Open for Business

Friday, January 20, 2006

Orbeon delivers an amazing mix of AJAX and XForms

Just wanted to congratulate the Orbeon crew for putting out the 3rd major release of the LGPL-licensed Orbeon PresentationServer. OPS 3.0 features an AJAX-based XForms engine. The new engine brings responsive XForms user interfaces to mainstream web browsers without the need for plug-ins.

It’s all open source and available from ObjectWeb at:

Examples and documentation for OPS are available online:

Talking about ObjectWeb, Erik Bruchez (Orbeon’s Chief Architect) will give a talk about XForms at ObjectWebCon '06 in Paris on January 31. The talk will mainly consist of a live XForms tutorial built on top of OPS 3.0, with the goal of showing the audience that using the right platform, XForms is really cool and productive and can be used on mainstream browsers without plug-ins (if you use platforms like OPS 3.0).

I will also present at the same conference, come say hi if you’re around (see you there Erik):

Thursday, January 19, 2006

Oracle and NetBeans

Following the Sun-Oracle town hall meeting last week at Oracle headquarters where Larry and Scott made a few exciting announcements, I started getting questions about Oracle's position vis-a-vis NetBeans. The reason is that Scott (and later Jonathan Schwartz on his blog) mentioned some kind Oracle "adoption and endorsement" of NetBeans.

Oracle's IDE strategy is very clear, Thomas Kurian's interview on OTN earlier this week doesn't leave much room for interpretation and at the moment Oracle's tools strategy is limited to JDeveloper and Eclipse. Here is the statement from Thomas, Oracle's Senior Vice President for Oracle Fusion Middleware:

"At Oracle, we have our own development tool, Oracle JDeveloper, which is available for free download. Our new version, JDeveloper 10
g Release 3, has an extensive list of new features and is the single biggest release we have ever done of the product…

...Because we are committed to providing developers with choice, we are also taking a leadership role within the Eclipse community. We are currently leading three different groups within the Eclipse Foundation for Java and BPEL technologies, and we are actively involved in integrating our Fusion Middleware products with Eclipse. Oracle is focused on JDeveloper and Eclipse. We certainly think Sun's NetBeans initiative is important in the marketplace, and we're watching it very closely. But as of right now, Oracle is focused on JDeveloper and Eclipse and we have no plans to adopt either NetBeans or any of its technology. Any statements to the contrary by anyone else in the industry are not true."

Tuesday, January 17, 2006

Is open source software more vulnerable?

Do you think that more eye balls looking at open source projects make all bugs shallow or quite the contrary that some of these eye balls looking at the code could be malicious and take advantage of the exposed code to attack your open source based systems?

Linus Torvalds, the creator of Linux, stated: "given enough eyeballs, all bugs are shallow". More formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone." by Eric S. Raymond in his essay The Cathedral and the Bazaar.

Apparently The U.S. government's Department of Homeland Security thinks otherwise. It is investing in an ambitious 3 year project aiming at improving reliability and security of widely deployed open source projects. In late 2004 the San Francisco based auditing software company Coverity found that the Linux kernel had far fewer security vulnerabilities than a typical commercial software package. According to this article, this same company was selected for this project along with engineers from Stanford and anti-virus vendor Symantec to pinpoint and fix dangerous vulnerabilities (such as buffer overflows and memory allocation bugs) in widely used open source projects such as Linux, Apache, Mozilla and Sendmail.

Can't wait to see the results of this project will confirm Linus' law or not. In my opinion, there is no general rule in this case. Open source is not safer nor is it more vulnerable than commercial software. It really depends on what we are comparing. An open source project is going to be more or less reliable based on its popularity (nobody was interested in attacking Firefox until it became successful) the governance behind it, the size of the community (the more the better)...