Re: [OpenIndiana-discuss] OpenIndiana roadmap
Hmm, maybe the situation is not that bad after all... Consider the recent OI releases, each containing hundreds of updated packages with respect to the previous one. I didn't track this in detail, but it seems very likely that many of these updates also addressed security issues. That would mean that a large number of security fixes actually *have* been provided, although they have not been announced as such. Wouldn't it be possible to push such packages to the updates channel as soon as they are finished (as long as dependencies permit), or at least after some limited amount of testing? If concerned about package quality, one could maybe provide two such channels - one for fresh packages which can be installed by early adopters, and a second one to which packages get forwarded if no significant flaws are reported within, say, a two week period. This could give end users more timely access to (security) updates without generating extra workload to the core developers. But maybe in practice it's not that simple... The second thing which an OI user would probably find useful is a resource providing a list of *significant* security issues which have not been fixed yet. This is important for getting an idea how safe (or unsafe) it actually is to use this system. And it could help the core developers to focus on the most important issues in the precious time they are dedicating to OI. The security advisories page on openindiana.org is currently empty; is this a good sign or a bad one ;-) ? Oliver Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Funny discussion!! It's like being in the Oracle boardroom around the time they took over Sun. Do we close the code? Who will develop? Who can develop? Who will fund it? How to manage the roadmap? What we do forget is that installing an OS can take 1 to 180 minutes. But maintaining it and solving all daily problems takes more than a few mouseclicks. When real knowledge kicks in, costs arise either in time or education. Creating a payed environment for security updates is what Sun tried with Solaris10. Doing the same now would create a solaris11.2 kind of system. There are many hurdles at this moment and i just got an offer for a solaris11 anual supportfee, costing about € 300,- . Kind regards, The out-side Op 19 feb. 2013 om 19:28 heeft dormitionsk...@hotmail.com dormitionsk...@hotmail.com het volgende geschreven: Oh, and by the way - some of the problems with recruiting at universities are: 1) the students tend to be busy with their studies, 2) they are still in the process of acquiring the skills, 3) they lack experience, and 4) they tend to want to make a lot right off if you're considering hiring them full time straight out of college. Among the good points, though, is that you may be able to get fresh talent, possibly even at an affordable price, if they can work for you part time while still in school. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Moreover, providing security fixes has been a defined goal of OpenIndiana right from the beginning. See the FAQ: Q: Will OpenIndiana provide security and bug fixes to their stable releases? A: Yes, absolutely. We view this as one of the key missing features that prevented widescale adoption of OpenSolaris in production environments. Precisely. I think a small fee for security fixes (on the order of, say, $50/y) would appear quite acceptable even to private or academic OI users. Oliver PD Dr. Oliver H. Weiergräber Institute of Complex Systems ICS-6: Structural Biochemistry Tel.: +49 2461 61-2028 Fax: +49 2461 61-9540 From: Bob Friesenhahn [bfrie...@simple.dallas.tx.us] Sent: Tuesday, February 19, 2013 2:52 AM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap On Mon, 18 Feb 2013, Jesus Cea wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? I would be willing to pay $100-200/year per system for simple binary updates and no support calls (other than if simple updates don't work). I see that OmniOS offers commercial support ($1000/year for 2 sockets) but they don't say if that includes security support. The notion of support usually seems to include someone to call to work through difficult technical issues and not just delivery of updated binaries. It is really not all that difficult to offer security support. A couple of people should be able to accomplish it for the whole OS. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 19/02/2013 12:41, Weiergräber, Oliver H. wrote: Moreover, providing security fixes has been a defined goal of OpenIndiana right from the beginning. See the FAQ: Q: Will OpenIndiana provide security and bug fixes to their stable releases? A: Yes, absolutely. We view this as one of the key missing features that prevented widescale adoption of OpenSolaris in production environments. Precisely. I think a small fee for security fixes (on the order of, say, $50/y) would appear quite acceptable even to private or academic OI users. But has OI (whatever that organization is) any infrastructure to actually make offers, fulfill all the jurisdictional requirements which are prevalent in different countries ? A private user can always send some money somewhere, but as an organizational member, I'm not allowed to send anyone money, instead, a financial