The big news from the LinuxWorld Conference in San Francisco this week has got to be the IBM partnership deals with Canonical, Red Hat and Novell. IBM has, quite plainly, gone on the offensive and stated that in combining its Open Collaboration Client Solution software suite (with Lotus Notes, Symphony and Sametime) with Ubuntu, Red Hat and Suse Linux distros it can convince its customers to make the move to a Microsoft-free desktop experience.

With Canonical already confirming that Lotus Symphony will be distributed via its Web services programme within a couple of weeks, the other players in this trio will most likely follow with similar announcements real soon.

Now, according to various online sources, the fourth largest maker of computers is looking to get involved. The Chinese-based company that acquired the IBM laptop business some years back, Lenovo, is apparently involved in ‘active discussions’ with regard to bringing out a series of systems with a Microsoft-free desktop running the Linux/Lotus combination.

Should Microsoft be worried? Well, truth be told, probably not. After all, IBM has been pushing the Microsoft-free desktop thing in Europe for some months already to no great effect as far as I can see. Why it should make any bigger an impact in the US is beyond my ken.

Throwing Lenovo into the mix could be interesting, but again I doubt that it will win too many converts. There is, to be fair, enough choice of Microsoft systems out there in the market and while the Linux market share continues to grow slowly, the emphasis is on slowly.

Just as Firefox has eaten away at the Internet Explorer userbase, so Linux will claw at the Windows market. But as with the web browsers, Microsoft will still be left with the lion’s share and then some. Convincing the business market to switch from a Microsoft desktop to a Linux one is going to be a lot harder, as their is already much more invested in both financial and cultural terms, than simply switching a web browser client.

Even allowing the for the credit crunch argument of businesses being strapped for cash so looking more favourably at the open source sector does not really hold water when push comes to shove. Buying new hardware does not save money, it costs money. Those businesses are far more likely, surely, simply not to upgrade and therefore not spend a budget they do not have.

The only possible chink in the stick with Microsoft argument comes with the number of enterprises which are not upgrading to Vista, leaving a slight possibility that they might look elsewhere when the time does come for new hardware…

IBM has built what could well be the largest ever dual booting Windows and Linux HPC blade system, comprising some 5376 Intel Xeon quad-core processors each of which is running at 2.5GHz and which will be able to reach a sustained 46 teraflops worth of processing power. Running Windows HPC Server 2008 (Beta) the high performance computing system has been built at the Umea University in Stockholm, Sweden and forms part of a resource used by a number of academic research groups.

In itself the system is sufficient enough of a powerhouse to lay claim to being one of the top 50 most powerful computers on the planet, which should be enough for any geek to get excited about. However, I suspect that the bit of the announcement that will get the most coverage will be that this one has been built around Linux and Windows rather than Linux alone. Heck, look at the statistics and it appears that around 85 percent of such HPC systems are running exclusively on Linux and Windows cannot even claim to scoop up the remaining 15 percent but instead sits somewhere around the 2 percent mark at the most (if you use the latest available Top 500 list as your metric anyway.)

This could all change when the latest Top 500 list is released later this week, Microsoft is certainly hoping to start making a bigger impression and has been investing heavily in the HPC market of late. I don’t think that the Linux fanboys have too much to worry about though, as it would take something of a seachange in the HPC world to shift even to the point where half the machines were dual-booting let alone Windows exclusive. I’m not sure I am even convinced by the argument that as people using Linux-powered high performance computers more often than not will be using Windows-powered desktops or laptops at home or outside of the research lab so there is a ready made market for the dual boot option.

A recently revealed vulnerability with Debian OpenSSL cryptographic libraries, covered in detail within the Debian Security Advisory DSA-1571-1, allows secure web sessions to be potentially decrypted by an attacker. In fact, the vulnerability impacts on Debian children distros as well, but that is almost by the by. What isn’t is the reasoning for the vulnerability to exist in the first place. Now you might be assuming that, like most of these things, a bit of unintentionally sloppy and insecure programming during development was to blame. While the words sloppy and insecure certainly still spring to mind, unintentional most certainly does not.

You see, according to an excellent piece of analysis at Dark Reading it appears that the programmer was “using Valgrind to debug applications in an effort to prevent security flaws. But two lines of code from the OpenSSL libraries caused Valgrind to complain, which prompted the programmer to take them out after an inquiry and short discussion on the OpenSSL development mailing list.” Amazing as it may seem, this simple act resulted in “two years’ worth of weakened cryptographic key creation (both SSH keys sand SSL certificates) on Debian-based systems.”

In effect, the work-around meant that every single one of the 32,767 cryptographic keys could now be generated ahead of time and that means a brute force attack becomes, pretty much, child’s play.

In his Dark Reading analysis, John Sawyer claims that this means “All communications that had been perceived as “secure” for the past two years — and into the unforeseeable future — could now be compromised if their encryption was based on the flawed keys and certificates.”

