Those interested in building a Bitcoin exchange should look no further than this chunk of source code posted by a “Russian leaker” called nanashi_. It alleges to contain the 1,700-line source code for Mt. Gox’s electronic exchange.
The code describes the Bitcoin class for Mt. Gox and the various methods for transmitting and receiving BTC. Hacker News believes that CEO Mark Karpeles AKA MagicaTux wrote some of the code.
Here is a private mirror of the code but you can also read it here. The hackers also claim to have a 20GB data dump of customer data along with passport scans and a list of contact information for Mt. Gox employees. The full IRC exchange with the leaker is here.
Read the rest here: Mt. Gox Source Code Leaked By Hackers Along With Team Information, Customer Data
Happy Birthday Raspberry Pi! The low-cost Linux microcomputer has just turned two years old. And boy how it’s grown.
The Cambridge, U.K.-based creators of the 35 credit-card sized computer thought they would only ever sell a few thousand units when they started their project. In the event, they sold 100,000 units of the Model B Pi on the very first day. Global sales of all Pi models have now pushed passed 2.5 million, up from 1.75 million back in October.
The Pi continues to be used in all manner of creative ways — including as a learning platform for teaching kids about computers and coding, which was actually the original mission of the Pi Foundation. And also as a plaything for adults, with makers and fully-fledged startup businesses using it to power all manner of cool stuff. Long may it continue.
As Pi continues to grow, the not-for-profit Pi Foundation has just kicked off a competition — offering a $10,000 bounty — to help open source the graphics drivers running on Pi.
Currently the Pi required a block of closed-source binary driver code (aka a blob) to talk to the hardware — but the chipmaker, Broadcom, has just released the source code for another similar chip. And the Pi Foundation is looking for help porting this to Pi so users can bypass its blob and get proper access to the graphics core.
Full details below. If you’re interested in taking part in the global competition (which has no end date — continuing, presumably, until someone is able to do the deed), the competition rules can be found here.
In common with every other ARM-based SoC, using the VideoCore IV 3d graphics core on the Pi requires a block of closed-source binary driver code (a “blob”) which talks to the hardware. In our case, this blob runs on the VPU vector processor of the BCM2835 (the SOC or System On a Chip at the heart of the Raspberry Pi); our existing open-source graphics drivers are a thin shim running on the ARM11, which talks to that blob via a communication driver in the Linux kernel. The lack of true open-source graphics drivers and documentation is widely acknowledged to be a significant problem for Linux on ARM, as it prevents users from fixing driver bugs, adding features and generally understanding what their hardware is doing.
Earlier today, Broadcom announced the release of full documentation for the VideoCore IV graphics core, and a complete source release of the graphics stack under a 3-clause BSD license. The source release targets the BCM21553 cellphone chip, but it should be reasonably straightforward to port this to the BCM2835, allowing access to the graphics core without using the blob. As an incentive to do this work, we will pay a bounty of $10,000 to the first person to demonstrate to us satisfactorily that they can successfully run Quake III at a playable framerate on Raspberry Pi using these drivers. This competition is open worldwide, and you can find competition rules here which describe what you have to do, and how to enter.
Here is a small but nifty update to Google Search: if you ask it to find a restaurant menu for you, it will now often just show you the menu right on the search results page. Try this for a search like “show me the menu for fogo de chao” and the menu will be right there.
As far as I can see, this doesn’t work for every restaurant yet and it’s unclear where Google is getting this data from. Right now, the number of supported restaurants also seems to be limited. Most of my attempts to trigger the menu listings were actually unsuccessful, so your mileage may vary. The searches that did work tended to be for restaurants that are also listed on AllMenus.com, so chances are this is where Google is getting its data from.
The only way to trigger this feature right now is to type (or speak) “show me the menu for [restaurant name].” Just typing “menu [restaurant name]” doesn’t seem to do anything right now.
This feature was first spotted earlier by Search Engine Land earlier this month, which also suspects AllMenus.com as the source for the data. At the time, Google said it was just one of its many tests. Today, however, it made it official with a post on its Google+ page.
