Novell adds debugger to Mono to help Windows apps get to Linux

Novell Tuesday released a Mono-based plug-in for Visual Studio that gives developers a debugger to help them use Windows to design applications that will run on Linux. Mono Tools for Visual Studio is a plug-in for Microsoft's integrated development environment (IDE). The plug-in lets developers use Visual Studio to write and maintain applications that can run on Windows, Linux, Mac and Unix platforms. In addition, Novell is integrating its Suse Studio Online, which lets users build custom distributions of Linux so they can package their applications on an appliance loaded with a Linux operating system. Mono Tools for Visual Studio runs with Mono 2.4, which is available now, and 2.6, which is slated for release in December or January.

Novell's Mono is a .Net-compatible set of tools that includes a Common Language Runtime environment that enables the cross-platform capabilities. Mono Tools for Visual Studio does not support Mono on the iPhone because it requires a Macintosh. Mono can be run on Linux, BSD, Unix, Mac OS X, Solaris and Windows. Now we have a full debugger that people can use from the comfort of their Windows machines with Visual Studio and deploy their applications on remote Linux machines." Mono Tools adds a pull-down menu within Visual Studio that gives access to the debugging capabilities and other coding and testing functionality contained in Mono. Novell officials said the most important part of the plug-in is a debugger that will make it easier for Visual Studio users to tap Linux as a deployment platform. "We did not have a debugger story," says Miguel de Icaza, vice president of the developer platform at Novell and the creator of Mono. "People had to fly by instruments when developing their applications with .Net and wanting to deploy them on a Linux server.

The software also includes an integrated porting analysis tools that directs users onto non-Windows platforms without needing to know any of the development nuances for those platforms. The Professional Edition for individuals is $99, while the Enterprise Edition (one developer per organization) is $249, and the Ultimate Edition is $2,499. The Ultimate Edition includes a limited commercial license to redistribute Mono on Windows, Linux and Mac OS X. It also provides five enterprise developer licenses. Mono Tools for Visual Studio is available in three editions. Follow John on Twitter: http://twitter.com/johnfontana

Ellison mocks Salesforce.com's 'itty bitty' application

Oracle CEO Larry Ellison mocked on-demand CRM (customer relationship management) vendor Salesforce.com during a shareholder meeting Wednesday, saying its "itty bitty" application depends on Oracle's products. "We think Salesforce.com has got terrific underlying technology," he said in response to a question from a shareholder about Salesforce.com and the competitive pressures posed by the cloud-computing model. "In fact, everything they run is on an Oracle database. But they don't stop there. We think the Oracle database is fabulous cloud technology. On top of the Oracle database they build their applications using - what is it?

Oh, my God." Ellison's comments follow reports that Salesforce.com CEO Marc Benioff will be speaking at Oracle's OpenWorld conference during an "executive solution session." Salesforce is also a sponsor of OpenWorld this year. Oracle middleware. His appearance seemed surprising to some observers, given the history between the two companies. Indeed, Ellison's scathingly sarcastic remarks on Wednesday made it sound like the companies' rivalry has not dimmed at all. "Let's look at their technology," he said. "They buy computers. Ellison was an early investor in Salesforce.com and once sat on its board, but left after a falling out with Benioff. They rent a room.

They buy electricity and plug it in. Uh, they put the computers in the room. They then buy an Oracle database to run on those computers and then they buy Oracle middleware to build their applications. A Salesforce.com spokesman wouldn't directly address Ellison's comments, but pointed to the company's successes. "Customers are moving towards cloud computing and away from traditional software," said Bruce Francis, vice president of corporate strategy, via e-mail. "We have more than 63,000 customers experiencing success in the cloud. Oh, excuse me, and then they build this little itty-bitty application for salesforce automation. ... Most of the technology at Salesforce.com is ours." In addition, a long list of companies have "chucked" Salesforce.com's software and replaced it with Oracle's on-demand CRM software, Ellison claimed. And, as we reported in August, the number of customers grew 32% in Q2."

Security researchers ask: Does self-destructing data really vanish?

Researchers this week published a paper describing how they broke Vanish, a secure communications system prototype out of the University of Washington that generated lots of buzz when introduced over the summer for its ability to make data self-destruct. But interesting wasn't good enough for researchers at Princeton University, the University of Texas and the University of Michigan, who wondered how well the system could really stand up to attack. I gave the system a whirl back in July and found it to be pretty interesting.

Ed Felten from Princeton describes in the Freedom to Tinker blog how he, a fellow researcher at Princeton and peers at the University of Michigan and University of Texas figured out how to beat Vanish. Such networks, the same kinds used to share music and other files, change over time as computers jump on or off. Their paper is titled "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs."  Vanish exploits the churn on peer-to-peer networks by creating a key whenever a Vanish user puts the system to use and then divvying up that key and spreading across the P2P net. As such, portions of the key disappear forever and the original message can't be unencrypted. This led to some interesting technical discussions with the Vanish team about technical details of Vuze and Vanish, and about some alternative designs for Vuze and Vanish that might better resist attacks." Later, Felten ran into an ex-student now at the University of Texas who happened to be investigating Vanish as well, and they wound up collaborating. "The people who designed Vanish are smart and experienced, but they obviously made some kind of mistake in their original work that led them to believe that Vanish was secure - a belief that we now know is incorrect," Felten writes. Felten wrote that after reading about Vanish during the summer "I realized that some of our past thinking about how to extract information from large distributed data structures might be applied to attack Vanish. [S]tudent Scott Wolchok grabbed the project and started doing experiments to see how much information could be extracted from the Vuze DHT [Vuze is the P2P network used by Vanish and DHT is a distributed hash table]. If we could monitor Vuze and continuously record almost all of its contents, then we could build a Wayback Machine for Vuze that would let us decrypt [vanishing data objects] that were supposedly expired, thereby defeating Vanish's security guarantees." Felten goes on to tell an interesting tale about the timing of this realization and the experiments that followed. "We didn't want to ambush the Vanish authors with our break, so we took them aside at the [Usenix Security conference in Montreal in August] and told them about our preliminary results.

