This is a very real problem with some applications that are written poorly; it allows a remote user to send arbitrary SQL commands to the database server by manipulating data sent to the web server and piggy-backing the SQL commands against legitimate database queries executed by the web application, usually without any prior checking or sanitisation by the web application. To get one up on these flaws, GreenSQL is a "firewall" for MySQL databases. What it does is intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application. GreenSQL provides binary packages for some Linux distributions. The greensql-console package provides a web interface that can be used to see what queries have been blocked, and you can also use it to configure what GreenSQL will block, what it should permit, and so forth. Untar the greensql-console tarball into your web tree, where it will live, and adjust config.php to suit your chosen GreenSQL username, password, and database name. As well, if you installed GreenSQL from source, you will want to ensure that GreenSQL will start at every system boot. Depending on your Linux distribution, it could be as easy as copying an initscript from the greensql-fw source tree or you may wish to add it to your local startup script.

Comment (0)

Cloud computing will fuel growth in open source software as companies try to manage costs, according to database heavyweight Ingres.

Tom Berquist, former managing director of financial powerhouses Citigroup and Goldman Sachs and now CFO of open source database firm Ingres, made the prediction last week.

Ingres, the second largest open source company, counts the likes of BAE Systems, Cathay Pacific and Lufthansa among its customers.

Berquist said the cloud computing model--of companies' serving applications over the Internet--requires vendors to spend large amounts of cash buying and maintaining servers, telecoms infrastructure and software such as operating systems, Web, application and database servers to support their software as a service (SaaS) operation.

He added because SaaS vendors needed to invest in more hardware and software than traditional software vendors--where applications are sold to customers to install on their own machines--there was a greater drive towards using open source operating systems, Web, application and database servers, as opposed to more expensive commercial alternatives.

Berquist said: "With cloud computing the operating system and the infrastructure is managed and paid for by the vendor rather than by the customer.

"The more we move towards cloud computing, the more that rewards open source because the cloud software vendor can not afford to pay for software for say 25,000 server CPUs.

"They will go towards open source and in many cases self support. People can not afford to spend the money that would be necessary in the old client to server model.

"It can be 10 times cheaper than relying on the commercial guys."

He added that the credit crunch would also fuel adoption of open source software, as it had done during the dot-com crash in the early 2000s.

Comment (2)

Anyone trying to evaluate open source content management systems is aware that there aren't a lot of recent, useful comparative reviews. What's surprising is that this issue is true even for such popular solutions as Drupal and Joomla.

Stating in January that, "most comparisons of Drupal (news, link) and Joomla (news, link) conclude that you should select the one that best suits your needs. However, they give too little guidance about how to do that," Webology eBusiness Solutions set out to quantify the pros and cons of each by releasing a survey.
The Survey

The survey divided questions into five categories:

   1. Developers
   2. Documentation
   3. Performance/Functional Aspects
   4. Appearance
   5. Ease of Use/Learning

Users were classified by their response to "CMS most experienced with," with those answering "Not Applicable/Don't Know" to this question being removed from the analysis.

In general, the respondents were slanted a bit more toward Joomla users than Drupal users. Their roles when working with their respective CMS's break down to the largest group being Project Managers, and other large groups including Programmers and Designers. The Drupal users were, somewhat unsurprisingly, more experienced, with a median of 7 years experience in web development, while Joomla users claimed 5.

Comment (0)

We are often asked the question when we will officially stop supporting Joomla 1.0.x and, given the huge install-base, it's not an easy question to answer. We know that the code originates from several years ago and is certainly showing its age (Mambo 4.5.2 was released in early 2005, but the codebase originates partly from 4.5, released in December 2003). To recap our short history, the Joomla Project originated from a fork of the Mambo Project on August 17, 2005. Shortly thereafter, Joomla 1.0 was released on September 16, 2005 and was an improved version of Mambo 4.5.3 (you can still find that code in subversion). The announcement of the Alpha version of Joomla 1.1 was made on October 27, 2005 and this version was later on renamed Joomla 1.5. What began as a minor update turned out to be a full re-write of the codebase and the current version of Joomla was released on January 22, 2008.

Since then, seven versions of Joomla 1.5 have been released. Download numbers and usage have increased exponentially, evidenced by nearly 7 million downloads. In January 2008, just 15% of newly posted extensions were Joomla 1.5 native and that percentage has recently soared to 73%. The adoption rate of Joomla 1.5, by both users and developers alike, has occured at an amazing rate and demonstrates an untold level of commitment to the Joomla Project on both sides.

But now it's time to say our farewells to our old friend Joomla 1.0. As of July 22, 2009, the Joomla 1.0.x series will no longer be supported. As a user, is it required that you upgrade from Joomla 1.0.x? Absolutely not since security upgrades will be supported until this date. But if you're a user who hasn't yet upgraded to Joomla 1.5, you should do so in order to start reaping the benefits the latest version has to offer. If you're a developer in that small minority who hasn't yet become Joomla 1.5 native, this is your last call to join the majority of developers who have already discovered the power and ease of the Joomla 1.5 series.

