Confused why you're here? My name used to be Ben Balbo. I'm now Ben Dechrau (/bɛn dex-raɪ/).

Archive for the 'Open Source' Category

Dear Temptee: Beware of Microsoft’s BizSpark

Published on November 7, 2008 in Open Source and Rant. 5 Comments

There is devilry afoot in the Redmond offices. That tautology became stronger on the 5th of November with this press release:

SAN FRANCISCO, November 5

Microsoft Corp. today unveiled Microsoft BizSpark, a global program designed to help accelerate the success of entrepreneurs and early-stage startups. BizSpark provides startups and entrepreneurs with fast and easy access to current full-featured Microsoft development tools and production licenses of server products with no upfront costs and minimal requirements. BizSpark also provides technical support and market visibility. BizSpark is structured to take advantage of the resources and support of a global network of hundreds of organizations such as economic development agencies, university incubators, hosters and investors, including The National Venture Capital Association (NVCA) and The Indus Entrepreneurs (TiE). These BizSpark Network Partners provide guidance, mentorship and resources to help drive startup success.

See full press release here.

You might consider this as a sign that Microsoft wants to support small and enterprising startups, but what’s the real story behind this?

The pessimist (or realist?) in me looks back at other Microsoft campaigns to build their customer base and assumed this is yet another attempt to lock people in to their proprietary formats and systems.

As someone who runs his own company based largely on only open source software, I find it hard to understand why people and organisations would opt for systems that lock you in even if it is cost-free. The problem here is the time-limit part of the deal. After the three years of cost-free access, you will be required to pay for the services you use, or migrate to another system.

Migrating is often an arduous task and most organisations will opt for lower short-term costs in licence fees over the cost of porting their systems to new infrastructure. The long term financial costs will keep adding up though, and over time the migration process will become more complex and less attractive. You will be heading down a spiral towards total dependence on Microsoft products!

Consider now a business such as mine that is not reliant on any proprietary software or services. I’ve been using these systems for well over three years now and have paid nothing and will continue to pay nothing. Sure, there are costs such as hardware, power, Internet access; but these are common across all businesses. I might also have spent a little more time in setting up my infrastructure initially, but having been a Windows administrator in a previous life I can attest to the fact that maintaining my infrastructure after deployment is less intensive and demanding than the Microsoft alternatives.

I’m also freer than any business that runs Microsoft products. If I want to change the way OpenOffice.org works for me, I can change it, or pay someone to change it for me. You cannot change the way Microsoft Word works. If I want to recompile the Linux kernel to increase performance or hardware compatibility, I can do that. You cannot run Windows on any hardware you like. If I buy a new computer, I can copy all of my applications over and run them on both machines at the same time. You can also do this, but that would contravene the end user licence agreement you agreed to when installing the software.

So tell me now, why would you take up Microsoft’s BizSpark offer if the open source world can offer your business the same service with no lock-in, no cost and more freedom?

What’s new in PHP 5.3?

Published on February 14, 2008 in Articles, Hosting, Open Source and PHP. 0 Comments

I wrote an article on Installing PHP 5.3 in order to look at the newest features that have been back-ported from PHP 6. The result of this is my What’s new in PHP 5.3 article that was published by SitePoint yesterday.

I won’t go in to the nitty-gritty here, but suffice it to say the the new features will solve a number of problems. Read the full article to find out more about namespaces, late static binding, a new MySQL native driver and the other features of PHP 5.3.

Installing PHP5.3

Published on January 28, 2008 in Hosting, Open Source and Work Life. 0 Comments

PHP LogoI recently installed PHP 5.3 in order to play with some of the new features and thought I’d share the steps I took with you. While it’s based on a clean installation of Ubuntu 7.10 Server, you might find this useful on existing systems too.

As ever, this guide is for educational purposes only. I offer no warranty of suitability or accuracuracy. Use at your own risk, and if it goes wrong head over to the forums for help…

Read my full article at the Melbourne PHP Users Group web site.

