January 28, 2008

Android and Qtopia

As you might know, Nokia has just acquired Trolltech. You might know about Trolltech for that little thing called QT, powering KDE, Skype and many other apps . What's there for Nokia?
The easy answer could be Qtopia, Trolltech's framework for cellular phones. Checking on the Open Handset Alliance web page you will notice Nokia is not part of the "alliance". They already own half of Symbian, now Trolltech. What we will have here is, very likely, a strong competition in the OpenSource phone market. We have Android, Qtopia and - maybe - the little OpenMoko. With Windows Mobile 7 just round the corner it seems 2008 will be a very interesting year in the smartphone market, and we're not speaking about that tightly-closed and developer-unfriendly phone you all know about.
We'll see how Nokia will manage its new platform: beating Google on community support is not an easy task.

January 22, 2008

Oh, and about Apple

I know most of you are thinking about a Mac. No really, maybe not an Air, but definitely a Mac.
Because it's cool, because OsX is the best OS out there.

Well, there might be something you're missing. Something you're badly oversighting. You're moving to the next level of Hell: you're leaving Microsoft (I really don't think you are leaving Linux) for a company which manages to be even more "evil" than Microsoft.

I'm speaking about Apple patching OpenSource inspection tools so they cannot operate on Apple's software. Take dtrace and gdb for instance. They won't work with iTunes. What's more, their patch and protection is easy to bypass, even lame. Why should apple do that? Maybe ISV, maybe patents, we can't know for sure.

I'll let Adadm Leventhal "speak".

Which started me thinking... did they? Surely not. They wouldn't disable DTrace for certain applications.

But that's exactly what Apple's done with their DTrace implementation. The notion of true systemic tracing was a bit too egalitarian for their classist sensibilities

It's all about you. Think where your use of a Mac will take you in a couple of years - remember: web is the next platform - and that's it.

Web Application Firewalls

Ivan Ristic, the principal author of mod-security, just published an article about application firewalls. His thesis: this is the right year for web application firewalls... like modsecurity.

I agree with most of his analysis - webapp firewalls are really a must nowadays: web application protection is "the next big thing". But yet, I don't think misuse based application firewalls are the right answer. They need very high skills to be tuned and configured, and at the moment they don't deliver enough value for the effort required.

While a fine tuned-modsecurity can improve the security of any webapplication, the problem is that a whitelist approach is often unfeasible in complex environments and a blacklist is utterly uneffective against tricky or unknown attacks. The usual problems of signature/behaviour based IDSes.

So what? What we need is the holy grail of intrusion detection: an anomaly based web intrusion detection system. Impossible? Maybe. Necessary? For sure.

January 19, 2008

Robots lie. What about software ethics?

In a recent article Discover reports that in an experiment with genetic code and robots researchers from the Lausanne university were able to produce robots with the ability to lie. The robots, having to cope with a "food or poison" question, were able to signal poison as food to their "brothers" and the "eat" the real food while the other robots were poisoned.
While the article is missing technical details and the paper isn't available on Dario Floreano website we can easily guess that it's all about the fitness function. A fitness function is (citing wikipedia) a particular type of objective function that quantifies the optimality of a solution.

The way we choose to measure fitness will decide how an individual in a genetic algorithm behave. It might be The Selfish Gene, or not. It's up to the fitness function. In the same experiment scientists found heroes, embracing sacrifice to save the other robots.

Why is this so interesting? Because we are going to see more and more genetic software in the enterprise, expecially in decision support systems. What we choose as a fitness function will reflect in the output: will they fire someone or hire more women?
Software is going to be lesser "objective" in the future. Complexity is a factor: nowaday we can't tell "why" a Neural Network works the way it does - we can understand the output, but we can't really be sure.
We'll have to rethink about the way we interact with software and understand it. Maybe we should start thinking about ethics, not the Asimov way but in a new, business oriented, way?

January 17, 2008

Security by design

Tao security published, some day ago, an article about Defensible Network Architecture 2.0.
The main idea of the article is to start monitoring, getting a deeper understanding of a network or a complex system and then proceed to securing it. While I think the article itself is very insightful, there's something I must note: there is no Design. That's something happening more and more in the real world: the absence of design. Networks start small, they grow bigger and bigger as months pass and no one got a clue of what's happening. I'm not speaking about single hosts, firewall configurations or so on: I'm speaking about the role of IT in the organization.