and a trade departement are doing that for us, and as a governmental institution, we are bound to federal law, which has requirements and formalia for vendors and a lot of papers to sign before a single cent can be send elsewhere. I'm convinced that even not a formal company not based in Germany (or the EU, but already that is difficult) has any chance to fulfill those requirements. And I don't know how complicated that is elsewhere. If any of such service should be offered, the only way to do this worldwide is to have regional agencies accepted by the public law as a partner, such as Nexenta, Joyent etc, which already settled at least in the major countries. -- Dr.Udo GrabowskiInst.f.Meteorology a.Climate Research IMK-ASF-SAT www.imk-asf.kit.edu/english/sat.php KIT - Karlsruhe Institute of Technologyhttp://www.kit.edu Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026 ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Hi, fee sounds nice. But you have to find somebody to whom to pay it. Nobody offers manpower helping Jon to build and to assemble releases. All working on it have full time job (with no plans to change I think). Offer some dedicated junior team members, not money. Best regards, Milan On 19.02.2013 13:41, Weiergräber, Oliver H. wrote: Moreover, providing security fixes has been a defined goal of OpenIndiana right from the beginning. See the FAQ: Q: Will OpenIndiana provide security and bug fixes to their stable releases? A: Yes, absolutely. We view this as one of the key missing features that prevented widescale adoption of OpenSolaris in production environments. Precisely. I think a small fee for security fixes (on the order of, say, $50/y) would appear quite acceptable even to private or academic OI users. Oliver PD Dr. Oliver H. Weiergräber Institute of Complex Systems ICS-6: Structural Biochemistry Tel.: +49 2461 61-2028 Fax: +49 2461 61-9540 From: Bob Friesenhahn [bfrie...@simple.dallas.tx.us] Sent: Tuesday, February 19, 2013 2:52 AM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap On Mon, 18 Feb 2013, Jesus Cea wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? I would be willing to pay $100-200/year per system for simple binary updates and no support calls (other than if simple updates don't work). I see that OmniOS offers commercial support ($1000/year for 2 sockets) but they don't say if that includes security support. The notion of support usually seems to include someone to call to work through difficult technical issues and not just delivery of updated binaries. It is really not all that difficult to offer security support. A couple of people should be able to accomplish it for the whole OS. Bob ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 02/19/2013 12:41 PM, Weiergräber, Oliver H. wrote: Moreover, providing security fixes has been a defined goal of OpenIndiana right from the beginning. See the FAQ: Q: Will OpenIndiana provide security and bug fixes to their stable releases? A: Yes, absolutely. We view this as one of the key missing features that prevented widescale adoption of OpenSolaris in production environments. Precisely. I think a small fee for security fixes (on the order of, say, $50/y) would appear quite acceptable even to private or academic OI users. It might seem like a fine idea for a business, but for me this is a deal breaker. I have lots of OI systems, some for personal use, some for business use, and all of them need security fixes. I don't want to have to pay for support on machines which generate zero revenue. Also, how do you enforce this? Will you make access to security repositories subscriber-only? And how will you manage subscriptions? How will you manage machine IDs? This necessarily forces you to close off portions of OI code, which is a dangerous path to take. My personal hopes for OI were to have something like the Debian model, where all the source code, community support and security fixes are open and free. Then, if somebody wants to provide additional expertise on top of that, be it consulting or direct commercial support (with phone calls, e-mail/chat support, remote administration, SLAs and all that jazz), be my guest. But keep the code open. If OmniOS can do it (http://omnios.omniti.com/wiki.php/ReleaseNotes), then OI can too. Cheers, -- Saso ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
No question that a fully community-supported distribution would be the most desirable option - and that's probably what the OI pioneers had in mind as well ;-) Oliver From: Sašo Kiselkov [skiselkov...