Given that restaurant websites are often quite antiquated (and many still have an annoying Flash intro), having the information you need right on the search results page is pretty cool (when it works). I don’t know how sites that specialize in showing you restaurant menus feel about this addition, but once Google adds more restaurants, I’m pretty sure I’ll use this feature pretty regularly.
Read the original: Google Adds Full Restaurant Menus To Its Search Results Pages
It’s been a hell of a week worldwide. Caracas, Venezuela: “What had been a slow-motion unravelling that had stretched out over many years went kinetic all of a sudden.” Kiev, Ukraine: “Dozens dead as protesters regain territory from police.” Bangkok, Thailand: “Four people have been killed and more than 60 injured after a gun battle erupted between police and anti-government protesters.” Sarajevo, Bosnia: “Thousands of protesters took to the streets, setting fire to the presidency building and hurling rocks and stones at police.”
There have been periods in history when large numbers of people rebelled about the way things were, demanding change — 1848, 1917 or 1968. Today we are experiencing another period of rising outrage and discontent, and some of the largest protests in world history. Our analysis of 843 protest events reflects a steady increase in the overall number of protests every year, from 2006 (59 protests) to mid-2013 (112 protests events in only half a year)
A profile of demonstrators reveals that not only traditional protesters (eg. activists, unions) are demonstrating; on the contrary, middle classes, youth, older persons and other social groups are actively protesting in most countries because of lack of trust and disillusionment with the current political and economic system.
What’s going on here? And what happens next?
Researchers at the New England Complex Systems Institute in Cambridge have one simple answer to the first question, at least: hunger. Back in 2011 they predicted, based on rising food prices, that social unrest would sweep across the planet by, er, August 2013. OK, they were a little off, and their theory doesn’t explain those countries where food prices have risen without riots — but that does seem to be a significant factor.
I propose that another one is just as important, though: technology. Specifically, social media.
To some extent, social media accelerates protest simply by getting the word out. It’s no longer possible for authoritarian governments to control what their citizens see and hear by clamping their iron fists down on newspapers and television/radio stations, unless they want to shut down the Internet and phone services entirely…and not even tyrants want to time-travel back to the 20th century that badly, unless they absolutely have to. As Mathew Ingram points out in a great post on GigaOm, “For those inside and outside of Ukraine and Venezuela, social media is the only media that matters.”
More subtly, smartphones and social media enable what John Robb named “open source insurgencies,” wherein many small groups work towards a common goal, without formal coordination or organization, while adopting, adapting, and evolving each others’ tactics and strategies on the fly. In Ukraine, for instance:
The crisis in Ukraine has spiralled rapidly out of control outside of the capital, Kiev, as anti-government protesters stormed buildings, seized weapons and staged demonstrations across the western part of the country … Although the protests were initially confined to the capital and west, in recent days they have spread quickly to the largely Russian speaking east, most notably Kharkiv.
Could this conceivably have happened without the Internet and ubiquitous phones? Of course. Can modern technology also be used to intensify and perpetuate government oppression? You bet, and how. But as creepy and Orwellian as modern surveillance states can be, their panopticons become pretty irrelevant when a million angry people are marching on the presidential compound with pitchforks, torches, and Androids in hand.
And it seems painfully obvious that modern technology makes open-source insurgencies orders of magnitude less difficult, and therefore, more likely to happen. Or, as Marc Andreessen recently put it:
Woo-hoo! Techno-democratic utopia! Internet FTW amirite?
…Not so fast.
First of all, ongoing protests and insurgencies against authoritarian governments are one thing; actually winning is quite another. Ask the Syrian rebels. Ask Egypt, which, if you haven’t been paying attention, was not exactly liberated after all in the aftermath of the Arab Spring. A million angry protestors do change the game, but that’s by no means a guarantee of eventual victory.
Second, while technology giveth to the masses today, it will bestow its riches upon the authoritarian thugs in the presidential palaces soon enough. I refer, of course, to tomorrow’s antipersonnel/anti-protest drones.