The University of Washington researchers investigated the other researchers' findings, updated Vanish and issued a report of their own on the experience.  Among other things, they came up with a way to make breaking Vanish more expensive, Felten writes. We do encourage researchers, however, to analyze it and improve upon it. The University of Washington researchers sum up their latest findings here as well, noting that Vanish does not have to be wedded to Vuze and in fact might be better based on a hybrid system that uses multiple distributed storage systems.  They write: "However, we recommend that at this time, the Vanish prototype only be used for experimental purposes. We strongly believe that realizing Vanish's vision would represent a significant step toward achieving privacy in today's unforgetful age." For more on network research, read our Alpha Doggs Blog. Follow Bob Brown on Twitter.

Microsoft's CodePlex Foundation leader soaks in stinging critique

After a stinging critique from a noted expert in establishing consortia, the leader of Microsoft's new CodePlex Foundation says such frank evaluation is welcome because the open source group's structure is a work in progress. The CodePlex Foundation's aim is to get open source and proprietary software companies working together. Sam Ramji, who is interim president of the CodePlex Foundation, was responding to last week's blog by Andy Updegrove, who said the group has a poorly crafted governance structure and looks like a sort of "alternative universe" of open source development.

Updegrove, a lawyer, noted expert on standards, and founder of ConsortiumInfo.org, laid out in a blog post five things Microsoft must change if it wants CodePlex to succeed: create a board with no fewer than 11 members; allow companies to have no more than one representative on the Board of Directors or Board of Advisors; organize board seats by category; establish membership classes with rights to nominate and elect directors; and commit to an open membership policy. He added, however, "There are some best practices [for running the boards of non-profits] that we are not as familiar with as we would want to be." Slideshow: Top 10 open source apps for Windows  Stephanie Davies Boesch, the foundation's secretary and treasurer, is the only board member with experience sitting on a non-profit's board. Despite the stinging tone in Updegrove's assessment, Ramji says he is thankful for the feedback. "Andy's been incredibly generous with his expertise and recommendations," Ramji says. "It is the kind of input and participation we were hoping to get by doing what is probably non-traditional for Microsoft but not necessarily non-traditional for non-profit foundations, which is to basically launch as a beta." For instance, Ramji says that the decision to go with only five people on the board came from Microsoft's experience that larger groups often have difficulty with decision making. Ramji says Updegrove's suggestion to have academic representation on the board was "outstanding. And basically it is re-writable. We did not think of that." And to Updegrove's point on becoming an open membership organization, Ramji says, "our goal is to become a membership organization and Andy has some excellent recommendations for that."He says the fact that Updegrove took the time to respond "in the format that he did is more proof that there is something worth doing here." Ramji, compares the Foundation's formation to the early days of a software development project. "We have said in these first 100 days we are looking at everything as a beta.

Obviously, there are some areas like contributions and licensing agreements we put a lot of time into but even those can be modified." Microsoft announced the foundation Sept. 10 with a stated goal "to enable the exchange of code and understanding among software companies and open source communities." The company seeded the group with $1 million and Microsoft employees dominated the interim board of directors and board of advisors. One is a call for a broad independent organization that can bridge cultural and licensing gaps in order to help commercial developers participate in open source. Ramji says the foundation has spent the past couple of weeks listening to feedback in "Twitter messages, email, and phone calls in order to understand what people hope this can be." Within that feedback two patterns have emerged, Ramji says. The other focuses on creating a place where open source .Net developers can gain strong backing. "Look at projects related to Mono, you also can look at NUnit, NHibernate, we really feel optimistic that the Foundation could help them gain a higher level of credibility in the open source community. Miguel de Icaza, the founder of the Mono project and the creator of the Gnome desktop, is a member of the Foundation's interim board of directors. They feel they have been lacking that strong moral support," Ramji says.

From a high level, Ramji says the Foundation stands as a sort of enabler that helps independent developers, companies and developers working for those companies navigate the nuances and practices of open source development so they can either contribute source code to projects or open source their own technologies. "One suggestion has been that the Foundation should house all the best practices we have seen software companies and open source communities use," said Ramji. "We want to have a place where everyone interested in how to participate can come and read and if they choose they can use our license agreements or can use the legal structure of the Foundation to grant patent licenses and copyrights for developers and derivative works." Those licensing agreements have a distinct focus, Ramji said, on the rights that are related to code that is being contributed and on how to contribute the patent rights on that code. Ramji says the goal is to service multiple projects, multiple technologies and multiple platforms rather than having one specific technology base, which is how most current open source foundations are structured. "It's early days and we have received a lot of good ideas from experts in a variety of fields from law to code to policy that is what we had hoped for," says Ramji. "Someone wrote it is nice to see Microsoft engaging early on without all the answers and to have the community solve what they would like to see. Once those issues are settled, code would be submitted using existing open source licenses. That is satisfying for me and refreshing to others. This is the right way to proceed." Follow John on Twitter