James Morris notes related work in his blog posting from this morning and offers to help the community preserve interoperability with SELinux.

Personally, I would be delighted to see widespread adoption of the FLASK architecture lead to usability improvements and complexity reduction across the board.

[1] http://www.opensolaris.org/os/project/fmac/
[2] http://www.opensolaris.org/jive/thread.jspa?messageID=204568𱼘
[3] http://www.osnews.com/thread?303491
[4] http://james-morris.livejournal.com/2008/03/05/

It seemed so promising at first: “[T]hey made promises about it being an open development project. … Sun gave up its right to make arbitrary decisions regarding the phrase ‘OpenSolaris’ as part of its public agreement with the community in the form of the Charter. That was a self-imposed restriction in exchange for the benefits of community-driven development, freely made, and cannot be changed except in accordance with the charter itself (for example, by amending or dissolving the charter).” (excerpt from Roy Fielding’s resignation letter) But it was a sham: “The charter has therefore been violated. … Sun agreed that ‘OpenSolaris’ would be governed by the community and yet has refused, in every step along the way, to cede any real control over the software produced or the way it is produced, and continues to make private decisions every day that are later promoted as decisions for this thing we call OpenSolaris.” (excerpt from Roy Fielding’s resignation letter)

To be fair, most developers recognized the community as a sham right away merely based on the copyright and patent assignments required by the contributors agreement[3]. To date, Sun has received 578 patches[4], which represents a rate of 0.6 patches a day (first patch dated 6/17/05, there were some earlier undated contributions). Linus gets more patches while he is brushing his teeth than OpenSolaris gets in a week. Despite Roy’s efforts to build a real community, contributing to OpenSolaris always has been and seemingly always will be, corporate welfare.

For me, the realization that Sun just doesn’t get it, and never will, was crystallized the day I was turned away from an OpenSolaris Users’ Group meeting for refusing to sign an NDA.

It is a credit to the Solaris engineers that a few hearty souls want to soldier on amidst the wreckage: “Nonetheless I believe the time has come for a reboot and I am looking for other like-minded people to stand and form a full Board for positive change.”[5] And others who are even contemplating forking: “We will need to build out our infrastructure so that we can host development, mailing-lists and etc.. Once that is done, we will need to make the case to start moving development to the new organization/infrstructure. This will mean that even Sun employees will have to chose to move their development work to a community ‘controlled’ development infrastructure.”[6] It is to them, that I dedicate the title.

[1] http://en.wikipedia.org/wiki/Roy_Fielding
[2] http://mail.opensolaris.org/pipermail/ogb-discuss/2008-February/004488.html
[3] http://www.opensolaris.org/os/about/sun_contributor_agreement/
[4]http://www.opensolaris.org/os/bug_reports/request_sponsor/
[5] http://mail.opensolaris.org/pipermail/ogb-discuss/2008-February/004487.html (Yes, the author of this email is a Sun employee.)
[6] http://mail.opensolaris.org/pipermail/ogb-discuss/2008-February/004477.html

The January State of Spam Report says that in December spam accounted for 75% of all email. Just a reminder of the cost that we pay daily for failing to build any type of security into the protocol.

Here’s another interesting look of the daily human cost of some security technologies - Study: IT Monitoring Stresses Workers Out. Key quote: “The main consequence of IT surveillance has been a sharp increase in work strain, involving feelings of exhaustion, anxiety and worry related to work…” and unbelievably, “More than half of British workers are now under some sort of IT scrutiny…” Is the value of the data they are protecting through these measures really greater than the individual and societal cost of the measures?

1. http://etbe.coker.com.au/2008/01/20/lca-2008-security-blogging-contest
2. http://www.networkworld.com/nlvirusbug117216
3. http://www.darkreading.com/document.asp?doc_id=142821&f_src=drweekly

2. The guru speaks to the Linux community: Interview with Bruce Schneier called Bruce Almighty: Schneier preaches security to Linux faithful (dated Dec. 27, 2007). Choice quotes: “Do you think that technologists sometimes forget about the human element generally when designing, developing, testing, implementing and/or maintaining systems? Sometimes? I think they forget almost all the time.” and “What will be the biggest security issues in the future? Crime. Crime, crime, crime. Everything else pales in comparison.”

3. 11 open-source projects certified as secure: You can see my previous blog posting about quibbles with the way that the story is written, but ultimately this is great news for open source and well worth mentioning again. Here’s a good story about the same announcement (best story on the topic that I have seen in this round): Weeding Out Flaws in Open-Source Apps

4. Data center robbery leads to new thinking on security is an interesting look at the data center break-in that occurred last October. Key quote: “‘The second someone crosses the line to armed robbery – [risking] a 25- to 50-year prison sentence – to steal some servers, we’re in different realm of security now,’ he said.”