Have you seen what people are doing with drones of late? It’s pretty awesome. Massive mining drones in the desert. Autonomous farmer drones. Tiny quadrupeds that run at 120mph. Drones that sail around the world. And my favorite thing this week:
until this came along:
All very cool — until you imagine these machines militarized, weaponized, mass-produced by the thousand, and turned on the protestors in Kiev, or elsewhere.
My favorite thing on TechCrunch, not counting my own column — OK, fine, even counting my own column — is John Biggs’s occasional series “Today In Dystopian War Robots That Will Harvest Us For Our Organs.” What can I say, I love black comedy. But it’s always tinged, at least for me, with a little genuine terror — because I have written fiction for a living, so it’s especially easy for me to imagine, in vivid gory detail, exactly what will happen on the day a million angry protestors run up against tomorrow’s tyrant armed with ten thousand military drones and a tiny staff of engineers a la the Syrian Electronic Army.
Hint: it ain’t pretty.
The Internet and smartphones disperse power; but drones concentrate power in the hands of those who control them. It won’t be too many more years before that stark disparity will be all too obvious to anyone and everyone.
Image Credit: Wikimedia Commons
See the article here: The Next Revolutions: Drones Vs. Phones
Editor’s note: Peter Levine is a partner at Andreessen Horowitz. He has been a lecturer at both MIT and Stanford business schools and was the former CEO of XenSource, which was acquired by Citrix in 2007. Prior to XenSource, Peter was EVP of Strategic and Platform Operations at Veritas Software, where he helped grow the organization from no revenue to more than $1.5 billion, and from 20 employees to over 6,000. Follow him on his blog and on Twitter @Peter_Levine.
Open source software powers the world’s technology. In the past decade, there has been an inexorable adoption of open source in most aspects of computing. Without open source, Facebook, Google, Amazon, and nearly every other modern technology company would not exist. Thanks to an amazing community of innovative, top-notch programmers, open source has become the foundation of cloud computing, software-as-a-service, next generation databases, mobile devices, the consumer internet, and even Bitcoin.
Yet, with all that momentum, there’s a vocal segment of software insiders that preach the looming failure of open source software against competition from proprietary software vendors. The future for open source, they argue, is as also-ran software, relegated to niche projects. It’s proprietary software vendors that will handle the really critical stuff.
So which is it? The success of technology companies using open source, and the apparent failure of open source is a head scratcher. Yet both are true, but not for the reasons some would have you believe. The success or failure of open source is not the software itself – it’s definitely up to the tasks required of it – but in the underlying business model.
Red Hat, the Linux operating system company, pioneered the original open source business model. Red Hat gives away open source software for free but charges a support fee to those customers who rely on Red Hat for maintenance, support, and installation. As revenue began to roll into Red Hat, a race began among startups to develop an open source offering for each proprietary software counterpart and then wrap a Red Hat-style service offering around it. Companies such as MySQL, XenSource, SugarCRM, Ubuntu, and Revolution Analytics were born in this rush toward open source.
Red Hat is a fantastic company, and a pioneer in successfully commercializing open source. However, beyond Red Hat the effort has largely been a failure from a business standpoint. Consider that the “support” model has been around for 20 years, and other than Red Hat there are no other public standalone companies that have been able to offer an alternative to their proprietary counterpart. When you compare the market cap and revenue of Red Hat to Microsoft or Amazon or Oracle, even Red Hat starts to look like a lukewarm success. The overwhelming success of Linux is disproportionate to the performance of Red Hat. Great for open source, a little disappointing for Red Hat.
There are many reasons why the Red Hat model doesn’t work, but its key point of failure is that the business model simply does not enable adequate funding of ongoing investments. The consequence of the model is minimal product differentiation resulting in limited pricing power and corresponding lack of revenue. As shown below, the open source support model generates a fraction of the revenue of other licensing models. For that reason it’s nearly impossible to properly invest in product development, support, or sales the way that companies like Microsoft or Oracle or Amazon can.
