Information freedom for open source users.

Fiberlink Communications thinks it can cut patch management costs for IT departments with a new cloud-based service.

The MaaS360 Patch Management from the Cloud Service uses a small software client to look for corrupted or old software patches on desktops, laptops, and some mobile phones. But instead of reporting the data to a console, as in a traditional patch management system, the client sends the data to Fiberlink’s cloud.

IBM today announced a host of offerings geared toward bolstering the security of the new generation of applications and services that fit into interconnected,

If you think “cloud networks” and “cloud services” are just buzzwords or another set of technologies destined for extinction, think again: The cloud is here to stay. In the future, your company will subscribe to one or more cloud products — if it hasn’t already.

Novell and Verizon have teamed up to offer cloud-based identity and access management to help companies outsource their applications to the cloud. The companies claim that the move will expedite cloud computing without compromising security.

While it’s been obvious to me for a long time, those moving to the cloud are coming to grips with the fact that the most considerable threat to cloud computing security is not from hackers sitting thousands of miles away, it’s from the people in the office next door. This article on Bnet agrees:

Recent security problems with Google’s cloud offerings have sparked a flood of questions about whether or not cloud services are ready for prime time. Are they sophisticated enough to handle the world’s mission-critical applications reliably and securely? In my view, the answer is a resounding yes. Choosing one or more cloud service could, in fact, reduce expense and security risks for the average company.

When the next version of Ubuntu LTS (Long Term Support) ships tomorrow there will be hundreds of open source applications ready for it, Canonical has announced.

LTS versions of the software ship every two years and are often aimed at software developers. A full list of companies supporting the new release is available here. In keeping with the company’s habit of alliteration the new version is known as Lucid Lynx.

In addition to claiming leadership with open source desktops, Canonical’s aim with the new release is to make it more attractive to proprietary solutions. Adobe, IBM, and VMWare are mentioned specifically in the release.

As always, we at ZDNet are all over this. Sam Diaz notes the software will have new features supporting clouds. Adrian Kingsley-Hughes is asking if the new software will lure the social crowd.

I’m most interested in ease of installation for the full stack.

I have a dream (a wonderful dream) that users could go to a single page, select the applications they want added to their distro from a menu, then download a custom stick through BitTorrent they might plug in to unbrick their box.

Gaining support for such a solution from small resellers would be swell. It would be great if an Indian entrepreneur can get some used hardware, take orders, load a stick, test the results and deliver it to customers. He’d have the whole world on a plate.

Maybe starting here, starting now, everything’s coming up roses.

“One of the main issues people have with cloud computing is security. Four in five online Americans (81 percent) agree that they are concerned about securing the service. Only one-quarter (25 percent) say they would trust this service for files with personal information, while three in five (62 percent) would not. Over half (58 perent) disagree with the concept that files stored online are safer than files stored locally on a hard drive and 57 percent of online Americans would not trust that their files are safe online.”

Thanks for proving my fears well founded, McAfee.

A while ago, I wrote a piece about not trusting the cloud for a variety of reasons, predominately security and the potential for a third party to ruin my company whether it meant to or not. McAfee’s massive blunder last week provided a case in point for that argument.

The gauntlet has been laid down.

Former mySQL architect Brian Aker keynoted the mySQL Con in Santa Clara this week and pushed Drizzle, a mySQL fork he hopes to build a company around by the time of June’s OSCON in Portland.

Described as “an open source microkernel DBMS for high performance scale-out applications,” Drizzle will be seeking enterprise customers who depend on scaled mySQL but share Aker’s distrust of Oracle.

Think of it as a software version of the Tea Party. In this case, Aker has to turn anti-Oracle anger into the help needed to support things like 64-bit systems and solid state drives, built on C++, and with enough enterprise support contracts to move forward.

It won’t be easy.

Like any fork Drizzle starts from nothing. No money, no infrastructure, no paid staff, and no sales talent. Just code and raw anger.

This fork was actually launched two years ago, while Aker was at mySQL, and was then described as “an optimized and trimmed down” version of the database. Later in 2008 it was described as a complete re-think of mySQL aimed at clouds running MapReduce.