@gmail.com] Sent: Tuesday, February 19, 2013 1:25 PM To: openindiana-discuss@openindiana.org Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap On 02/19/2013 12:41 PM, Weiergräber, Oliver H. wrote: Moreover, providing security fixes has been a defined goal of OpenIndiana right from the beginning. See the FAQ: Q: Will OpenIndiana provide security and bug fixes to their stable releases? A: Yes, absolutely. We view this as one of the key missing features that prevented widescale adoption of OpenSolaris in production environments. Precisely. I think a small fee for security fixes (on the order of, say, $50/y) would appear quite acceptable even to private or academic OI users. It might seem like a fine idea for a business, but for me this is a deal breaker. I have lots of OI systems, some for personal use, some for business use, and all of them need security fixes. I don't want to have to pay for support on machines which generate zero revenue. Also, how do you enforce this? Will you make access to security repositories subscriber-only? And how will you manage subscriptions? How will you manage machine IDs? This necessarily forces you to close off portions of OI code, which is a dangerous path to take. My personal hopes for OI were to have something like the Debian model, where all the source code, community support and security fixes are open and free. Then, if somebody wants to provide additional expertise on top of that, be it consulting or direct commercial support (with phone calls, e-mail/chat support, remote administration, SLAs and all that jazz), be my guest. But keep the code open. If OmniOS can do it (http://omnios.omniti.com/wiki.php/ReleaseNotes), then OI can too. Cheers, -- Saso ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 2013-02-19 13:25, Sašo Kiselkov wrote: It might seem like a fine idea for a business, but for me this is a deal breaker. I have lots of OI systems, some for personal use, some for business use, and all of them need security fixes. I don't want to have to pay for support on machines which generate zero revenue. Makes sense. Also, how do you enforce this? Will you make access to security repositories subscriber-only? And how will you manage subscriptions? How will you manage machine IDs? This necessarily forces you to close off portions of OI code, which is a dangerous path to take. I believe RedHat and its spin-offs (Fedora as a bleeding edge experiment, and CentOS as a rebadged clone) have set a nice example here, especially the latter. All the source is open as GPL requires, and AFAIK CentOS is a rebuild of the same code in the same conditions as the main RHEL distro. The only difference is the right (license) to use RedHat's IP in the form of name and logo, which is granted only to its official paid-for distro. Also, the paid-for distro users have someone to complain to in case of bugs/RFEs, and the community (including free spinoff users) have the results for free, but later (after testing, rebuilds, etc.) Qualified users are free to pull the source code updates and constantly rebuild their free OSes if they like, but the general populace would likely wait for new RPM revisions to appear and become automatically downloaded and applied to their installation. As for user identification, Oracle MOS has an example with individual user certificates issued for support contract holders, to access IPS repos over HTTPS. On one hand, these certificates automatically have an expiration date which forces one to continue buying support and automates the non-provision of commercial updates to unpaid users. On another hand this allows to track the usage - i.e. how many IP addresses downloaded a patch with certain user certificate, or even how many times it has been used for the same patch in a short timeframe (though... then what about updates of many local zones...)? If you want to go Nazi about forcing people to buy support for each machine - there are simple ways to do it. They might be circumvented (i.e. use the user-cert on some LAN replicator of IPS packages), but this might not be worth it especially if support is kept relatively cheap and the users follow an honor system to have this OS alive at all. The individual users might get the same patches via source (illumos-gate, etc. - subject to their ability to build this and receive the same resulting binaries which work like the QA'd releases) and/or by quarterly community releases, etc. This way, the code needs not be closed, and there is an ability to fund the project (both branches) as well as gain free users and more common awareness. And compliance-bound users have someone to blame for security breaches ;) Though, possibly, this is what undermined Sun - OpenSolaris SXCE which was way more functional than Solaris 10 and free to use at that ;) //Jim ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 02/19/2013 02:23 PM, Jim Klimov wrote: I believe RedHat and its spin-offs (Fedora as a bleeding edge experiment, and CentOS as a rebadged clone) have set a nice example here, especially the latter. All the source is open as GPL requires, and AFAIK CentOS is a rebuild of the same code in the same conditions as the main RHEL distro. The only difference is the right (license) to use RedHat's IP in the form of name and logo, which is granted only to its official paid-for distro. You don't get access to RedHat's repos without paying. There are some portions of the code that CentOS doesn't ship (such as the policy enforcement libraries). In this respect, RHEL is closer to what Solaris was before the Oracle takeover (a closed-source distro built from freely available sources). Also, the paid-for distro users have someone to complain to in case of bugs/RFEs, and the community (including free spinoff users) have the results for free, but later (after testing, rebuilds, etc.) Qualified users are free to pull the source code updates and constantly rebuild their free OSes if they like, but the general populace would likely wait for new RPM revisions to appear and become automatically downloaded and applied to their installation. As for user identification, Oracle MOS has an example with individual user certificates issued for support contract holders, to access IPS repos over HTTPS. On one hand, these certificates automatically have an expiration date which forces one to continue buying support and automates the non-provision of commercial updates to unpaid users. On another hand this allows to track the usage - i.e. how many IP addresses downloaded a patch with certain user certificate, or even how many times it has been used for the same patch in a short timeframe (though... then what about updates of many local zones...)