And if that weren’t tough enough, pure open source companies have other factors stacked against them. Product roadmaps and requirements are often left to a distributed group of developers. Unless a company employs a majority of the inventors of a particular open source project, there is a high likelihood that the project never gains traction or another company decides to create a fork of the technology. The complexities of defining and controlling a stable roadmap versus innovating quickly enough to prevent a fork is vicious and complex for small organizations.
To make matters worse, the more successful an open source project, the more large companies want to co-opt the code base. I experienced this first-hand as CEO at XenSource, where every major software and hardware company leveraged our code base with nearly zero revenue coming back to us. We had made the product so easy to use and so important, that we had out-engineered ourselves. Great for the open source community, not so great for us.
If you think this is past history and not relevant, I see a similar situation occurring today with OpenStack, and it is likely happening with many other successful open source projects. As an open source company, you are not only competing with proprietary incumbents, you are competing with the open source community itself. It’s a veritable shit-show.
If you’re lucky and have a super-successful open source project, maybe a large company will pay you a few bucks for one-time support, or ask you to build a “shim” or a “foo” or a “bar.” If you are really lucky (as we were with XenSource), you might be acquired as a “strategic” acquisition. But, most open source companies don’t have that kind of luck, and the chances of going public and creating a large standalone company are pretty darn slim.
Even with all that stacked against them, we still see entrepreneurs pitching their companies as the “next Red Hat of…” Here is the problem with that vision: there has never been a “next Red Hat of…” It’s not to say we won’t see another Red Hat, but the odds are long and the path is littered with the corpses of companies that have tried the support model.
But there is a model that works.
The winning open source model turns open source 1.0 on its head. By packaging open source into a service (as in cloud computing or software-as-a-service) or as a software or hardware appliance, companies can monetize open source with a far more robust and flexible model, encouraging innovation, and on-going investment in software development.
Many of today’s most successful new companies rely on an ecosystem of standardized open source components that are generally re-used and updated by the industry at-large. Companies who use these open source building blocks are more than happy to contribute to their ongoing success. These open source building blocks are the foundation of all modern cloud and SaaS offerings, and they are being monetized beautifully in many cases.
Depending on the company and the product, an organization may develop more open source software specific to their business or build some amount of proprietary software to complete the product offering. Amazon, Facebook, GitHub and scores of others mix open source components with their own proprietary code, and then sell the combination as a service.
This recipe – combining open source with a service or appliance model – is producing staggering results across the software landscape. Cloud and SaaS adoption is accelerating at an order of magnitude faster than on-premise deployments, and open source has been the enabler of this transformation.
Beyond SaaS, I would expect there to be future models for Open Source monetization, which is great for the industry.
So what are you waiting for?
Build a big business on top of and around a successful platform by adding something of your own that is both substantial and differentiated. Take, for example, our national road and highway system. If you view it as the transportation platform, you start to see the host of highly differentiated businesses that have been built on top of it, ranging from FedEx to Tesla. The ridesharing service Lyft is building its business on top of that same transportation platform, as well as Amazon’s AWS platform.
If you extend that platform worldview, Red Hat’s support model amounts to selling a slightly better version of the road – in this case, the Linux operating system – which is already good enough for most people.
Sure, when you first launch a business built using open source components, it’s important to grow the size of the platform and cater to your early adopters to drive initial success. So you might start off looking a little like Red Hat. But if all goes well, you’ll start to more resemble Facebook, GitHub, Amazon or Cumulus Networks as you layer in your own special something on top of the platform and deliver it as a service, or package it as an appliance. Becoming the next Red Hat is an admirable goal, but when you look at the trends today, maybe even Red Hat should think about becoming the next Amazon.
Image from Shutterstock
Here is the original post: Why There Will Never Be Another RedHat: The Economics Of Open Source
It’s well known that software engineers are in high-demand right now with startups and companies around the world. And if they’re not able to hire from the existing talent pool, companies are looking at the next generation – those computer science majors seeking to make a name for themselves in the industry. However, after four years of post-secondary academia, are these students really prepared for the working world?