Between now and OSCON Aker has to figure out exactly who his target customers are, based not on what his developers want to do but on what companies willing to run the risk of dumping mySQL demand. It’s the difference between a fun sideline and something you need to make a living from.

I wonder how many current mySQL customers are willing to depend upon an unproven database, no matter its political bonafides. Before anyone writes support checks Aker needs to prove he can make good on some promises.

Having just a vision’s no solution, everything depends on execution.

When Eric Raymond tells me he smells smoke, I go for my fire gear. When Pamela Jones of Groklaw says “j’accuse,” I tend to believe her.

When the two are standing on opposite sides of an important issue, getting all red in the face at one another, I come running.

So it is with the dispute over TurboHercules, which seeks to monetize an IBM mainframe emulator, and IBM, which has claimed foul.

Jones got into this with a long Groklaw post that has 11 updates (so far) acting as exhibits. It’s the fiercest debate there since the end of the Novell case, which is to say in about two weeks.

A summary is that TurboHercules started this mess, that IBM has not even filed a case, and that it looks like a shakedown by Hercules’ Roger Bowler and Jay Maynard. (Raymond credits Maynard with bringing him into the case.)

TurboHercules’ friends fired back. IBM loved Hercules until its founders made a business of it, TurboHercules has not filed a case against IBM, and Raymond, who is currently hosting the Hercules manuals due to bandwidth demands on them, does not live on Shakedown Street.

(I know this dates me, but I wore the grooves off this Grateful Dead album back in the late 1970s. It was produced by Lowell George of Little Feat, whose musical voice I still miss terribly. Picture from Amazon.com, which makes a market in used copies of it.)

This was followed by the usual back-and-forth. Jones was called an IBM shill. Hercules was called a Microsoft front and compared with Psystar, which tried to make Mac clones before it was stopped.

Jay Maynard himself entered the fray. He said he and Bowler had done this as a labor of love, but they needed cash now. He said he was fighting an absolute monopoly, and the plain language of IBM’s pledge to open source was legally enforceable.

Here is what I think:

1. Emulators are a good thing. They can act as development platforms that don’t put expensive resources at risk. They can be used to test error conditions. In time mainframes, too, will go into the clouds, and IBM will want emulation to lead them there.
2. An emulator is not a mainframe replacement. A mainframe is hardware geared toward high-volume, accurate transaction processing — air reservation systems, credit card processing, big government management work. Hercules is not a threat to IBM’s monopoly.
3. Conspiracies usually don’t exist. What seems like a conspiracy is usually a collection of accidents, people walking blindly in a virtual room and bumping into things. All parties to this dispute appear honorable.

Yes, Florian Mueller is a troublemaker. So is Pamela Jones. So is Eric Raymond. So am I, and so are you when you get riled, as talkbacks here will attest. Being a troublemaker is not a bad thing.

On the other hand, I don’t think IBM has broken its pledge, but as I said yesterday I do think it has been amended, and that it’s not a suicide pact.

It’s evident that Hercules took a lot of time to write. It’s valuable stuff. Its value to IBM is proven from its 10 year history as an open source project.

IBM needs to contrast the cost of “making an example” of Bowler and Maynard with the value in making nice. Hire the two men, take the copyright for a fee smaller than a lawyers’ dinner in a Paris restaurant, and create the value in Hercules you want your customers to have, at a price you control.

That’s what I’d do, anyway.

NOTE: For those who might think the album cover accuses anyone of anything, the main lyric. “Love is shaking on Shakedown Street. Used to be the heart of town. Don’t tell me this town ain’t got no heart. Just got to look around.”

When Marten Mickos took over at Eucalyptus everyone understood he would bring a strategy with him.

(Here, from Between the Lines, is Mickos peering out at a Sun press conference looking for the idiot reporter who can’t spell his name right. Mickos, Mickos, Mickos.)

The first hint on that strategy came out today, a technical arrangement with Groundwork to combine Eucalyptus cloud software with Groundwork monitoring.

