Why will proprietary software will eventually die?

Last night I met with a friend of mine, Mr. Doron Ofek. For those of you not familiar with the Open Source market in Israel, Doron is the one person most affiliated with RedHat in Israel, as Doron championed the adaptation of RedHat Linux servers in various enterprises and government offices in Israel. Doron is currently heavily involved in the OpenMoko project and its adaptation and promotion in Israel.

We spent a great deal of time last night, talking about the various aspects of Open Source training in Israel – as both us provide various training services to this market sector. While I’m mostly focused on Asterisk Training, Doron is focused on Linux and XEN training. Both of us have some our training routes knee deep in Israel’s computer/IT training companies, namely Matrix, Hi-Tech College and John Bryce. We both talked about our discontent with their inability to promote and market Open Source training courses, simply because they have no idea what these are.

For example, while Hi-Tech college were incapable of signing up a single person for an Asterisk Bootcamp course, I had signed up 10 people to a my first bootcamp – without any marketing or sales budget, simply by putting out the word in the right places. Now, Hi-Tech college has a list of over 5000 people who studied Linux and other Open Source and networking subjects in their college – should have they been able to gather up at least 10 people as well (less then 0.5% of their entire customer base)? the answer is a definite yes, why were they unable to do so? simply because they have no idea what Asterisk is, how it can be marketed, how it can sold and how the customer should be approached.

Doron had indicated a similar issue with both John Bryce and Matrix – however, due to other reasons. However, Doron had managed to sell quite a few training courses for Linux on his own – without any help from the big boys – how did that happen? how is it possible that Doron and I succeeded where the other colleges had failed? how can that be? – then we both realized why eventually, proprietary software will die and the Open Source movement, over the course of time, will simply negate the presence of proprietary software – simply because Open Source people provide for better marketing strategies and methodologies.

Did we learn how to do marketing on school? are we marketing people by nature? the answer is NO – we learned how to market our belief in the Open Source initiative over the course of time. We championed Open Source in various enterprises, events, public speakings and other places. We were the “soap box” speaker at Hide Park’s Speakers Corner, we were that crazy man on the street screaming: “The world is coming to an end, repent!” (well, you know what I mean) – but all in all, as time progressed we learned how to market the Open Source initiative and our belief – the large enterprises are stuck in their own belief and stagnant marketing strategies and plans. As time progressed, the various “champions” left the large enterprises, simply because they got fed up with the wrongful methodology of these and followed their own path – and doing so with moderate success.

In my belief, as time will progress, the large enterprises will surely migrate to the Open Source, and I won’t be surprised if within a period of 5-6 years Microsoft will be shipping out a version of Windows that is based on the Linux Kernel – or another Open Source distibution methodology. Call me crazy, call me chaotic, call me a dreamer – but mark my words – this will happen.

Open Source has bad reputation in Israel!

The Open Source movement had been in existence since the 60’s, and we can surely find its roots somewhere along the hippie culture and movement. While Free-Love had transcended to Free-Code, or to be more exact – Free-Knowledge, the question of the sources for your Open Source is still questionable. Comparing it with the Sixties, it’s easy to compare the various “Free-Love” movements with the various “Open Source Paradigms” of today. While GPL, BSD, MPL, ZPL and others preach for Open Source adaptation – each one took a different path.

While the paths differ, but the end result is more or less the same, all suffer from a serious lack – a bad reputation. While in the early 2000, Open Source usually meant – highly stable, state of the art technology, increased ROI, lowered TCO and most importantly for many – COOL. Coming 2008, Open Source is starting to get a bad rep, due to the ever increasing simplicity of entering the Open Source world.

I started using Linux somewhere around 1994. My first Linux distribution was a Slackware, with a kernel of 1.0.28 – I needed 99 floppy disks in order to install the system, and it took me a few hours to do so. However, I can’t forget my amazement at seeing the X-Windows environment booting up, and more than that, being completely overwhelmed with the fact that I have a fully functional UNIX environment in my house, just like the one I had in my Army office. Now, I basically had no one to teach me this new environment, so, I had to take my UNIX skills (Solaris and AIX) and adopt to Slackware Linux – it took me a few weeks to get around, but I got around and stuck to it ever since.

Now, let’s jump 14 years forward in time. The year is 2008, a graphic based environment for Linux is no longer a myth and it is getting better and better by the day. People are starting to adopt Linux beyond the academic and the ISP market sectors, slowly integrating Linux based distributions (Mandriva, Ubutnu) on to their desktops and notebooks. Linux is become simple and appealing to everybody.

When something becomes easy to use, people make good use of it – a good example is the Asterisk project. Projects such as TrixBox (AKA: AsteriskAtHome), PBXinaFlash, AsteriskNOW and others had made Asterisk into a simple installation product, that can be installed and managed by any half-decent sysadmin. Problem is, while a half-decent sysadmin will do a fair job of maintaining the system, a shitty sysadmin will crap everything to hell. But hell, that is true for almost anything related to computers or technology – there’s nothing new here! Well, there is nothing new and everything is now new. People who were more or less selling shoes 3 years, then 2 years decided to sell ISP routers, then a year ago started selling IP phones, are now selling Asterisk based systems – using these distibutions, while having no idea what they are selling or promoting. For these people, Asterisk is nothing more beyond FreePBX – once encountering deeper issues, will simply abandon the customer – leaving the Open Source product with a bad rap with the, now disappointed, customer.

I want to believe that other places in the world are different, I want to believe that Israel will reach a point in time when this doesn’t happen – however, I guess that only time will tell and I surely hope this will change in Israel.