Stanford professor and Facebook education modernizer Jay Borenstein doesn’t seem to think so. As a result, he’s organized the Facebook Open Academy, a program that is designed to give students practical software engineering experiences before they graduate, all while working on open source projects.
Now in its second year, Facebook Open Academy has brought together 250 students from 25 universities around the world with faculty and industry mentors.
One of the important things to realize is that while it’s called Facebook Open Academy, it’s really not a Facebook initiative per se. Borenstein worked with the company’s CTO Mike Schroepfer to help grow the program and provide them the necessary resources needed to get close to real-world experience as possible.
Borenstein tells us that the idea started as an experiment to see if it was possible to help computer science students gain relevant exposure to the type of work that they’d be doing in the industry. The issue isn’t that engineers aren’t being hired, but rather that traditional universities aren’t providing the necessary skill sets that students need, such as project estimation, revision models, and standards for writing code when it’s out in production.
It’s argued that computer science students are able to learn more from the Open Academy program than their entire college experience. This is because students will have the opportunity to be supervised by an industry expert vetted by Borenstein’s team and will provide the necessary 1:1 mentorship that’s needed in order to survive in the real-world.
University of Helsinki researcher and faculty advisor Fabian Fagerholm tells us that the Open Academy supplements the teachings universities provide students. He equates the educational curriculum with programs like Borenstein’s as being a marriage of “theory and practice”. Students only have a brief period of time learning about a profession and may oftentimes not get the required practice of those skills prior to joining the workforce. Facebook Open Academy gives that chance and also is just as useful for the mentors and faculty advisors as it is for the student participants.
This year’s program brings together students from 25 universities, including Carnegie Mellon, Columbia, Harvard, MIT, Princeton, Stanford, University of Illinois at Urbana-Champaign, University of Washington, Universidade Estadual de Campinas, University of Singapore, Tampere University of Technology, Waterloo, University of British Columbia, University of Tokyo, Imperial College London, and others.
When asked about the focus on open source, Fagerholm says it’s unavoidable in any computer science job. Whatever kind of software you’re making will probably use some open source framework or tool to do the job:
It’s never a wrong choice to use open source framework to teach computer programming. It’s not the only choice, but never the wrong choice.
So if the goal of Open Academy is to help better prepare students for the real world, some might wonder why Facebook is involved and not a coalition of other tech companies. Borenstein says that the Facebook brand was important to the program since its mission resonated with Open Academy — both organizations cherish transglobal connections, not to mention the social networking company’s support of open source.
In January, Facebook CEO Mark Zuckerberg spoke about how important it was for Facebook to contribute to the open source ecosystem. At the fifth Open Compute Summit in San Jose, he said:
“When you’re the first company to design something, sometimes there’s an advantage to keeping it proprietary and secret. But if there are companies that have done some of this work, especially when we’re getting started, then from our perspective, it was just much better to collaborate with the community and work together to do something that could would blow past what anyone else have done. That was kind of like a no brainer of a practical strategy that we wanted to execute.”
Facebook has certainly contributed to the open source community. Among the most notable of its contributions is its Open Compute Project, which seeks to utilize the power of the crowd to improve server performance for applications and platforms. The initiative has gained momentum over the past three years as notable tech companies have signed on board to participate, including Microsoft. Based on the knowledge shared, Facebook says that the Open Compute Project has helped it save $1.2 billion in infrastructure costs.
Other open source efforts include Presto, its homegrown SQL query engine, Origami, a free design prototype for the Quartz composer, and more spread across infrastructure, mobile, and Web.
However, there’s more to the Open Academy’s open source focus than just Facebook. Students have been brought together to work on projects that reach far beyond social networking — practically any effort that a software engineer works on will use some aspect of open source code. Borenstein’s program is designed to help students understand what the code is all about and be able to make necessary fixes.
While Facebook has been a major part of the Open Academy, Borenstein is hoping that in the future, the company will become a steward and help lay the foundation for the development tools and infrastructure that the academic world can use.