Sure, the developers concerned were only trying to make something more secure, and there was certainly no malicious intent involved here. But the irony is that it proves Linux can be just as insecure as Windows in some regards, perhaps even more so. More so, why so? Well, the perception is that Linux is secure, period. Working from that basis, users are perhaps more inclined to think less about the security and privacy implications of their online sessions. In the case of Debian users that could have devastating implications.

And the moral of this tale? Be it Linux or Windows, the user should always treat security seriously and never expect the OS to be a virtual fortress…

Tom Hanrahan, best known within the open source movement for his recent role as Director of Engineering at the Linux Foundation, has been confirmed as the new Director of Linux Interoperability at, wait for it, Microsoft.

The role would appear to have been created to take the helm at the Microsoft/Novell Interoperability Lab, in an effort to ensure that the Linux and Windows operating systems will be able to run successfully side-by-side on enterprise systems. Whether the move will be successful in deflecting the huge explosion of online criticism over the Microsoft and Novell deal, not least because of the patent provision aspect, remains to be seen.

One thing is for sure, it is a clever move to bring in such a well respected Linux veteran with a proven track record in the open source movement. Sam Ramji, who runs the Open Source Software Lab at Microsoft, and to whom Hanrahan will report, must be hoping the appointment cannot do anything to damage the credibility of Microsoft in its new Linux friendly (ish) phase of life.

All we need now is someone to oversee the mouth of Microsoft CEO Steve Ballmer to prevent him making more comments about the need for the open source movement to ‘play by the same rules’ while allowing Microsoft lawyers to accuse the Linux movement of a swathe of some 235 patent violations.

Of course, for those very reasons, it could well damage the credibility of Tom Hanrahan, although I am sure he must have thought about that before being lured by the Microsoft big bucks. His track record would suggest that he has the capability of helping smooth this transition of Microsoft’s business, bringing with him experience as a senior program manager at the IBM Linux Technology Centre before that Linux Foundation job.

Miniaturisation is a wonderful thing. I mean, how long ago would I have been beaten soundly with the silly stick for suggesting you could easily fit a couple of dozen Linux based computers into your trouser pocket? Exactly, probably no more than last year I guess. Even today the people who watch me type (they do exist, honestly Doctor) are guffawing away as they read this first paragraph.

OK, this will shut them up. The Yoggie Pico is a USB thumb drive no bigger than any other bog standard USB thumb drive. The Yoggie Pico is far from being bog standard, unless the standard bogs you frequent come replete with a full security suite of no less than 13 applications pre-installed and ready to run directly from the memory stick itself. Damn, they are still laughing. Did I mention that it also runs Linux 2.6 courtesy of the 520MHz PXA270 Intel processor on-board? Hey, it has gone quiet now.

I am used to seeing a lot of thumb drives which promise to solve the data security problem of taking your information with you on the move and accessing it on any old computer, any old where. Most of them are the same old same old. The Yoggie Pico is refreshingly different because it takes the route of solving security problems by offloading all your security applications from the PC onto the Little-Linux-Computer that it is instead. This means that all Internet traffic is screened before it can execute on that PC or lappy, and even then only once it has been given the thumbs up and passed fit for inspection. It is not meant to be a portable data device, it is a portable security device instead.

It’s really a natural progression from the Yoggie Gatekeeper, which brought shrinking size and shrinking complexity to the security gateway device market, and a great one at that. Let’s see what you get by way of security apps on the Pico:

Anti Virus

Anti Spam

Anti Phishing

Anti Spyware

Intrusion Detection (IDS)

Intrusion Prevention (IPS)

Web and Mail Proxies

Firewall (stateful inspection)

Web Filtering

Parental Content Control

Adaptive Security Policy

Multi-Layer Security Agent

Layer-8 Security Engine

VPN Client (PRO model only)

VPN (available in the Pro model)

There seems to be much media attention being paid to the fact that you can free up CPU times from the host PC, letting the Pico take the strain. But in the world of security methinks that is a red herring. I don’t care if it is a little slow, I want to know it is a lot secure. What I care about is if it works, and that means reducing the complexity of installation. So most importantly, as far as I am concerned, there is no ‘plug and pray’ (that it works) component to this, it is all real plug and play stuff instead. No installation routines to run, just stuff it in an available port and get firewalled and protected. And updated, courtesy of hourly online updates. Remove it and all Internet connectivity is disabled, making this a good one for the consumer (especially parents looking for easy time based access controls) as well as the business market. Business market? Oh no, the laughing voices are off again. But wait, why not? It is an affordable centralised security solution, easy to deploy, easy to use, easy to forget about. At least in the Yoggie Pico Pro guise, which adds an additional layer of security by way of a VPN client and an interface to the Yoggie Management Server.