I have been using Google 411 for quite a while now and I've been wondering if the 10 second ad they play is enough to pay for the service.   Well, I found out today why Google really made Google 411 - they want to collect the data for speech recognition software for video search!  Now that's a really creative plan.  Give away 411 services that people want in exchange for their voice and they never even realize they've given anything away!  

In an interview with IDG, Marissa Mayer said:

You may have heard about our [directory assistance] 1-800-GOOG-411 service. Whether or not free-411 is a profitable business unto itself is yet to be seen. I myself am somewhat skeptical. The reason we really did it is because we need to build a great speech-to-text model … that we can use for all kinds of different things, including video search.

By the way, 1-800-GOOG-411 works great - I use it all the time - except for "Berthoud," the town I live in.  I've even tried mispronouncing it (people tend to say it "ber-houd" instead "ber-thud") and it just doesn't get it.  So 1-800-GOOG-411 as long as you're not trying to look up my number … or the number of the best Mexican place in Colorado.

More and more companies are experimenting with paying open source developers. Why?

• Some pay to recruit hard to find talent.
  Wikipedia will be paying illustrators because good technical diagrams are hard to come by and people aren’t contributing them like the rest of content. 
• Some pay to encourage more participation in certain projects. 
  Sun just launched a new initiative to pay people to work on key open source projects that Sun has invested in.  They also announced that they believe most of these new, paid open source developers will be in India which prompted a funny quote on Slashdot:
           “Shit! First they outsource our paying jobs to India, now they want to outsource our hobbies there, too?!” 
  Note that there aren’t a whole lot of Indian open source developers at the moment.
• Some pay to reward outstanding contributions.
  Nokia has a Forum Nokia Champion program that rewards people for “their outstanding skills and devotion to the Forum Nokia community.”
• Others are trying to connect a paying customer with a specific need with available developers.
  SourceForge Marketplace is out of beta.  This is a forum where OSS developers can sell their services to paying customers.
• And still others are trying to build a sustainable business model that enables enterprises to use open source software by aggregating open source software support and contracting open source software developers to resolve issues.
  OpenLogic sells aggregated support for open source software and pays open source software developers to resolve issues and fix bugs.

We just released OSS Discovery as open source software.

OSS Discovery is an open source tool that finds installed open source software. It can be used to inventory open source software across an enterprise or on a single computer.

To go with it, we also announced a new initiative, The Open Source Census. 

The Open Source Census is a global, collaborative project to collect and share quantitative data on the use of open source software in enterprise. In short, that just means we want to count how many enterprise installations there are in the world for each open source package.

The goal behind both of these projects is to promote the use of open source software by showing how much is already being used!  

Come help us discover and promote open source software!

I really enjoyed reading Greg Kroah-Hartman's keynote talk from OLS 2006.  (I'm not sure why I just stumbled across his 2006 keynote now.)  I enjoyed what he had to say and I enjoyed the format he put it in.  He created a web page with all of his slides as pictures interspersed with text.  I don't usually watch videos of talks but I found myself reading this talk to the end - the slides made it easier to read and made it feel more like Greg was talking to me instead of writing.

His main points?  Those that I remember are:

• Linux is plug and play and supports more devices than any other operating system.
• It also supports more hardware platforms than any other operating system.
• Linux is evolving not following some preset design, so forget about backwards compatibility, that would just make it a mess and stop evolution in its tracks.
• Closed source kernel modules are illegal.
• There's plenty of information and help for those looking to get started developing Linux.  Start with reviewing code!
• There aren't any regression tests - that's what all the people are for.

But read his talk, it's worth it: http://www.kroah.com/log/linux/ols_2006_keynote.html.

Sun was recently the perfect example of why many companies don't invest more in open source software.  Sun was accused of hardball open source project tactics.   Many companies are afraid to start working on open source software projects because they are afraid they might make a mistake - and mistakes in the open source world are very public, feedback is harsh and the negative publicity sticks around for a long time on the internet. 

Sun's story important for companies to understand because it shows how the relationship between companies and projects can go sour - especially when the company employees working on the project don’t agree with management on what’s to be done.  It’s not clear what exactly happened and what was cause and effect but it looks like:

• Sun started an open source project, OpenDS
• The charter said that Sun appointed the project manager
• Somebody from Sun on the project changed the charter to say the project appointed the project manager
• Sun first level managers got upset, tried to (or did) change the charter back and in the process a bunch of Sun OpenDS employees left or were fired
• Sun executives are just now learning about it and trying to back paddle

So what should companies working on open source software projects do?

• Keep lines of communication open between open source developers and management.
• Make sure that developers understand how the open source project is important to the company.
• Make sure that the developers understand and are on board with the company's strategy.  If the company employees working on the project aren't on board with the company strategy, then that is a clear indicator that the open source software project is not going to be successful for the company.  The project's goals and the company's goals are most likely in conflict.

In short, communication and transparency are key to a project's success!  Luckily for all of the open source communities that Sun participates in, Sun is probably open source saavy enough not to be scared away by this!

I was thinking the other day about software that I use every day but is unobtrusive….so much so that I forget I'm using it. Besides the normal embedded software in consumer devices, one of the first packages that came to mind was DenyHosts. DenyHosts is a Python script and system which effectively stops brute force login attacks through secure shell attempts on Linux. If you've ever put up a server on the internet that allows secure shell logins, you will have seen hundreds, even thousands of ssh login attempts per day. The script kiddies are still alive and well and polluting networks with their vain brute force logins. They must succeed just enough to never give up, but DenyHosts can put an end to all that for anything you have to manage. You'll need Python, 2.5.1 will work fine, as the only prerequisite. Download the package from http://denyhosts.sourceforge.net and follow the well written installation instructions. Within 15 minutes you can have it running and protecting your box. DenyHosts monitors the security logs of your server and parses out the sshd failed login attempts. After a configurable number of failed attempts, it then adds those IP addresses to the hosts.deny file your TCP stack will obey. Anything in that file will be automatically denied a TCP connection to your machine. You can set the interval at which it processes the logs, but in practice, I've never seen DenyHosts process taking many cycles so I have mine set for frequent looks. The most powerful feature of DenyHosts is the ability to automatically share attack data with the community and then download lists of IP addresses aggregated from all these attacks. You can set an update interval to pull the new lists. I have mine set at 30 minutes and nearly always it's pulling 10 to 15 new addresses each time. The addresses will age out after awhile…just like everything else in DenyHosts, this is user configurable. If your system has been attacked by an IP you don't already have in your deny list, you can optionally configure your DenyHosts to share that IP data with the central server. So, it's possible to pull deny host lists and not put back any attacks you see, but there's not much reason to not share your data too. It's rare, but it does happen that servers I have installed DenyHosts on will push a new denied IP upstream. DenyHosts is simple to install, configurable almost to a fault, and extremely effective at cutting out brute force login attempts. Give it a try next time you put up a new box or if you don't have anything in place on your servers now to cut out brute force login attacks.