In the meantime, we are working diligently on Joomla 1.6 (with its new ACL), which promises to be the most exciting release for Joomla yet.

Comment (0)

Ramji said one of his chief focuses is on how customers are using the Windows platform in a downturn, when enterprises are deferring non-critical hardware and software purchases. He said that having Windows as a platform play for open source software deployment is key to the company's continued ability to weather the worst of the slowdown.

In particular, Ramji added that he believes the work that Microsoft has done to support PHP and Java on top of Windows is a key part of the resiliency of Microsoft's operating systems business. The company has beenworking with commercial PHPsponsor Zend for the last several years to improve PHP support on Windows.

Ramji also noted that Robert Youngjohns, president for Microsoft North America, is scheduled to keynote at OSBC on Wednesday and will argue that the fundamentals of technology innovation and improved productivity will help to bring the IT sector back, while showing how computing can help to grow businesses in the current downturn.

Part of that growth potential comes from working with open source firms as a way to develop new solutions that appeal to customers even in the downturn, Ramji added.

"We're seeing demand for some of our joint solutions with Novell around Linux and Windows interoperability," he said.

Novell and Microsoft have an interoperability and patent deal originally signed in November 2006. Since then, Microsoft has also been working with Red Hat to enable Red Hat's Linux to run virtualized on Microsoft's Hyper-V virtualization hypervisor.

That might be one reason that while the economy is a slowdown, Ramji said there hasn't been letup in activity in the open source group that he runs at Microsoft.

 

Courting open source

Microsoft is continuing to work on making Windows a popular platform for open source application deployments. Ramji noted that Microsoft last week announced the Windows Web App Gallery, which currently includes 10 open source applications that can be easily deployed on Windows.

"There are many more applications we want to add -- another 50 or 60 PHP Web applications," Ramji said.

Ramji added that there is still work that Microsoft can do to further ensure that PHP runs well on Windows. According to Ramji, Microsoft is working with Zend and the PHP community not just on historical PHP releases but also on future releases to ensure that Microsoft can add value to next-generation versions of PHP running on Windows.

 

Open source patents

While Microsoft is trying to push its message of openness and interoperability, it still sometimes has issues with open source and Linux. Recently, Microsoft launched a patent suit against GPS navigation vendor Tom Tom, which includes a number of Linux and open source technologies.

Microsoft has alleged that open source infringes on over 200 of Microsoft's patents.

But Ramji claimed that patent issues aren't causing any chilling effect on his part of Microsoft's open source plans.

"We've made so much progress in demonstrating a consistent and rational process for open source adoption of Microsoft technologies and interoperability with non-Microsoft platforms," Ramji said. "I feel like we've gained some credit in that area and we do our best. I've been at two significant open source events in the last few weeks and none of attendees have brought up the issues of patents to me."

Comment (0)

About a week before attending the Open Source Business Conference last month, I heard an interview on public radio with the founder of Good News Network, a web site dedicated to reporting nothing but — you guessed it — good news.

This intrigued me as I prepared to attend OSBC, the Open Source Business Conference, because I wondered what the tone of the conference would be like in the context of the global economic [insert your favorite term here: downturn, crisis, meltdown, recession…].

I was especially interested to hear some of the same people who spoke one year ago, just as it was starting to dawn on most of us that perhaps the economic party was over.

For those who want to skip to the end, here is a read on the situation:

Good news: Open source companies are alive and well.

Bad news: It may be that nobody cares (more on this later).

Good news: Nobody cares. Solve a problem, and you make the sale.

Really good news: Open source will lead us from the wilderness. (Or at least that’s the dogma du jour.)

Recession + Open Source = The Promised Land

Anyone who expected to attend OSBC and NOT hear about the recession was quickly disabused of that notion. Conference Chair Matt Asay opened by pointing to “the worst economy many of us have ever seen” with a video showing how the brutal economy means “it’s time” for open source.

Asay identified “new realties” regarding the business use of open source software, all of which made perfect sense:

1. Not using open source is risky: open source represents a lower acquisition cost (free is good), but vendor lock-in and potential obsolescence associated with commercial software are effectively eliminated.
2. We need to expand the open source development model to enterprise IT. That is, big companies have to contribute to the community in a much more meaningful way.
3. (This is a big one): “We’re past the purity debate.” In other words, who cares what is open source and what is not. Companies just need their software to work.

So: the economy sucks and open source rocks. Bring on the first keynote.

Not to put too fine a point on it, but opening keynote speaker Novell CEO Ron Hovsepian made the case that a shrinking GDP, cautious CFOs and general uncertainty translates into IT spending cuts of up to 10 percent. He then declared that “open source will be the largest beneficiary of this economic downturn.”

I had not yet finished my first cup of coffee and I was convinced that the world was ending, but for the saving grace of open source.

