News
What’s Going On With Red Hat Desktop Systems? An Update
Red Hat is well known as a supplier of server systems, so the latest developments with our desktop products and technologies sometimes find themselves in the shade. It’s time for an update on the current state of the desktop at Red Hat.
Read more
The iPhone SDK and free software: not a match
Apple's recently released a software development kit (SDK) for the iPhone, but if you were hoping to port or develop original open source software with it, the news isn't good. Code signing and nondisclosure conditions make free software a no-go.
Read more
Just announced: MySQL to launch new features only in MySQL Enterprise
MySQL will start offering some features (specifically ones related to online backups) only in MySQL Enterprise. This represents a substantive change to their development model — previously they have been developing features in both MySQL Community and MySQL Enterprise. However, with a shift to offering some features only in MySQL Enterprise, this means a shift to development of those features occurring (and thus code being tested) only in MySQL Enterprise.
Read more
Exclusive: Google App Engine ported to Amazon's EC2
One of the biggest criticisms of Google's App Engine have been cries of lock-in, that the applications developed for the platform won't be portable to any other service. This morning, Chris Anderson, the Portland-based cofounder of the Grabb.it MP3 blog service, just released AppDrop — an elegant hack proving that's not true.
Read more
Sun Tackles Video Codec
Looking to boost the Web, Sun is working on a royalty-free and open video codec and media system, company officials said Thursday afternoon.
Read more
Harvard starts teaching open source
It's about time that United States elite academic institutions finally got around to not only using open-source software, but also teaching it. In the April 2008 edition of Harvard Business Review, Harvard gives its MBA students a taste of the decision facing every company that leverages technology as part of its business (namely, everyone):
Should I embrace or fight open source?
Read more
Google shares its security secrets
Google is offering security professionals a look into its security systems..
Read more
Microsoft gets a new open-source chief
Sam Ramji just got a promotion: Sam will now be running Microsoft's worldwide open-source and Linux team (roughly 120 people and counting).
Read more
Google gives Web developers a leg up with App Engine
Looks to make it easier for more people to get started developing, and to scale their apps.
Read more
Red Hat Asks Federal Court To Limit Patents On Software
Today, Red Hat took a public stand challenging the standards for patenting software
Read more
Google shares its security secrets
Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained to attendees at the RSA conference how the company handles constant pressure and scrutiny from attackers.
"Google is a very very high-value target," Petry noted.
"If you have bad intentions and want to get a reputation, hacking Google is the best way to get credibility on the streets."
In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value'. The programme includes mandatory security training for developers, a set of in-house security libraries, and code reviews both by Google developers and outside security researchers.
"The most important thing that our security team does is educate," Petry explained.
"Educating people is the most important thing a security professional can do. "
Petry contended that in an age where both users and companies are increasingly relying on outside services and applications, it is becoming nearly impossible to fully lock-down a company.
"IT is largely fighting yesterday's battle," he said, in reference to the policy of trying to restrict all user access.
"Start saying okay, if these things are going to happen, do an assessment to try and bound the risk."
Petry noted that in addition to educating its employees, the company also implements software 'guard rails', which warn users when potentially risky actions are taken and later logs them for administrators to archive.
For software developers, Petry also suggested taking a 'neighbourhood watch', approach to vulnerability disclosure. For Google, this means sharing more information with researchers and trusting them to do the right thing with their discoveries.
"If you find a vulnerability, we ask that you share it with us. If you share it with us, we will respond to you with a time we will fix that hole," explained Petry.
"If we do so, that is our responsible response, please don't disclose [the vulnerability]."
That philosophy, combined with a policy of crediting all researchers who report flaws, has been very successful for Google, said Petry.