? Except that you could use this to install a certificate on any number of NAT'ed machines. A little bit of manipulation in the IPS libraries and you can get all machines to look and smell like the same machine. No, if you want to track usage without people cheating, you need to ship closed policy enforcement code - that's why you'll never see an open-source DRM. It just doesn't work, by definition. If you want to go Nazi about forcing people to buy support for each machine - there are simple ways to do it. They might be circumvented (i.e. use the user-cert on some LAN replicator of IPS packages), but this might not be worth it especially if support is kept relatively cheap and the users follow an honor system to have this OS alive at all. The individual users might get the same patches via source (illumos-gate, etc. - subject to their ability to build this and receive the same resulting binaries which work like the QA'd releases) and/or by quarterly community releases, etc. This way, the code needs not be closed, and there is an ability to fund the project (both branches) as well as gain free users and more common awareness. And compliance-bound users have someone to blame for security breaches ;) I don't want to go through a billion hoops just to deploy security-supported machines. Want to make a closed-model variant of OI? Go ahead. But if this is the direction OI itself takes, I'm out (and I gather I'm not the only one). Though, possibly, this is what undermined Sun - OpenSolaris SXCE which was way more functional than Solaris 10 and free to use at that ;) Solaris 10 was free to use, with patches and all, although the source was closed - that's the only advantage SXCE had over S10 (besides being based on the S11 codebase). Cheers, -- Saso ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 2013-02-19 14:38, Sašo Kiselkov wrote: You don't get access to RedHat's repos without paying. There are some portions of the code that CentOS doesn't ship (such as the policy enforcement libraries). In this respect, RHEL is closer to what Solaris was before the Oracle takeover (a closed-source distro built from freely available sources). No, if you want to track usage without people cheating, you need to ship closed policy enforcement code - that's why you'll never see an open-source DRM. It just doesn't work, by definition. Ok... in this case, I believe, the enforcement parts are not GPLed? ;) However, if RedHat gives you access to GPLed code (even for money), you have any right to republish it and they have no right to request an NDA on it, right? Also, the paid-for distro users have someone to complain to in case of bugs/RFEs, and the community (including free spinoff users) have the results for free, but later (after testing, rebuilds, etc.) Qualified users are free to pull the source code updates and constantly rebuild their free OSes if they like, but the general populace would likely wait for new RPM revisions to appear and become automatically downloaded and applied to their installation. As for user identification, Oracle MOS has an example with individual user certificates issued for support contract holders, to access IPS repos over HTTPS. On one hand, these certificates automatically have an expiration date which forces one to continue buying support and automates the non-provision of commercial updates to unpaid users. On another hand this allows to track the usage - i.e. how many IP addresses downloaded a patch with certain user certificate, or even how many times it has been used for the same patch in a short timeframe (though... then what about updates of many local zones...)? Except that you could use this to install a certificate on any number of NAT'ed machines. A little bit of manipulation in the IPS libraries and you can get all machines to look and smell like the same machine. That's what I meant about tracking the intensity of usage of the certificate for the same packages in some time frame, from one or multiple internet addresses. To an extent this would interfere with local zones - or with your multiple systems that would look like one system's zones. But using some analytics - i.e. requests for GZ-only packages or some other suspicious behavior, you might detect possible abuse of licensing and suspend a user's certificate (via CRL on the IPS CA). To go Nazi'er about this, you could use Remote Physical Device Fingerprinting techniques, see http://www.caida.org/publications/papers/2005/fingerprinting/ http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf But realistically, any harsh requirements would be circumvented. Even Microsoft