RedHat CEO Jim Whitehurst continued the theme in his afternoon keynote. Whitehurst was a speaker last year, and in his 2008 speech he pointed out that ill economic breezes were kicking up. This year, in so many words, he said I told you so and by the way, “This is a fantastic time for open source.” He said that tough economic times cause people to re-think strategies and that RedHat came into its own after the dot.com bust. It should be noted that the next day, RedHat released its quarterly results, which basically hit the ball out of the park.

Next up, a group panel moderated by Jim Zemlin of the Linux Foundation featured Whitehurst and a group of open source end-users including K.S. Bhaskar of Fidelity Information Services, Timothy Golden of Bank of America and Vinod Kutty of the Chicago Mercantile Exchange.

What struck me about this panel was its utter banality. And I mean that in a good way. Here were a bunch of people whose success depends on the effective use of technology basically saying things like, “It just has to work, and open source does.” And again, the consensus was that the economy has caused businesses to give open source a second look and isn’t that wonderful.

I was sitting next to the CEO of an open source company who leaned over to me and said that this panel was boring and that we all seem to be in agreement here. I responded that I thought that was a good thing. It seemed the time really has arrived for open source.

“I Had Some Dreams They Were Clouds in My Coffee.”

Clouds.

Did I mention “clouds”? No. Well, consider them mentioned. Cloud computing was another major thrust of many presentations. Hovespian made sure to get it in there. Sun Microsystems CEO Jonathan Schwartz (who at the time was up to his ponytail in IBM acquisition talks) kicked off his keynote by dismissing open source right from the top. “It’s a given,” he said. “The more interesting thing is what happens after open source.”

That would be…clouds. He mentioned the announcement a week earlier of (wait for it)… the Sun Cloud in his keynote that opened the second day. The “arc” of open source includes adoption by end users, then companies that can deliver commercial support and products to those who need it and are willing to pay for it. This is the “users versus customers” distinction and, according to Schwartz (and many other CEOs of open source companies), this makes open source the ultimate lead-gen channel.

Even the entertaining Robert Youngjohns, President of Microsoft North America, concluded his remarks by emphasizing Microsoft’s strong support for clouds. (But not before taking a couple of shots at open source. To paraphrase: Free is not necessarily cheaper and Does everybody really want to be in the software business?

He pointed out that Microsoft customers are not either/or types of businesses and as such, Microsoft is partnering with Linux software companies. Microsoft is “…making sure we support open source code, where it’s appropriate and where it’s applicable.” According to who? Microsoft? I’m not sure the good folks at Microsoft should be the arbiters of what is and is not appropriate on behalf of their customers. Maybe the customers should decide and demand that Microsoft go along.

Comment (0)

Is it coincidental that Oracle announced its planned purchase of Sun (and its MySQL) at the start of the open source database’s annual conference this week?

Probably not. Yet as many speculate about the proprietary database giant’s plans for its new open source asset, a new version of mySQL made its debut this week.

MySQL 5.4, which made its debut at the MySQL Conference & Expo in Santa Clara, Calif. on Tuesday, will offer significant performance and scalability enhancements, Sun said.

For instance, the open source databse’s InnoDB storage engine can now scale up to 16-way x86 servers and 64-way CMT servers. MySQL says application performance is 40 percent faster, due to subquery optimizations and new query algorithms that use main memory to speed up execution of multi-joins, the company also said.

A preview version 5.4 is available for download now on Sun’s web site for 64-bit versions of Linux and Solaris 10.

Still, availability is not imminent. Sun said a release date for 5.4 will be announced later this year. To me, this means it won’t actually hit the market until Q4 of 2009 or 2010.

Version 5.4 will be available on Red Hat and SUSE Linux, Windows, Mac OSX, FreeBSD, HP UX, IBM AIX and IBM i5/OS.

Provided the Oralce-Sun deal is approved, it will be interesting to see how Larry Ellison and co. plan to develop and support its namesake database software alongside the popular open source MySQL.

Comment (0)

Rails 2.3 is almost ready for release, but this package is so stock full of amazing new stuff that we’re making dutifully sure that everything works right before we call it official.

So please help us do thorough testing of this release candidate. Lots of the underpinnings changed. Especially the move to Rack. So we need solid testing and will probably have a slightly longer than average release candidate phase to account for that.

But boy will it be worth it. This is one of the most substantial upgrades to Rails in a very long time. A brief rundown of the top hitters:

• Templates: Allows your new skeleton Rails application to be built your way with your default stack of gems, configs, and more.
• Engines: Share reusable application pieces complete with routes that Just Work, models, view paths, and the works.
• Rack: Rails now runs on Rack which gives you access to all the middleware goodness.
• Metal: Write super fast pieces of optimized logic that routes around Action Controller.
• Nested forms: Deal with complex forms so much easier.

And that’s just the tip of the iceberg. We’ve put together a complete guide for the Rails 2.3 release notes with much more information.

You can install the release candidate with:

gem install rails --source http://gems.rubyonrails.org

Enjoy, report the bugs, and let’s get Rails 2.3 final out the door soon.

Comment (0)