« Picking an open source license w/o becoming brain dead (or brain washed) | Main | Sony BMG infringes on Digital Rights, gets busted »

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Laurent Gharda

Hi everyone,

I'm the Laurent Gharda in question (there aren't too many of us with that name around!)

Now that I sound like the big bad wolf, please allow me to rectify a factual error in Bruce's article (it was a complex story, I'm not faulting Bruce!) that appears to have been the basis for this rather witty posting!

I'll also attempt to respond in good humor (or at least not too defensively) to some other points...

LinMin doesn't have a single line of Webmin code in it. LinMin is not forking anything. Webmin remains as it always has been: a fantastic, open source admin tool available to all for free. LinMin has paid for enhancements to Webmin (as noted, the Bacula integration module) and given that back to the Webmin community.

LinMin Bare Metal Provisioning was written from the ground up in-house, over a period of years, without incorporating open source code (well, we use Java and bolt into a relational database). LinMin is not changing the licensing model at all: it's always been a proprietary license and remains so. Sorry if this disappoints some of you...

Speed of open source development: I never said that developing open source code was slow. I know better (I've coded for a living in a prior life). What I said was that developing a business around a brand new open source project (one that has had very limited reach) will take significant investment (read: VC funding) before any kind of meaningful revenue comes in. I think it's great that projects (monitoring, database, app server, etc.) that have been built over time by countless dedicated open source developers get the attention of a team of entrepreneurs backed by VCs and "make something out of it". Great model, and hopefully the contributing developers have paying jobs (either at the sponsoring company or elsewhere).

Peer review and access control being the mechanisms to ensure that "nothing bad" happens: in an ideal (and non-IT) world, I'd agree. What we see in IT environments is many people with root privileges that have access to everything (they need to, to do their job). So access control is de facto compromised, and is replaced by trust in individuals. This works well 99% of the time. Also, there's no formal software development going on in many shops, so no concept of peer review (come on: when you write a script, do you have someone review before unit testing it or even deploying it for others to use?) The point I was making is that if someone has keys to the kingdom, they can flip a bit (change a read to a write) or change a set of server provisioning policies with, well, not very positive results. That's all I said... Do you still disagree?

Functionality and speed to reprovision a server farm: LBMP or any tool (sorry, "product"!) will do that in less than an hour (say, 200 machines concurrently being reprovisioned from one server over the same subnet).

LinMin and future Open Source plans: we have some good things under wrap with products un-related to LBMP. Stay tuned!

A final comment, now that I've gotten somewhat bashed (and all in good humor, no offense taken): if any of you has had to install systems by hand, or have had to put together and especially maintain some type of PXE server, count the hours you've spent doing this, multiply by your labor rate, and compare that to spending 3 or 4 dollars per device (server, blade, PC, VM) per year to provision/repurpose it as often as you need.

That's what LinMin is offering: an inexpensive way of getting the job done. Not open source, not free, but it still costs a lot less than your time, so it's not all bad!

Comments (and visitors to www.linmin.com to check it out for yourselves) are welcome!

Cheers,

LKG

Disclaimer: I'm not a biz-type; I'm a sw engr (~15 yrs exp).

I would suggest that
1) developing with a closed-source model allows a business to hide what's complete and incomplete, which improves the likelihood of sales. Open source is like when TV started moving to HDTV- all the ugly parts of the actors' makeup were in plain sight for the world to see. So I don't think it's about pure speed of development, but rather the speed of business; to get to the point where you can make a sale and (eventually) become profitable. Whether this is what Mr. Gharda believes/states is besides the point to me.
2) While open source and peer review in the long run do assist in producing a very secure system, I'd suggest that it takes a little while for that open source community to develop such that you can get a great peer review community established (my own experience with trying to establish os projects). In the early stages of a business, there will be many things wrong that if witnessed by the wrong people could be devastating. Due to the issues of getting revenue I stated earlier, I think that security through obscurity can definitely buy a lot of time in that regard.

In the long run, I do believe it would probably behoove Linmin to gradually open source their systems to get sufficient peer review, but I don't disagree with their approach given that they've only just started their business. I also don't think open sourcing all at once will be helpful either for similar reasons on the security front.

That said, I'd be interested in seeing more reviews of Linmin before trusting it myself.

The comments to this entry are closed.