Eucalyptus, for those who don’t know, is fully compatible with Amazon’s AWS cloud. Its Enterprise Edition supports VMWare emulation.

One concrete result is a Groundwork Monitor Enterprise Cloud program, for which the company is now recruiting beta testers. A less-concrete result is speculation that the two companies will come up with their own cloud stack.

Speculation is a good thing. Having people talking about your company means they will recognize you when you come calling.

Clouds still represent a risk for many enterprises, and part of Mickos’ charge is to reduce that perceived risk. So regardless of what it means strategically, bringing in a monitoring solution for privately-owned clouds running Eucalyptus is a very good thing for customers.

Now let’s see what he does next.

Just what we need, another vendor-led “free” cloud alliance.

This latest is a collection of open source vendors from around the world — France, Japan and Brazil (along with Mandriva Nexedi, and TioLive of the U.S.) organized as the Free Cloud Alliance with the idea of selling an open source cloud stack.

Sigh.

Seen this movie before? I have, and so has Larry Dignan.

Fact is it’s not vendors who need to ally in order to assure open source and interoperable clouds. It’s customers. Rather than following the siren songs of any vendors, customers need to get together, share war stories, and come up with their own list of demands, then enforce them with their money.

It’s the disorganization of cloud customers that is the biggest danger to open standards in the cloud. Most are scaled enterprises, and thus don’t think they need to talk with folks who might be competitors. But they do.

Customers know that, at the end of the day, openness is what they want. They know this because they want to be open to leave their cloud vendor and take their stuff to another one without tearing everything apart.

Vendors can’t really represent this idea. They are on the wrong side of the table for that.

Many, many years ago user groups and user societies were a powerful force in computing. Folks got together to see the latest stuff, and freely debated its merits among themselves.

That’s what clouds need most right now. An enterprise-led user group. You can start it online, then meet over drinks, then start scaling it up. Do it informally, without a press release, until you have a program you want others to see.

But do it.

Google is adding two features to its Google Message Security, a hosted service for monitoring and managing email systems that filters message content based on pre-established policies and protects against spam, viruses, and other threats.

The Digital Due Process coalition is pushing Congress to modernize privacy laws in the United States.

Every turn of the technology screw brings with it a clean sheet if paper on which vendors try to write their ambitions.

Each turn also brings with it a new opportunity for customers to bend those standards to their will. And their will is always the same. They want more, they want it cheaper, and they want the chance to switch vendors.

Clouds are the first major new paradigm to emerge since the open source era began, and thus customers have new ammunition for the battle.

Is open source an ally in that fight? Depends on what you mean by ally.

Red Hat has a powerful new virtualization engine, but it runs under KVM. Does that make it non-standard? It does if you’ve built your cloud strategy on a different hypervisor.

It’s true that open source does not have to mean compatible or even interoperable. There are plenty of proprietary companies, starting with Microsoft and Oracle, that are working hard to make this true.

Point is customers don’t have to knuckle under to these vendor strategies. They can demand openness as their price for entering a cloud, leasing one, or building one. This is a demand they have to enforce with their dollars. Or Euros. Or whatever.

The proprietary companies have learned how to live in this world, however. First they promise interoperability. Then they play the old political trick of claiming open and closed are two sides of the same code, equivalent, a choice that customers must make.

No, you can’t, they say. At which point customers have to say yes, we can.

These are what folks now call “c-level” discussions, the kind that large and mid-sized companies have at the top of the corporate tower. And it’s important, when you’re at the top of the tower, that you not get lost in the weeds, that you not let your short-term desire to get it done and get it for less cloud your judgement.

Once you drop that market demand for openness, for standards, and for true interoperability you won’t get another for many years.

Use your power wisely.

Four  years on from its acquisition you can argue that Red Hat overpaid for JBOSS, the open source Java middleware company. You can argue they took a while to capitalize on the acquisition.

But you can’t argue that they haven’t done right by the software, or that they haven’t made JBOSS an integral part of Red Hat.