As we all know now, one of the goals of Facebook Open Academy is to give computer science majors part of the working experience they’ll have when in the workforce. But rather than thrusting them into lectures and exercise problems, these students are put into teams to find out how to work well with one another and learn from a dedicated mentor.
This year, the program has brought on board seasoned veterans who actively maintain open source projects, including Ruby on Rails, MongoDB, SocketIO, Mozilla OpenBadge, ReviewBoard, Phabricator, PouchDB, Kotlin, and Freeseer.
AT&T Interactive’s senior software engineer Aaron Patterson is one of those mentors and spoke with us about his role in the Open Academy. He says that while the assigned open source projects benefit from the extra help, students actually receive a huge advantage by being able to interact with one of the maintainers of the project. At the beginning of each program, students are flown to Facebook’s headquarters to meet with their mentor. Over the following three days, they’ll receive help in setting up their development environments and get briefed on projects.
Patterson says teams will be working on bug fixes and also “small-ish” projects. However, make no mistake that these enhancements are just busy work — all efforts by students help advance the state of projects. This is something that Patterson says separates Open Academy from other similar programs at companies like Google.
We’re told that with Open Academy, mentors work with students and tell them what projects need their attention — Patterson says it’s important for students to take on things that maintainers don’t have time for. Yes, it sounds like free labor, but keep in mind that students aren’t just filing documents or answering phone calls — they’re working on actual projects and making improvements.
Patterson points out that with other programs like Google’s Summer of Code, student participants are building things that they want, but may not be appropriate or needed at that time. With Facebook Open Academy, mentors like him know what’s needed and instructs students on what to do — Patterson helps them move in the right direction before asking them “Now what do you want to do? What do you want to improve?”
The length of Open Academy varies based on each student’s university – some operate on a semester calendar while others are on a quarterly one. For each session, students will be paired with others based not on friendships, but on common interests. Borenstein says that a formula is used to assign people to teams, primarily weighted on project preferences. Other factors include logistics such as time zones and schools where students are located.
For mentors, the primary goal isn’t the presentation of the work that they’ve accomplished. Rather, it’s about how students have worked together in teams remotely, the learning outcome, and being mentored by someone who they respect.
In the end, it appears that students, faculty, and mentors agree that programs like Facebook Open Academy have a positive impact on strengthening the developer talent pool and community. Fagerholm agrees with this and believes more companies should participate in Open Academy-type programs lest they miss out on a source of talent. He thinks that students are more inclined to join a company that has participated in such an initiative and shows that they’re thinking long-term about the development of their talent.
This is not like an internship or even a massive open online course (MOOC) like you’d receive from Coursera, Khan Academy, Udemy, or other similar services – it’s more like a more detailed and hands-on capstone course one can take for college credit. While Facebook Open Academy is only in its second year, it will be interesting to see how it progresses in the future and/or if it affects the current computer science curriculums in universities.
Originally posted here: How Facebook’s Open Academy helps students to become better software engineers
In the past five years, the number of bank loans under $1 million has dropped by more than 20 percent. This puts small business owners, arguably the driving force of our economy, at a severe disadvantage when it comes to starting a business.
But Jared Hecht, co-founder of startup success story GroupMe, alongside cofounders Rohan Deshpande and Andres Moran, is today launching a totally new service called Fundera, built specifically to facilitate small business funding through alternative lending.
Fundera has received a total of $3.4 million in funding from Khosla, First Round Capital, Lerer Ventures, SV Angel, and various angel investors including Strauss Zelnick, Rob Wiesenthal, David Rosenblatt, and David Tisch.
Fundera is an online marketplace for small business loans. Once SMB owners are on the platform, they can fill out one common application with information on how long the business has been in place, annual revenue, approximate credit score, accounts receivable, among other data points.
Once they’ve filled out the necessary information, it only takes seconds to be pre-approved and matched with potential lenders.
Instead of harassing big banks, getting rejected, or (in the best-case scenario) getting approved and waiting months for the cash, Fundera allows entrepreneurs to secure the funding they need in days.
