
  4. Partnering and proliferation of our technology.  Having the Sparc processor technology easily licensed, for example, has allowed our partner Fujitsu to design their own implementation of the Sparc V9 chip architecture.  As a result, our new M-series servers are available from both Sun and Fujitsu providing a dual-source option for customers.  Products from both companies run Solaris and our other software products.  Since open sourcing the UltraSparc T1 chip design, at least two other implementations have been designed for embedded devices further opening new markets to Sun's intellectual property.
  5. Low barriers to exit.  By conforming to open document formats and web standards we can ensure our customers that they won't have that "locked-in feeling" they get when they choose Microsoft, Oracle, BEA, z/OS or other proprietary product families.  The cost to exit these proprietary technologies dwarfs the acquisition costs.  Sun can help reduce customers' cost to exit by using open standards and open source implementations.  This also provides customers with more choice.  In the case of ODF, for example, customers can now choose office automation packages from Adobe, Sun, IBM, Google or the free OpenOffice suite rather than having the data held hostage by proprietary MS Office formats. They can choose to run these suites on Windows, MacOS, Solaris, BSD or any of the Linux variants.

Why should you care?

To summarize, Sun's strategy of making our products free and open is designed to make the entire planet familiar with Sun's products.  We then have the opportunity to offer support, services, training and systems for their enterprise computing needs. This helps customers by providing them more choices at lower cost and allowing them to move from one vendor to another more easily.

Tuesday Jul 31, 2007

How did Solaris 10 and Dtrace help Twitter improve performance?

For a great presentation on how Solaris 10 and DTrace helped Twitter improve their performance by 15% see Adam Levanthal's  most recent blog entry along with his presentation provided at OSCON.

 In this case, the application was written in Ruby and the DTrace provider in Ruby really helped.

Why should you care?

 If you are building a fast growing company (as Twitter is) it's inevitable that you will run into performance issues.  Solaris 10 and Dtrace provide the kind of visibility into your application's performance that can help you grow smoothly.

Friday Jan 12, 2007

Sun leads in Open Source Software: Open Your Mind Today

Sun has a number of great upcoming events surrounding the open source development model and benefits that customers, system integrators and end users can derive from open source products. 

Sun is the leading commercial provider of open source technology in the world today.  Unlike many of our competitors (Microsoft, HP, IBM and Apple come to mind) Sun has completely open sourced a wide variety of our most strategic technologies including:

As a Sun Federal employee who works closely with the US DoD, I can tell you that the DoD believes strongly in an open source development model.   In a paper written by the Office of the Secretary of Defense, they list three of their primary goals to be:

  1. Leverage open source infrastructure and technologies
  2. Apply open source collaborative technologies
  3. Change the default acquisitions and development behavior to default to technology services vs. products

They also make note of OpenSolaris and quote Scott McNealy as saying:

You learn to share in preschool. Later you learn that if you make the pie
bigger, everyone gets a little more. These lessons came together
when we started Sun. We didn't have the resources to do
everything ourselves, so we shared what we had to attract
customers and get their help in building the business. There are
now 4.5 million Java developers and about 950 companies
worldwide all collaborating on a technology Sun shared with the

This is possible because sharing creates communities, which create
new markets. It's also changing business models: Companies can
no longer expect to lock in customers with proprietary standards.
They must now compete on the value of their business execution.
They monetize that value a little bit, spread over the entire
community. With 1 billion people on the network today, and several
million more joining every week, there's a lot of opportunity. So
while it may seem counterintuitive for a company to share, it's the
key to larger economic growth ― not only for Sun, but also for
everyone in the world.”

As an example, the US Joint Forces Command (JFCOM) has started a project based upon OpenOffice (the baseline for Sun's StarOffice product).   Using OpenOffice as a base, they are building a "Security Enhanced Office Automation suite."  Apparently they are unwilling or unable to do this using Microsoft's "Shared Source" agreement.

Some of JFCOM's stated benefits from using open source include: 

  • Increased Flexibility– If you don’t like what the vendor or community is doing with the product you can change it
  • Increased Security
    • Ability to inspect and change (if necessary) the source
    • Ability to verify that the executing version is the one actually derived from the source code.
  • Potentially reduced procurement and maintenance costs
  • Increased ability to reuse code
  • Increased ability to share technology with Coalition partners
  • Cost Sharing - Leverage the large open source community to help develop, test and improve your applications

My customer, Defense Information Systems Agency (DISA), is moving toward adopting Solaris 10 in their mission critical Command and Control applications as well as their data processing centers.  The fact that it is based upon the OpenSolaris project is viewed as postive by them.

If you would like to learn more about Sun's efforts in the open source communities, please visit and sign up for the next two events:

Why should you care?

Using open source technologies can provide faster time to market, lower cost and reduced risk of vendor lock-in.  Sun's product portfolio is based largely on open sourced technologies.



Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).


« July 2016