and Oracle and MPAA, despite a bully attitude and billions to invest into police collaboration, can't force everyone to pay. The attitude should be different, maybe more honorable? Perhaps, bundle prices and early application of site support licenses would help (i.e. you pay for 1000 OI installs as for 10, but you have peace of mind that you're audit-clean); and as long as this only concerns automated support - patching - the support provider does not have much more spending either (perhaps only bandwidth?) In fact, many commercial companies go this way about their support sales - they are interested in getting a minimum amount of dollars from the transaction. Discounts from list prices might be negotiated to orders of magnitude, so you can get almost any amount of support rights after you pay a certain minimum price - especially if you do buy something else to sweeten the deal for all sides. I don't want to go through a billion hoops just to deploy security-supported machines. Want to make a closed-model variant of OI? Go ahead. But if this is the direction OI itself takes, I'm out (and I gather I'm not the only one). No, that is not what I want. I am elaborating on my current point of view for the basic question *how to provide funding to support a regularly security-supported release?* Discussion might change this point of view by uncovering its deficiencies, of course ;) One way is to *require* people (or organizations) to pay. Another way is to *ask them nicely to pay* (gift, whatever) before we kick the bucket and they'd have to migrate and blame themselves for the headache and loss of OS qualities. The rest are mechanisms - algorithmical, licencial, procedural... which lead to the needed result: collection of money, payment to people who track CERT or Linux security patch streams and apply patches to illumos and build the binary releases, and availability of these releases to at least the paying users but preferably to everyone (instantly or sooner or later). As another example I might point to multiple open/closed projects (where closed is a feature-enhanced
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 02/19/2013 03:12 PM, Jim Klimov wrote: On 2013-02-19 14:38, Sašo Kiselkov wrote: You don't get access to RedHat's repos without paying. There are some portions of the code that CentOS doesn't ship (such as the policy enforcement libraries). In this respect, RHEL is closer to what Solaris was before the Oracle takeover (a closed-source distro built from freely available sources). No, if you want to track usage without people cheating, you need to ship closed policy enforcement code - that's why you'll never see an open-source DRM. It just doesn't work, by definition. Ok... in this case, I believe, the enforcement parts are not GPLed? ;) However, if RedHat gives you access to GPLed code (even for money), you have any right to republish it and they have no right to request an NDA on it, right? Correct. That's what I meant about tracking the intensity of usage of the certificate for the same packages in some time frame, from one or multiple internet addresses. To an extent this would interfere with local zones - or with your multiple systems that would look like one system's zones. But using some analytics - i.e. requests for GZ-only packages or some other suspicious behavior, you might detect possible abuse of licensing and suspend a user's certificate (via CRL on the IPS CA). Ultimately, you'll end up burning a lot more time pursuing abusers then... a brilliant way to kill an open-source project is to micromanage its uses. To go Nazi'er about this, you could use Remote Physical Device Fingerprinting techniques, see http://www.caida.org/publications/papers/2005/fingerprinting/ http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf This only works if the users don't have access to the fingerprinting library sources and the code is signed and possibly obfuscated. This is 180 degrees opposite of open-source. But realistically, any harsh requirements would be circumvented. Even Microsoft and Oracle and MPAA, despite a bully attitude and billions to invest into police collaboration, can't force everyone to pay. Oracle, FWIW, doesn't actually use licensing keys on their products, you can download Oracle DB Enterprise and use it without (technical) trouble. You just won't get fixes and updates. Oh and forget about the source. The attitude should be different, maybe more honorable? Perhaps, bundle prices and early application of site support licenses would help (i.e. you pay for 1000 OI installs as for 10, but you have peace of mind that you're audit-clean); and as long as this only concerns automated support - patching - the support provider does not have much more spending either (perhaps only bandwidth?) And who's going to do the audits? If you show up on my doorstep, I'll first call a cab and then the police. If you don't have the legal leverage to enforce a contract, don't establish one. In fact, many commercial companies go this way about their support sales - they are interested in getting a minimum amount of dollars from the transaction. Discounts from list prices might be negotiated to orders of magnitude, so you can get almost any amount of support rights after you pay a certain minimum price - especially if you do buy something else to sweeten the deal for all sides. If you can establish a company to sell OI support, go ahead. But if you do this to the OI project itself, I can pretty much guarantee you that it will wither and die. I don't want to go through a billion hoops just to deploy security-supported machines. Want to make a closed-model variant of OI? Go ahead. But if this is the direction OI itself takes, I'm out (and I gather I'm not the only one). No, that is not what I want. I am elaborating on my current point of view for the basic question *how to provide funding to support a regularly security-supported release?