FBI Claims Asterisk is unsafe – what a load of bull

After seeing well too many movies about the US and after visiting the US for a few times, many people tend to disrespect the FBI in the USA. While I have much respect for most law enforcement agencies, wherever these are located in the world, I must admit, that the latest warning from the FBI regarding Asterisk borderlines pure hystria and complete misunderstanding of the actual issue.

On Dec 8th, the FBI had issued the following warning:

New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

http://www.ic3.gov/media/2008/081205-2.aspx

Now, after a full weekend of frenzy trying to understand the cryptic warning the IC3 had issues, it was gathered that it is referring to an old time bug, related to Asterisk distributions prior to 1.4.18. Being familiar with the particular bug and the exploitation method – I can say this: They surely have no idea what they are talking about!

The exploitation of the bug requires several pre-requirements:

  • A certain IAX2 configuration has to be deployed
  • A certain version of Asterisk must be used
  • A certain form of dialplan has to be existing
  • You Asterisk server needs to be available on the Internet

Now, even when these 4 are met, the exploitation isn’t all that simple and that straight forward. So, in other words, if you are not utilizing any of the above, you can rest assured that your system is fine. In any case, any system is as secured as the dumbest user (in our case developer/sysamdin) who uses it.

Sierra AirCard 880E and Mandriva Linux

As you probably already learned from a previous post, I’ve switched to Mandriva from my previous FedoraCore distro, running on my home PC and my old ThinkPad T42 notebook.

Recently, I’ve signed up with Cellcom, an Israeli cellular provider for data connection only. I’ve received a Sierra AirCard 880E, which installs easily on Windows and on MacOSX, however, Linux was a little tricky. While reading several sources around the internet, dealing mainly with some shell based scripts – Mandriva is different – simply requires a bit to know the Mandriva framework in order to get it working right.

Step 1: Know where your AirCard is

As the AirCard is inserted to the computer, Mandriva will automatically load the respected kernel module and will automatically assign the /dev/ttyUSB0 device to it.

Step 2: Mandriva Control Center

In the Mandriva control center, launch the network configuartion tool for creating a new connection. Here’s the trick, you need to create a “POTS” connection, not a 3G/EDGE connection. The reason is that the EDGE/3G functionality is maintained by the AirCard itself, Linux has nothing to do it.

Step 3: Configure your connection

I named my connection as Cellcom and setup the following as my dial-in number: *99# – this is very important. Select PAP/CHAP as your login type and set both the username and password to be “cellcom”.

From this point onwards, you should be just fine and up on the network in no time 🙂

Zip up, Slim down, let the heads roll…

Like most of the world, I’ve been following the recent market turmoil with a great burden on my shoulder. When you think about it, I’m not a stock broker, nor am I a multi-billionaire that has his funds invested in various stocks and bonds, that a single 0.1% shift in the NASDAQ translates to millions of dollars. I’m a software developer, a freelance one, dealing in the Open Source – and like anybody else, I’m worried about how this crisis immediately affects me.

Today, I came across two items, post on www.themarker.com – Israel’s topmost Internet based financial/business daily. The two items dealt with how three of the better known VC’s in Israel had started instructing their investees to start cutting down costs – mainly, firing people. The three VC’s that I’m talking about are: Carmel Ventures, Benchmark Israel and Sequoia Capital. You are probably wondering why is this interesting? the VC’s in the item had directly instructed their investees to cut down people, costs, operational costs, loose dead weight – in other words, find ways to reduce your costs. Sequoia even out did Carmel and Benchmark, by inviting the investees to a meeting called: “RIP: Good Times”!

Shortly after I finished reading the two items, I got a phone call from a friend working at one of Sequoia’s companies (a well known one in Israel) asking me if he can come work for me. I was surprised, this is the first time I’ve ever read something in the news, and was directly affected by it. As far as I gathered, his company basically took a team of 8 people and reduced it to 2. Now, I completely understand tightening up, but running an operation on a 25% man power is stupid! Running at 50% is manageable, but 25% is down right crazy. For 2 people to do the work of 8, they would need to eat, drink, sleep, live, do everything within the office – I know, I’ve been there. During the year 2003, m-Wise was more or less in the shit. In the year 2002 I had a team that consisted of another SysAdmin and 3 more support techs. In 2003 I was left alone, and I basically did everything myself! – how crazy is that. But again, I decided that I’m not going to have a life for a certain period of time – that is all, not everybody is willing to make that sacrifice.

Now, this case goes hand in hand with my previous post – the migration to Open Source technologies is no longer a myth or a “nice-to-have” issue, it is a matter of business continuity and good expense management. Think about it, the company that fired 75% of their team, could have easily replaced part of their server infrastructure from Windows to Linux, migrate their Oracle database to PostgreSQL and save thousands and thousands of dollars a year, and maybe even save a job or two in the process.

Now, here’s what I think (and I know for fact I’m gonna get slammed here): Hey, VC’s, stop telling the companies to let go people. Sure, get rid of dead weight – no one needs those M$ based shitty, money grabbing, time consuming, hardware intensive environment. Wouldn’t it be better to not pay M$ a few ten’s of thousands of dollars a year, and maybe save a man’s job, or maybe even 2? M$ has enough money of their own, all you are doing is making sure they keep on making money, while the rest are fighting for their lives. Why don’t the VC’s hire Open Source consultants, to help them examine their investees and maybe, just maybe, they will find ways to invest their funds in a wiser way and help these companies to survive the current financial turmoil.