If you want to claim the infrastructure, one can say, you have to understand how it works. I disagree. You need the why before the how.
If you want a real governance - and security demands such a governance - you don't have to monitor what's already there and then start thinking about security. You have to think: what kind of services does my business need? What's really important, and what's not? Only when you have such a knowledge of the purpose of IT in your organization, you can start monitoring, inventoring and controlling.Designing!

We need to get back design: complex infrastructures are simply getting out of control without proper guidance, and there's no such thing as a "quick solution".

January 12, 2008

WPF in the enterprise

I started something has an interesting post about the use of "Sexy GUI" in enterprise software, referring to lawson's smart client. It's an enterprise application with a cool design, based on Windows Presentantion Foundation. While I agree with the idea that a well designed GUI is not only an improvement, but a must have today, I think there's a big mistake here.

The world is going towards a web-centric environment, leveraging on servers and taking advantage of operating system indipendant software. It's not a matter of vendors anymore, it's something about technology: one doesn't have to be a Linux advocate to understand that there is no sense in developing a "WindowsWhatever-Bound" application... if there is no need to do so.
If you don't have to interact with local hardware, there is no good reason not to use webapps anymore.

And you can have far better graphics with far less work.

January 10, 2008

Openmeeting: an opensource breeze clone

The author of this little marvel won't be pleased by the title of this post, but that's what we have here: a fully open source breeze-like conference software. After a brief test, I can only say it's impressive.
Based on the Red5 streaming server, it can be easily deployed in an opensource environment: from what I can see, it's nothing short from a fully functional conference server.
You can find a live demo and full download of OpenMeeting here.

January 09, 2008

Jook and social music

I've discussed before about crossing the boundaries between internet social network and the real world. Jook is another attempt at it.
Imagine last.fm in the metro, or at a station, complete with broadcasting, profiles and feedbacks. That's jook.
Jook itself is a protocol specification (I won't discuss security... for now) to be implemented by hardware vendors: the final product could be a small gadget to be connected to an IPod, Zune or similar device.
People with Jook can listen to what the other user is listening to, provide feedback, access profiles and so on. It is going to be a great tool for small bands, marketers (how long before the first ads, if it manages to reach the critical mass?) music lovers and, why not, researchers. Memes never had such a way to spread before.

How long before the first RealLife/SocialNetwork gateway gadget is produced?

GNOME on cellphone

As a follow up of my previous article on opensource hardware, an interesting news. OpenMoko has just announced FreeRunner, its new Linux-based cellphone.
It will be aimed at the general market (while the Neo was more developer oriented) and has very interesting features. Oh, and there's no need for unjail software.
While I am not sure there's still space for a linux based device with Android around, having a Linux powered device is still very interesting.

January 06, 2008

Neuros OSD and Open Hardware

The New York Times has an interesting article about Neuros OSD. The point here is that the general public is getting more and more interested in the whole "open" world. We have to rethink the way we relate with devices: being part of the open world will be a must in the next couple of years.
Think about it, next time you buy a gadget.

January 04, 2008

Enterprise Social Computing in 2008

The FastForward Blog just published a nice article about the use of social networks in the enterprise, something I already wrote about in a previous post. While I agree with part of the article - I am expecting Sharepoint and its ecosystem to skyrocket in 2008 too - I'm more optimistic about the adoption of social networks.

I think no project can start without the need to solve a business problem, thus social networks will be implemented for a reason.
Cross selling or team building are good candidates, but it's likely that early adopters will want to target specific business problems, as Armstron says. I don't think we are going to see any "Facebook for the enterprise" implementation at all.

As for delivering value, it's all about perspective.In my opinion a social network won't do any good for the efficiency of a process. A social network can, on the long run, give you a significant boost on effectiveness: anyway, it will not be possibile to measure benefits but after months, if not years.

It's a big bet, but I'm pretty sure companies who are "all about people" (consulting firms, for one) will seriously start thinking about social networks in 2008.