It all started when Hecht saw his cousin-in-law, Zach, struggling to raise funding to open a third restaurant in his thus-far successful Fusian chain of restaurants. After multiple attempts, Zach still couldn’t secure a loan from a bank, despite having a profitable business.
Once Hecht started investigating the situation, he realized that the alternative lending space is growing rapidly, but has yet to be touched by the efficiency and transparency of the internet.
And so, Fundera was born.
Unlike the traditional model, which taxes between 5 percent and 15 percent on the borrower side, Fundera only receives a 1-3 percent origination fee, from lenders only. But where does the money come from?
“In small business lending, alternative lenders source capital through a variety of sources: credit facilities from banks, institutional investors, hedge funds, private equity, family offices, and accredited investors,” explained Hecht. “The higher risk that lenders assume is reflected in their respective pricing.”
In beta testing, the company has matched 200 business owners with lenders and facilitated nine loans.
Read the original post: GroupMe Founder Gets $3.4M to Make Small Business Loans More Accessible With Fundera
Software components are a vital aspect of app development. They are the pieces of code that make the software what it is, and they can come from thousands of sources. But they can be subject to tampering. For example, last summer, Chinese hackers exploited vulnerabilities in Struts, an open-source framework for developing Java-based web applications. Struts has been managed under the umbrella of the Apache Foundation. It was recently announced that Struts had reached its “end-of-life” and will no longer be supported.
To help address this issue, Sonatype has updated its component lifecycle management (CLM) technology to protect software developers from using rogue open-source components that could be used to attack any kind of software, including an app for your phone or even your car or heart monitor. The technology then automates the process for enforcing policies that help provide assurances to the software developer that the components are okay to use.
Sonatype allows for components to be fixed through the software development cycle to help identify flaws such as those that surfaced when Struts was hacked.
Features in the new version include an inventory that notifies developers about the potential issues of the components that might include security risks and what components are out of date or might have potential licensing liabilities. It also includes the ability to replace unsafe components with the appropriate version. It’s that ability to identify components that becomes important as software integrates into everyday things, said CEO Wayne Jackson in a recent phone interview.
Sonatype also announced that it has hired well-known security expert Josh Corman as its chief technology officer. Corman, who is known for his work at 451 Research, Akamai and IBM, tells me in an email that the work at Sonatype correlates to his focus on defensible infrastructure, application security and how to make the Internet of Things less vulnerable to attack. A preventive approach is needed with the spread of connected things. In many respects IT is growing faster than the ability to secure it, as he discussed in a TED talk this past December.
So does the risk of open-source software components unleash an unhealthy dose of FUD? No. Instead, it’s a good reason to give thought about how to prevent security exploits instead of just continuing reacting to crises as they inevitably arise.
The shift to scale out architectures and an app-centric culture has turned out well for Docker and its lightweight open-source “container” technology designed for developers to quickly move code to the cloud.
That’s evident in today’s news that the company has raised $15 million in a Series B round led by Greylock Partners, with minority participation from Insight Venture Partners and existing investors Benchmark Capital and Trinity Ventures. Also participating is Yahoo! Co-Founder Jerry Yang, who has participated in previous rounds.
Docker will use the funding to push toward the general availability of the Docker environment, develop commercial services that pair with the open-source technology and build a team to support the growing community.
The technology path is similar to the one VMware followed in its early days when IT managed their corporate-owned infrastructure. These were state-of-the-art data centers that had to be optimized to run enterprise software. For these IT managers, VMware became a critical part of the equation so multiple virtual machines could run on its hypervisor and server environment. VMware is lauded for the excellent job it did in managing its technology so the end-user was not impacted and the IT manager could manage the infrastructure effectively.
The similarity to VMware in its early days and the excitement that Docker has generated made it an attractive investment, said Jerry Chen, a general partner at Greylock who joined the venture capital firm in August. It is Chen’s first investment since joining Greylock.
“One of the things we learned at VMware is be as frictionless as possible,” Chen said in a phone interview today. “Docker has that ability as well.”
Docker also can be scaled from scratch. It can grow to multiple apps or be used on public or private servers, Chen said. And it can be scaled out in seconds, moved anywhere and all done without having to re-configure all over again.