* Discussion might change this point of view by uncovering its deficiencies, of course ;) One way is to *require* people (or organizations) to pay. Except that enforcing this would break OI's promise and community relationships, no question. Another way is to *ask them nicely to pay* (gift, whatever) before we kick the bucket and they'd have to migrate and blame themselves for the headache and loss of OS qualities. I much prefer this method. Compulsion almost always results in pushback in open-source projects. The rest are mechanisms - algorithmical, licencial, procedural... which lead to the needed result: collection of money, .. and breaking the community promise of OI. Good job. Look, I'm not saying that there isn't room for a company to step in and help by offerring professional support services as a separate add-on - I'd love to see that happen, OI needs that a lot. But not at the cost of polluting OI-proper. You run a business and gain money? Cash up please. You run a home PC or run around with a laptop - here are your patches. This does
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 2013-02-19 16:38, Sašo Kiselkov wrote: I'm tired of this discussion. In short, if OI were to reverse on its open-development promise, it will lead to its demise. It's not like there aren't alternatives available. I am not trying to discourage or disprove of any solution. I don't argue for one in favor of another. I am just trying to (loudly) understand what options there are, and how can we get there. Some people like to ram into the forest and find a way as they go along. Others like to look for a map first and decide whether they need to go in the direction of the forest at all ;) In essence, I was just trying the part of devil's advocate regarding the premise that intensive work with results one might request *and* expect to receive in a timely manner is a job paid for. Like in the triangle of high quality, quick speed, low price - pick two. Either some enthusiasts would work on it - perhaps just for a few weeks each, but overall nonstop - and deliver a continuous stream of updates if we are lucky and they are in the mood, OR someone's paid job would be to do this, OR we'll only have updates whenever someone feels up to the task to update his OS and share the results. But monetary expression is just one way of shareable contribution. Just as well, instead of paid support it could be contribution of patches made in spare time - if the gifter is qualified enough. He spent some time to do it, and we know that time is money ;) So far we see that a lot more people are willing and/or able to give real money to get the work done by someone, rather than to competently do it themselves - even if the result would be used by anyone who didn't pay, too. We also see that the entry barrier for enthusiasts is often too high (creating the build environment to just start working on patches and RFEs and so on). People who might help by contributing a couple of hours per week, are scared off (validly) by spending a week to set up the rig. This also reduces the pool of enthusiasts who might with little personal effort per-person create the seemingly continuous stream of ultimately integrated security patches. (Perhaps, a preconfigured developer edition distro/live image would play an important role to add people with the tool to add patches) I myself do want a free OS with all the good features popping up (like those you thankfully create and contribute) and security patches and everything. I do too think that requiring people to pay is a way to close the OS, scare off the community and wither into the unknownness. However, requiring other people to sit down and do tedious work regardless of their desire to go for a beer or to walk or to do something else - requiring to work and not paying nor sharing in a different manner (i.e. by contributing code in other areas like you do) - is also wrong. So the next best thing is to get someone to pay (require, ask, etc) and fund the needed work and share it with the community for everyone's pleasure and benefit. Thus one rich feeds an horde of the poor. Thus your dayjob's paid support pays also for your home's updates. And your friends'. And of unknown people across the globe... That's why I think an honorable system might work, if a commercial approach (requiring to pay) is indeed unviable. Perhaps, for example, done as contributions to Illumos foundation with a notice to spend the money onto security patching - so they can keep some students on regular funding to do this quest? Or perhaps indeed a commercial approach might happen - an OI-based OS with