5. Top 10 security headlines from 2007. I would have thought that the British data loss on most families with children under the age of 16 would have made this list but it is not here.

6. Yahoo tests support for OpenID. Key quote: “‘I expect Yahoo’s implementation to be a major influence in encouraging OpenID 2 adoption,’ wrote Simon Willison”.

In other news:

1. KernelTrap’s story on Decoding Oops and the referenced emails from Linus Torvalds and Al Viro are worth studying closely.

2. The Linux Foundation’s new podcast series Open Voices is off to a great start.

3. Linux guru offers sneak peak at Kernel Report - Computerworld interviews Jonathan Corbet. Key quote: “I am confident that, five years from now, we will say that we were able to accept unprecedented amounts of new code at a sustained rate for years while improving the quality of the final product.”

4. LWN.net: a ten-year timeline (part 1) LWN’s 10 year anniversary retrospective. (Subscriber only for 5 more days.) Interesting quote: “When Intel put money into Red Hat, it became clear to all that both Linux and Red Hat were headed toward success. This was, in some real sense, the point where Linux entered the dotcom bubble, though the real action was still a year away.”

Note to Charles Babcock: software has bugs, even security bugs. If you want to drive down the number of bugs in the software that you are using, use open source.

This type of crappy response comes up almost every time Coverity announces a significant improvement. See this similar news story from ZDNet back in October 2006: Most open source is better.

http://scan.coverity.com/
http://www.news.com/8301-10784_3-9843682-7.html?tag=nefd.top
http://scan.coverity.com/rung2.html

It looks like there are enough activities to sustain her interest for quite some time to come.

I added a page with more pictures of it than anyone could possibly want to see: OLPC pics.

Initial impressions - very small box that FedEx somehow managed to poke a hole in. Inside, very little extra packaging. It come in 3 pieces - the laptop itself, the battery and the power cord. There are 2 plastic bags and 2 stabilizers that look like they are made out of recycled paper/cardboard. It seems very rugged, but not rubbery as I was expecting. Under normal use by kids, I expect that the white will very quickly become dirty, but the thing looks awesome out of the box. As I’ve heard is common in adults, I didn’t initially get how to open it. As soon as I got it, it seems obvious. The display’s ability to completely swivel is cool. The fact that the USB, microphone, and headphone ports are covered by the antenna ears when closed is a sweet design point. It seems odd that the power port isn’t similarly protected. The keyboard is small and rubbery. People who like the old IBM clackety keyboards are destined to be disappointed - it is much like a normal laptop keyboard, only smaller, solid (protected from spills), rubbery, and green.

The software is neat. The extra keys on the keyboard really improve the software experience over trying the live ISO image or using a virtual machine image. They make switching between programs much easier and faster. The links back into the OLPC library allow the kids to listen to a couple of music samples, read nine picture books online (in English, Spanish, Portuguese, Farsi, and Croatian), and browse Wikipedia. The picture book interface is top notch and I hope they are able to populate the library with a few more books (initially you only see two, but once you start reading one, you can access another seven). I could really envision children as young as mine delving into this activity. I would have liked to see a link to Project Gutenberg. The science section starts off with only biology listings. I expect the OLPC library will grow dramatically over time.

The browser doesn’t automatically start Flash animations, but rather shows an outline with the designation: “Flash [[Click to play]]”. I tried a few of the Flash games on Noggin and gnash seems to not be able to really deal with most of them. For some, the screen gets so cluttered that the game becomes unplayable (which is a problem with Noggin’s site design rather than with the laptop) and others render but very slowly and seem to get stuck unable to accept input.

Pippy is a neat, small IDE preloaded with code snippets interesting enough to get older children motivated to try it. It takes me back to my early days of Basic programs generating annoying beeps. There is a cool distance measuring program (Acoustic Tape Measure) that requires two laptops to share the activity and then reports the distance between them.

On the security side, the SELinux tools and libraries are installed, but getenforce says that SELinux is disabled. I was prompted for my name when the machine booted for the first time and I selected an XO image with custom colors, but the second time I booted, neither were required. I haven’t quite figured out yet how to turn the microphone off and the microphone indicator has been lit for quite a while.

I’ve played with it for a couple of hours and barely scratched the surface. It is very fun. It will be interesting to see what my children make of it.

