Google and Open Source

In May, Google held its annual IO Conference for developers  in San Francisco. During the conference, the Austrian technology site, derStandard.at, had an interesting interview with Chris di Bona, Google’s manager of Open Source.  (Most of the site is in German, but the interview itself is in English.)  I have mentioned some aspects of Google’s involvement with open source here before, but the interview gives some additional insight into how pervasive open source really is at the Googleplex.

The Chrome web browser, and the Android and Chrome operating systems (both derived, in part, from Linux), are probably the best-known of Google’s open-source projects, but there are many others, as di Bona points out:

We have released something like 1,300 open source projects to the outside world in the last five years. That amounts to 24-25 million lines of code, using a variety of licenses.

Asked specifically about where Linux is used within Google, di Bona said:

Everywhere. Every production machine / server inside of Google is running Linux, Android of course, lots of desktops.

He goes on to say that engineering desktop machines overwhelmingly run Linux (Google engineers can in most cases use what they want).  Mobile devices are perhaps 70% Mac OS X (itself a UNIX derivative), with most of the rest Linux.  There is a very small population of Windows users.  (Google, as a software developer, of course needs some Windows machines for testing.)   He also described the way the internal networks for engineering are set up [emphasis added]

We have our own Ubuntu derivative called “Goobuntu” internally for that, integrating with our network – we run all our the home directories from a file server – and with some extra tools already built-in for developers.

I was struck by this, because the idea of having all home directories (user files) on a file server is one that we used with Sun UNIX workstations for securities trading 20 years ago.  (I mentioned this in an early post on Chrome OS.)   Doing it this way — we referred to it as having “dataless” workstations, with only the OS,  X Window System binaries, and the swap space, on the local disk — had several advantages:

• The only files that needed regular backups resided on a file server, which was under IT Operations’ control
• The only files with internal, possibly sensitive data, were on a file server, with physical and network security
• A faulty workstation could be replaced very rapidly with a pre-built spare, getting the user back in business quickly
• All user machines were built with a standard configuration, making the setup of a new machine a routine exercise.

Sun was also a proponent of this approach.

Mr. di Bona also discusses some of the differences in the way that the releases of the Chrome OS and Android are handled.  Chrome OS releases, including source code, are public as soon as the code changes are officially accepted, or committed.  Android has a schedule of periodic releases, which di Bona explains is due to the differences in the mobile device market.

If you look at Android we have lots of partners. We have chipset partners, we have handset partners, we have carrier partners. They all want to use Android and they all want to have something special about themselves.

Coordinating all these players takes more time.

Finally, the interview touches on some interesting questions about the future of the Chrome OS project and Android, and their market acceptance.

The really big question here is, will people accept the Linux desktop that looks like a ChromeOS machine, will they accept a Linux desktop that looks like Android? And if the answer is yes – and I think it is actually – then the Linux desktop will grow to be quite popular. But I don’t think the “classic” Linux desktop will ever be as popular as Mac OS X or Windows.

Working in technology for years you realize quickly how insecure most peoples machines are, how compromised they are, how compromised servers are. And I know when I use a ChromeOS machine that I don’t have to worry about this anymore, because it’s actually very very difficult for it to get compromised.

I think it’s quite possible that some security-conscious organizations will find the Chrome OS or Android model quite attractive, for at least some of their users, and especially for mobile devices.  The average user is not really able to be a competent systems administrator, and I don’t expect that to change; the user’s job, after all, is to do his or her job, not to be an amateur IT person.

Mozilla Releases Firefox 5.0.1

Mozilla has released an updated version, 5.0.1, of its Firefox browser for Mac OS X, Linux, and Windows.  The new version incorporates fixes for a couple of problems specific to the Mac platform; further details are in the Release Notes.

You can obtain the new version, for all platforms (Mac OS X, Linux, and Windows), in 70+ languages, from the download page.  Alternatively, you can use the built-in update mechanism (Help -> About Firefox -> Check for Updates).

Google Updates Chrome

Google has announced the release of a new version of its Chrome browser, incorporating a new version of the embedded Adobe Flash Player.  The new version for Windows, Mac OS X, and Chrome Frame is 12.0.742.122; for Linux it is 12.0.742.124.  Apart from the updated Flash Player, there are no changes specified.

Adobe’s Flash Player Status page still shows the current Player version as 10.3.181.34, released in late June.  If I uncover any more information about this aspect of the update, I will post a note here.

Windows users  should  get the new version via the built-in automatic update mechanism; you can verify that your system has been updated by clicking on the tools menu (the little wrench), and then on “About Google Chrome”.  Linux users can get the updated package using their distros’ usual update tools.