paid support and a gentleman's obligation to share back into the common source code pool, like many other distros do today, so the code ultimately ends up in the free OI branch as well? I don't think anyone would share the commercial secret - how many paying users there are of some SmartOS, or OmniOS, or Nexenta? ;) //Jim PS: To go Nazi'er about this, you could use Remote Physical Device Fingerprinting techniques, see http://www.caida.org/publications/papers/2005/fingerprinting/ http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf This only works if the users don't have access to the fingerprinting library sources and the code is signed and possibly obfuscated. This is 180 degrees opposite of open-source. Actually, that's supposed to work on server side and identify user devices - to some degree of accuracy (by timer skews, IP protocol features, etc). Open or closed doesn't really matter. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Fact #1 - The OI Community seems to be filled with a whole lot more people asking for features than there are developers to implement them. Some of these are reasonable requests, too, but there just simply aren't that many people actually working on OI to make them all possible even if the developers wanted to. Fact #2 - OI doesn't have any real organizational structure, nor do the OI developers seem to want any. You can't charge anyone a dime for anything without an organizational structure in place -- and you can't force an organizational structure down the OI developers' throats, or they'll simply leave, and OI will die. Friendly suggestion: If you want security updates, there's no reason why some of you can't get together and start your own business offering these updates for a fee. OI is open source. You wouldn't necessarily have to start your own distribution, although you could do that, too. But the code base is out there. You can charge a fee for these services. And if you want to be real nice, contribute the security fixes back to OI for inclusion in later releases. That'd be do-able, and probably the closest to a win-win situation that you're likely to find. I, personally, doubt if you could make enough money on it to make it worth your while; but perhaps you could. It's called, entrepreneurialism. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 02/19/2013 12:10 PM, dormitionsk...@hotmail.com wrote: Fact #1 - The OI Community seems to be filled with a whole lot more people asking for features than there are developers to implement them. Some of these are reasonable requests, too, but there just simply aren't that many people actually working on OI to make them all possible even if the developers wanted to. Fact #2 - OI doesn't have any real organizational structure, nor do the OI developers seem to want any. You can't charge anyone a dime for anything without an organizational structure in place -- and you can't force an organizational structure down the OI developers' throats, or they'll simply leave, and OI will die. Friendly suggestion: If you want security updates, there's no reason why some of you can't get together and start your own business offering these updates for a fee. OI is open source. You wouldn't necessarily have to start your own distribution, although you could do that, too. But the code base is out there. You can charge a fee for these services. And if you want to be real nice, contribute the security fixes back to OI for inclusion in later releases. That'd be do-able, and probably the closest to a win-win situation that you're likely to find. I, personally, doubt if you could make enough money on it to make it worth your while; but perhaps you could. It's called, entrepreneurialism. [raises hand] I'd pay for it. Much less for x86 than for SPARC, but I'd definitely pay for it for SPARC. -Dave -- Dave McGuire, AK4HZ New Kensington, PA ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
If you want security updates, there's no reason why some of you can't get together and start your own business offering these updates for a fee. OI is open source. You wouldn't necessarily have to start your own distribution, although you could do that, too. But the code base is out there. You can charge a fee for these services. And if you want to be real nice, contribute the security fixes back to OI for inclusion in later releases. That'd be do-able, and probably the closest to a win-win situation that you're likely to find. I, personally, doubt if you could make enough money on it to make it worth your while; but perhaps you could. You actually wouldn't need to make enough money on it in and of itself to make it worthwhile. If we could find developers interested then we'd actually be happy to pay a few for some work as it would help in other areas of our business. I think there's probably a few businesses like that. If we're making money with boxes using Oi (which we are) it makes sense for us to make Oi better. We've not got the budget of Nexenta, Joyent etc., but we've got a bit. The problem is finding appropriate developers, we've advertised, asked around online and at two Universities near us, and not had anyone either with any Solaris/Illumos experience, or interested in learning. We may have found one person now interested in some contract