If you have read all the way to this point, you are an OLPC fanatic, so I highly recommend that you read the following two reviews. The first is by a 12 year old and is very well written. It talks about some of the more interesting activities that I haven’t had a chance to try yet, like Etoys and TamTamJam: http://www.freedom-to-tinker.com/?p=1206
The second review is by the father of a 9 year old: http://news.bbc.co.uk/2/hi/technology/7140443.stm

Also extremely cool, is the interview with the guy (Don Hopkins) who ported the original SimCity to the OLPC and is now releasing it under the GPL as Micropolis. I can still remember staying up all night in college playing SimCity in the 24 hour lab when I should have been sleeping (or working): http://www.linuxworld.com/news/2007/121107-simcity.html Head’s up - he says that there are cheat codes documented in the source. What a great way to get kids to read the source code. This will definitely be one of the first things that I load.

There is still a little time left to get one. I highly recommend it, it is a sweet little machine. But even more, as the letter confirming the expected arrival date of the laptop said: “You are part of something big. As a participant in Give One Get One, you have become a member of an international educational movement.” And that alone is worth every penny. http://www.laptopgiving.org/en/index.php

Benjamin Rosenbaum has an interesting blog post [4] (from way back in April) on how Grameen and Kiva fit relative to each other in the microfinance world and the benefits and limitations of microfinance.

Anyway, this looks like a great opportunity for both IBM and Mifos and I’m thrilled to see this announcement. This is the type of announcement that after almost 11 years with IBM, still makes me proud to be an IBMer.

[1] http://www.nytimes.com/2007/11/12/giving/12micro.html?_r=3&oref=slogin&oref=slogin&oref=slogin
[2] http://mifos.org/
[3] http://www.kiva.org/
[4] http://www.benjaminrosenbaum.com/blog/archives/000474.html

Just as Good as Windows isn’t Good Enough [1]
Choice quotes: “In the end, if all else is equal, Windows get the nod because it is a safe choice. ” and “In this scenario, TCO does not come into play because ongoing support will be local and will come from other funding sources.”

A Little Laptop with Big Ambitions [2] (WSJ so no idea how long this will be available.)
Choice quotes: Last sentence in the article: “Just who would provide support a few years from now, he said, was ‘a frightening question.’ The students, he said, will need ‘to do as much maintenance as possible.’” and “Nigeria, for example, so far has failed to honor a pledge by its former president to purchase one million laptops.” and “It recently inked deals to sell hundreds of thousands of Classmates in Nigeria…”

and (though almost completely unrelated)
Software Group Targets Small Businesses
Choice quotes: “Of the $13 million that the BSA reaped in software violation settlements with North American companies last year, almost 90 percent came from small businesses, the AP found.” and “The letter demanded $67,000 — most of one year’s profit — or else the BSA would seek more in court. ‘It just scared the hell out of me,’” and and “some employees had been unable to open files with the firm’s drafting software, so they worked around it by installing programs they found on their own” and “‘It was basically just a lack of knowledge and sloppy record-keeping on my part,’ said Gaertner, who ended up with a settlement that cost him $40,000.”

First off, it really bugs me that none of the articles pick up on the educational opportunities of having the source code available and the OLPC feature of actually showing the student the code that is running at the moment. I guess this is just too geeky to be considered relevant to the politicians and journalists.

But really, there are three issues at work in these articles: support, piracy/TCO/license management, and security/safety.

On support, the WSJ article cites OLPC support as lacking, emphasizing the importance of this point by ending the article with it. Yet, there is no discussion on Classmate support and the ZDNet blogger posts that Classmate support will be “local” which doesn’t sound much better to me than the OLPC support. Plus teaching the students how to support the OLPC (both hardware and software) provides another educational opportunity for the kids.

On piracy (and the cost/complexity of managing software licenses), while I don’t expect the BSA to go after school kids worldwide, it wouldn’t really shock me if they did and they would conceivably be within their legal rights to do so. Who will manage the licenses for the software installed on the Classmates to ensure that they don’t run pirated software? Will the schools be responsible? The governments? The parents? The children? Will they implicitly allow piracy on the student laptops, training them to disregard the issue and then smack them down once the children grow up and start their own small businesses?

And finally, on security, while Windows is mentioned as being perceived as the “safe choice” (and while I hate to pick on Nigeria here), it just makes me cringe to imagine hundreds of thousands of Windows laptops out there with none of the thoughtful security improvements of the OLPC that will prevent them from becoming spambots.

[1] http://education.zdnet.com/?cat=65
[2] http://online.wsj.com/article/SB119586754115002717.html?mod=home_we_banner_left
[3] http://biz.yahoo.com/ap/071126/software_watchdog.html?.v=2