Microsoft Security Bulletins, July 2011

Once again, it is the second Tuesday of the month, and time for Microsoft patches.  This month, there are four security bulletins (three for Windows, one for Office), which address a total of 22 identified vulnerabilities.   One of the bulletins, for Windows, has a maximum severity rating of Critical; the other three bulletins are rated Important. All supported versions of Windows are affected; for a breakdown of bulletin severity by Windows version, please see my preview post of last Thursday.  The Office bulletin affects Microsoft Visio, Service Pack 3.  If you use Visio, this is an important update; code to exploit the underlying vulnerability has been published.  More details and download links are in the Security Bulletin Summary for July 2011.

Microsoft says that the three Windows patches will definitely require a reboot, and the Office patch may require one, depending on the configuration of your system.  As usual, I recommend that you install these patches as soon as you conveniently can.

If you are using the Vista version of Windows, you should note that today is the last day that Windows Vista with Service Pack 1 is supported.  I suggest you check to make sure that you have Service Pack 2 installed (that setup will continue to be  supported).  If you need to get Windows Service Packs, you can download them here.

As usual, the folks at the SANS Internet Storm Center have published their summary of the bulletins, with their own severity rating and comments.

More GPS Troubles?

I’ve written here before about the many ways in which the Global Positioning System [GPS] has come to be used, and some of the interference problems, both accidental and otherwise, that have grown along with the system’s usage.  A new controversy, concerning potential interference from a new broadband wireless networking service, has arisen in the last year.

The proposed new service would be provided by a company called LightSquared,   The company has two satellites in geostationary orbit that can relay data on the Mobile Satellite Services [MSS] band, using uplink frequencies 1631.5 – 1660.6 MHz, and downlink frequencies 1530 – 1559 MHz.. (Rights to the spectrum were acquired by SkyTerra Communications, a predecessor company to LightSquared.)  LightSquared’s plan is to distribute streaming 4G Internet service from these two satellites via a network of ~40,000 ground stations (called “Ancillary Terrestrial Components”, or ATCs), which would in turn relay the signal to user devices.  The company’s business plan calls for it to act as a wholesaler, with the service resold via third parties (Best Buy was a suggested example).  The attraction of the plan is its potential for providing broadband service in more rural areas where the current provider oligopoly doesn’t provide coverage.

Since the plan was introduced, there have been concerns voiced by the Department of Defense and the GPS devices industry about potential interference with GPS operations.  The downlink frequency band, to be used by the LightSquared satellites and ATCs, is just below the band used by GPS.  The satellite signals are not a concern; like the signals from the GPS satellites,  they are fairly weak.  But the ATC ground stations would re-transmit the signals with orders of magnitude more power than the satellites.

According to an article on the “Law & Disorder” blog at Ars Technica, the National Telecommunications and Information Administration [NTIA]  of the US Department of Commerce has released a report [PDF], addressed to the Federal Communications Commission [FCC], stating that the proposed system would produce serious problems for GPS operations.

The NTIA assessment contains testing results overseen by the National Executive Committee for Space-Based Positioning, Navigation, and Timing (EXCOM). “The LightSquared Network initial deployment would cause severe operational impact over significant regions of the United States,” EXCOM’s testing team advises.

The report includes a map, for example, showing a region around Washington DC in which the early-stage deployment of the LightSquared system would prevent usage of GPS services by aircraft flying at 500 feet; the affected area extends well beyond Baltimore.  GPS services would be degraded at even longer distances.

The report’s main conclusion: “LightSquared should not commence commercial services per its planned deployment for terrestrial operations in the 1525 – 1559 MHz Mobile-Satellite Service (MSS) Band due to harmful interference to GPS operations.”

LightSquared has submitted a revised plan (which the NTIA report acknowledges), which the company claims  “poses no risk to the users of over 99 percent of GPS devices”, a claim which the NTIA proposes should be evaluated before deployment is allowed to commence.  I have had a quick look at the revised plan, though I have not read it all; I am somewhat skeptical of its claims, solely because most of the first half of the plan is devoted to blaming everyone else for the problem.  It seems that the controversy stems in part from the fact that, when the spectrum in question was originally auctioned, the intent was that it be used for purely satellite-based services.  Subsequent FCC decisions have made the addition of some sort of ATC possible, without being very specific about what form those additions might take.

I hope that a reasonable solution can be worked out here.  The GPS had turned out to be a very useful service in many important applications, and certainly is worth preserving.  On the other hand, providing broadband Internet access to those areas which have none is also a worthy goal.

 

Firefox 6.0 Beta Available

The good folks at Mozilla have announced the  release of a first beta version of the next major release, v 6.0, of the Firefox browser; the beta release is available for Mac OS X, Linux, and Windows.  (An Android version is also available.)  The release announcement summarizes some of the new features included in this version.  The Release Notes contain more technical detail, and links to further information.  (The Release Notes for the Android version are here.)

Installation packages for the beta version, in a variety of (human) languages, can be downloaded here for Mac OS X, Linux, and Windows.  The new version 6.0 is tentatively scheduled for final release on August 16; doing some preliminary testing now might be wise for your critical Web applications.