The company has announced an online seminar covering JBOSS and the future of middleware for April 13, the same day as it announced new SOA and developer tools for JBOSS aimed at making it more useful in clouds.

All this was done at EclipseCon, a small education-oriented event being held in Santa Clara. There was no flash, no glamour, and no celebrity. Just simple descriptions of new computing tools for an audience of programmers.

EclipseCon is all about the professional developer. A highlight today is a talk on “how to say no” to unreasonable demands by executives. At the show JBOSS is a top-line sponsor, its name above those of IBM, Intel and Cisco. The addition “by Red Hat” is in small letters below the JBOSS name (above).

Because Red Hat doesn’t bang the big drum, and because it doesn’t hang out in Silicon Valley, there is a tendency to underestimate it. This was not where JBOSS was headed before it was acquired — as a start-up it had a more flamboyant personality.

But that personality is about all that’s been removed from the company. And people don’t pay support contracts for personality. They pay for professional services. Which JBOSS and Red Hat deliver.

All this makes for a fairly boring blog post, which is unlikely to get much traffic or talkbacks. That’s a shame, because in following the flash rather than the substance I think some readers do themselves a disservice.

Fortunately Red Hat and JBOSS don’t mind a bit.

When mySQL co-founders Monty Widenius and Marten Mickos forked, it was Monty who made the early headlines with his opposition to the Oracle acquisition of Sun.

(Mickos is shown here in happier times, celebrating mySQL’s purchase of Sun with Jonathan Schwartz. Mickos is on the left, looking like the executive on casual Friday, while Schwartz is the kid who just came off a tennis court.)

Of the two it was Mickos who got the Wall Street cred, probably because he wanted it. Getting someone to pay $1 billion for an open source project, as Sun did for mySQL, will make anyone take notice. He quickly took a perch as entrepreneur in residence at Benchmark Capital.

So it’s no surprise he landed at one of Benchmark’s investments. He has been recruited to be the new CEO of Eucalyptus Systems, the cloud software project that emerged from UC Santa Barbara.

Mickos shoved aside Woody Rollins as CEO. Rollins didn’t jump ship, however. He took the post of chief financial officer.

None of this should surprise anyone. Talent is scarce, and strategic talent is scarcer in open source than hens’ teeth. Mickos has proven he has it, plus a strong dose of realism. His willingness to push back against Widenius’ objections to the Sun-Oracle deal did him no harm on Sand Hill Road.

Now let’s see what he’s got.

The old computing vision of client and server is being replaced by one of device and cloud.

(The picture is a greatly-reduced image from Smoothspan, which wrote about cloud keiretsu back in 2008.)

It is easy to tell if a device is open or closed. If you don’t know right away the media will tell you. The iPhone is closed. The Android is open. We can debate how open and how closed all day. That’s what journalists do.

But clouds? Right now the only really active business cloud is Amazon’s. You can make it pretty open. You can install Linux on it.

The idea of the cloud, however, was to make questions about open and closed irrelevant through virtualization. When it comes to the cloud, open includes the power to run closed.

IBM is big into clouds, more as a mainframe replacement than a service, and while its clouds grok open source, they still make a choice. They run Red Hat’s version of KVM virtualization. Dave Rosenberg says they will also support VMWare, but it’s clear that they align with Red Hat.

But is that all that matters? Matt Asay says whether your sync is open matters more than your cloud’s virtualization scheme. Cloud support for open sync systems like Funambol is what counts to him.

You start to see the problem. How can we demand an open cloud if we don’t know what open means? That’s why Microsoft can claim its cloud is open. Because it’s interoperable with open source. Microsoft has always defined open in terms of interoperability.

We have come a long way from last year’s debate over an Open Cloud Manifesto. We have come a long way in terms of the market. We have traveled less distance in terms of the debate.

Until open source advocates agree on what open means in terms of the cloud, clouds will evolve in ways that give lip service to open as an ideal, but still enforce vendor lock-in.

So what makes a cloud open to you?

McAfee Tuesday announced a vulnerability-assessment scanning service that’s aimed at giving cloud computing service providers a way to provide security assurances to their customers.