Friday, January 26, 2007

Open Source Security

According to an article in the Oregonian on Tuesday, January 23, 2007, written by Mike Rogoway, the merger between the Free Standards Group in San Francisco with the Beaverton-based Open Source Development Laboratory marks a major milestone for the Linux operating system.

The new organization, dubbed "The Linux Foundation", will face some difficult challenges. The article briefly mentions standards between different Linux distributions as one possible challenge and patent infringement alleged by Microsoft. However, one particular issue that the article did not address is security.

Last night, I attended a BarCampPortland meeting. I met several interesting and extremely successful people, including Sioux Fleming, who is a computer security specialist. She said something that made me think about future security issues in Linux. There seems to be a lot of hesitation for businesses to switch to Linux because it is open source; naturally, this means that a hacker who wants to exploit a security vulnerability could simply look at the source code and determine how to exploit the system.

However, Sioux stepped up to defend open source by using Microsoft security as an example. She said that Microsoft constantly issues patches to plug holes in Windows security, yet hackers are still able to exploit and find new holes. Now, I'm no security expert and don't know the details of how this works, but it seems that Linux has a lot less issues in terms of security vulnerabilities, yet unlike Windows, the source code is easily available for anyone to examine. Personally, I don't know anyone who has had to completely reinstall his or her Linux system as a result of a security vulnerabilty, but I have personally reinstalled several Windows systems as a result of trojans, worms, and other security related disasters.

One of the possible reasons for Windows users being the target of more security threats than Linux users is that -- in terms of desktop computers -- there are more Windows users than there are Linux users. Therefore, if Linux does begin to gain a significant market share in the desktop PC market, what should we expect to see in terms of security as Linux users? Will we see more security exploits in Linux? Will I end up helping someone recover lost data on his or her Linux box?

Of course, Linux and UNIX-based platforms are still used primarily as servers in many businesses, yet the uptimes for these servers are significantly higher than for Windows servers. From looking at the past-performance of the Linux operating system, can we assume that it will still perform as well in the future?

These are questions that will be answered as the Linux operating system and open source gains more market share.

Wednesday, January 24, 2007

Demonstrating the Strengths of Open Source

I've recently relocated from the mid west to Portland, Oregon. I was recently awarded my Bachelor of Science in Computer Science from the University of Wyoming and am very excited about starting my career. You can view my resume here.

Since I'm currently unemployed, I volunteer at Free Geek, a non-profit organization that recycles and refurbishes old computer equipment. Equipment that is outdated and useless is marked for recycling, which eliminates tons of waste products that end up in dumpsters every year. For equipment that can be refurbished, it is given a new lease on life!

As a volunteer, I had the choice of choosing between two different programs: Adoption or the Build Program. A volunteer who chooses the Adoption program will receive a refurbished computer, known as a FreekBox, in exchange for 24 hours of volunteer service! A volunteer who wishes to learn how to build computers, such as myself, is provided with the necessary training to do so. In exchange for this training, Free Geek asks that each build-program volunteer assemble at least six computers, one of which the volunteer can adopt.

Of course, if you give a computer away to the public, there are certain legal issues that first must be dealt with. For instance, operating system software will have to be pre-installed. Since Microsoft has very strict licensing rules regarding their Windows operating system, the solution was to simply install Ubuntu, a user-friendly Linux distribution based on Debian. Ubuntu, as many FreekBox owners can attest to, is loaded with many top-notch applications, including OpenOffice, Mozilla Firefox, and many other free, open source applications. Therefore, adopters are able to get started with their new PC right out of the box and without spending a dime.

In many cases, providing a solution to one problem can lead to a question regarding how to circumvent another problem. For instance, there are more Windows users than there are Linux users. Typically, new computer users run Windows XP, and when they have problems with their PC's, they generally seek the help of their more technically-savvy family members or friends. For a new computer user running Ubuntu, finding assistance can be a bit more daunting. To address this problem, Free Geek provides one year of technical support absolutely free. On Tuesday, Wednesday, and Saturday, a volunteer can either bring his or her computer into Free Geek or call the local support number and the issue can be resolved.

Free Geek has become a well-known contributor to the community by providing computer hardware grants to other non-profit organizations, education to its volunteers, and open source software solutions to non-profits that can't afford expensive licensing fees. As a result, more of the community is educated on the benefits of open source software. Free Geek has demonstrated that Linux, although still the little fish in the sea, has the potential to lower both hardware and software costs for any business entity or individual who is willing to explore this alternative!

From time to time, I will compose articles related to potential open source opportunities that may exist in hopes of motivating others to explore the potential of open source and how it can benefit the home user, small to medium sized business, or non-profit organization.

I welcome your comments and opinions!

James Mortensen
Google