“Docker is the right tech to fit the rapid updates,” Chen said.
Docker faces the challenge of making its technology easy-to-use with features that make it effective for a developer or a DevOps professional. For this new DevOps pro, Docker has to consider the management and orchestration of apps that are continuously updated using the Docker environment. For example, Docker will develop both public and private registries for developers to store their containers. It also plans to build management and orchestration tools that are needed as people and their organizations manage more and more Docker containers.
And then there is the community, which continues to grow at scale. Docker is now one of the world’s fastest-growing, open-source efforts. There have been more than 9,000 stars given to Docker on GitHub as well as more than 1,320 forks. To manage that growing community will take investment that the company will need to manage with product development.
It’s that community that helped Docker gain acceptance with Red Hat, which is integrating it into OpenShift, its PaaS environment. It has also been adopted by Google Compute Engine. eBay, Yandex and a host of other companies are using Docker in production environments.
Docker is the result of a pivot led by Solomon Hykes, who originally launched the company as DotCloud in 2009.
Originally designed as a platform as a service (PaaS), Docker showed promise for its flexible capabilities in providing developers with a service that supported multiple programming languages. But the competition from companies like Heroku and VMware’s Cloud Foundry made for a challenging market, further exacerbated by the lack of a widespread market acceptance for the benefits that PaaS providers offered.
But developers did need a way to move their code to cloud services in a lightweight way without the tax of heavy virtual machines that were difficult to move and required a degree of manual integration. The problem stemmed from the virtualization technology itself, which sits below the operating system. It virtualizes the server, not the app. And because of that, the operating system has to move in order to run the app wherever it might be transported. Once delivered, it has to be booted up and configured to run with the database and the rest of the stack that it depends on.
With Docker, the container sits on top of the operating system. The only thing that moves is the code. The developer does not have to boot and config. Instead, the container syncs with the cloud service.
Hykes launched the open-source effort last spring and the acceptance has been almost unprecedented.
“I have never seen a technology take off as quickly as Docker and get the type of broad-based adoption that it is getting,” said Dan Scholnick of Trinity Ventures in a phone interview last week. “If you look at the absolute numbers — the number of Docker containers downloaded, the number of docker containers created — they are off the charts. What is more interesting, the adoption is not just coming from startup or certain types of companies. The adoption is across companies of all sizes and industry verticals. It is a combination of high-growth and broad-based adoption that is really amazing.”
There really are no equivalents to Docker. There are alternatives to it but as a Linux container it is the most widely used in the market. Its deepest competition will stem from VMware and virtualization providers that market to developers. And that’s not it. Cloud Foundry has its own form of a Linux container, which raises a question about how Docker fulfills its promise as a technology platform. The container is one part of the puzzle. It’s the foundation, but there are tool developers who can seize the opportunity to develop technologies that compete with Docker while also participating in its ecosystem.
HTC is said to be readying the next generation of the HTC One, which will keep the same simple moniker but offer up a larger display and a camera with a so-called “twin-sensor” rear-facing camera, according to Bloomberg (via Verge). The screen will be at least 5-inches diagonally, which is slightly larger than the existing 4.7-inch HTC One, but overall the design will resemble that of its predecessor.
I’m feeling conflicted about this new device: On the one hand, the HTC One is easily one of the top three best Android phones of 2013; on the other, it’s clear that the HTC One didn’t do much to turn around HTC’s flagging fortunes, despite the extremely positive reception it had among press and the few people who did buy one.
Still, maybe a year of positive press and hype associated with the HTC One name will help the Taiwanese company move more units this time around, paired with a bigger screen (which seems to be high on customer want lists) as well as this improved camera, which is said to offer better focus performance, improved depth of field and better image quality overall, according to Bloomberg’s source.
As sad is it to say, HTC doesn’t need another smartphone that appeals to the connoisseur crowd: It needs a runaway mass-market success. They did great work with the HTC One, but sticking close to the original design in this case does mean they run the risk of shipping another beloved but mostly ignored device.