Make someone feel good by blowing their trumpet

Published on January 10, 2008 in BarCamp, Conference, Extra Curricula, Open Source and Work Life. 2 Comments

TrumpetThe new year typically spawns lots of “Best of …” and “What happened in …” articles and blog posts. It’s a time of year to reflect on the past 12 months. It’s time to look at the highlights, sometimes the lowlights, and hopefully lock a few of those nuggets away for future use.

What I wasn’t expecting while rapidly devouring the 1000+ items in my RSS reader was one post that contained my name accrediting the initiation of a number of Australian BarCamps to me.

Now before you accuse me of blowing my own trumpet, I write this not because I want you to bow before me, rather because I wanted to share how that made me feel. It was great! By simply including that one paragraph in her post, Janet spurred me to get of my Christmas pudding and get BarCamp Melbourne 2008 back on track.

The truth is 2007 was a busy year for me. Most years are – I’m the type of person that can’t say no. After having co-authored a book, organised BarCamp Melbourne 1.0, bought and moved in to a new house, changed jobs* and possibly more that I can’t remember (now you can accuse me of blowing my own trumpet!), I was seriously considering postponing, or get someone to take over the organisation for, BarCampMelbourne 2.0.

* Truth be told, the job change was more of a relief than a burden. It’s great to leave a company that wants you to feel lucky for working in a chaotic environment under bad management with an internal IT department that has an agenda so huge you could swear it’s trying to bring the company down from the inside – a sad end to what once was, debatably, one of the best places in Melbourne to score a job!

So, the good news is that my flame has been relit. In order to make my life at least that little bit easier, BarCampMelbourne 2.0 will be a one day event so I have more venues to choose from. It has also tentatively been brought forward one week.

Thanks Janet! Apologies for the post title…

Powerful Cross Site Scripting Scanning Tool

Published on December 1, 2007 in Conference, Open Source and Security. 0 Comments

scanEEWeb developers today are increasingly aware of the number of ways that attackers can abuse their site. Not only do we have to worry about someone stealing data directly through our site or from our database, cross site scripting (XSS) attacks provide a mechanism for someone to run arbitrary code on another web site.

During his OSDC 2007 keynote, Rasmus Lerdorf mentioned the scanmus, a cross site scripting scanning tool he’d written. It looks at a page’s source code and identifies potential entry points. In the case where it finds a form, it will submit data in a way to detect a number of XSS vulnerabilities, and report those to the user. Unfortunately, while he plans to make this available to the community, this won’t happen just yet.

Ben Cornwell and I got to chatting during the break and when I suggested we write our own, he didn’t hesitate. I don’t think he quite realised at the time that there wouldn’t be any PHP work involved though.

You see, there’s this tradition at conferences (at least the ones that I’ve attended), that when a discussion or talk at the conference gives you an idea for a product, script or technology, you start on it right away and present it at a lightening talk during the same conference. So we couldn’t just have some lame PHP script parse the resultant HTML and spew it to the browser. That would be too easy. That would be just what they’d be expecting us to do! And you know you can’t take over the world by being predictable.

So we wrote it in HTML and JavaScript. Even the logo! It’s one HTML file.

Now this will work perfectly if the HTML script is placed in the document root of the site you want to test. If you want to test remote web sites though, as we did during the lightening talk, you’ll have an issue with cross domain xmlhttprequests. So for the demo we had a simple proxy helper that would load the remote site. The JavaScript class could then load the remote site’s contents through a local call.

So without further ado, you might all be wondering where you can download this awesome tool. Well, it’s still extremely pre-alpha. It itself has XSS vulnerabilities! It needs to be worked on. But you can still grab the HTML and PHP files if you like.

I’ve already had a fair amount of interest from people who want to help, so if you’d like commit privileges, please let me know. You can check out the trunk in the meanwhile.