work on specific features, but that's it! James Principal Consultant Tel:01642 688065 Mob:07734 655931 Website:www.themacplace.co.uk ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On Feb 19, 2013, at 10:26 AM, James Relph wrote: If you want security updates, there's no reason why some of you can't get together and start your own business offering these updates for a fee. OI is open source. You wouldn't necessarily have to start your own distribution, although you could do that, too. But the code base is out there. You can charge a fee for these services. And if you want to be real nice, contribute the security fixes back to OI for inclusion in later releases. That'd be do-able, and probably the closest to a win-win situation that you're likely to find. I, personally, doubt if you could make enough money on it to make it worth your while; but perhaps you could. You actually wouldn't need to make enough money on it in and of itself to make it worthwhile. If we could find developers interested then we'd actually be happy to pay a few for some work as it would help in other areas of our business. I think there's probably a few businesses like that. If we're making money with boxes using Oi (which we are) it makes sense for us to make Oi better. We've not got the budget of Nexenta, Joyent etc., but we've got a bit. The problem is finding appropriate developers, we've advertised, asked around online and at two Universities near us, and not had anyone either with any Solaris/Illumos experience, or interested in learning. We may have found one person now interested in some contract work on specific features, but that's it! When I said that I doubt if you could make enough money on it to make it worth your while, I probably should have elaborated. I think there is certainly a market out there. My concern was, and is, how much work would be involved in making it happen. And that goes hand-in-hand with what Mr. Relph just said. Finding people with the expertise / abilities, or willingness to learn it. Plus, building the infrastructure, and coming up with organizational and pricing structures that those working on it could agree on. I was a business major in college back in the 80's. Entrepreneurship was the big buzz-word back then. But they also pointed out that most new businesses fail because people start businesses doing things they don't know anything about. I don't know the first thing about making security updates, so I wouldn't touch it with a ten foot pole. Somebody who knows about this already needs to be in the mix. My niece is a guidance counselor for all of the computer science students at a midwest university. I could get some advertisements there -- and we could certainly contact other universities -- looking for people interested in this kind of work IF we had somebody we could list for them to contact. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
If you want security updates, there's no reason why some of you can't get together and start your own business offering these updates for a fee. OI is open source. You wouldn't necessarily have to start your own distribution, although you could do that, too. But the code base is out there. You can charge a fee for these services. And if you want to be real nice, contribute the security fixes back to OI for inclusion in later releases. I would join such startup. I am not (yet) an OI/Illumos developer, but interested in learning. Also - I am in need for an additional part time, or even full-time paid job (remote though - I am located in Russia). Thumbs up for the idea of distinct business entity contributing the produced security fixes back to OI for inclusion in later releases. - Dmitry. (Software developer for Windows, and OI user/admin) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Oh, and by the way - some of the problems with recruiting at universities are: 1) the students tend to be busy with their studies, 2) they are still in the process of acquiring the skills, 3) they lack experience, and 4) they tend to want to make a lot right off if you're considering hiring them full time straight out of college. Among the good points, though, is that you may be able to get fresh talent, possibly even at an affordable price, if they can work for you part time while still in school. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? Oracle charges $1k/year per socket. I would actually pay something. But consider this: * I can't deploy OpenIndiana without some kind of security updates. * I have tons of clients evaluating OpenIndiana, being amazed by ZFS and DTrace, but can't consider seriously since there is no security plan. An OpenIndiana future goes thru an official OI release, with security fixes for a while. Those markets are, currently, closed for OI. About how costly this could be, Red Hat is a huge business. And we could follow a major Linux release, like Debian or Ubuntu, to track security notifications/patches. Maybe even a community security supported version. - -- Jesús Cea Avión _/_/ _/_/_/_/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/_/_/ _/_/_/_/ _/_/ jabber / xmpp:j...@jabber.org _/_/_/_/ _/_/_/_/_/ . _/_/ _/_/_/_/ _/_/ _/_/ Things are not so easy _/_/ _/_/_/_/ _/_/_/_/ _/_/ My name is Dump, Core Dump _/_/_/_/_/_/ _/_/ _/_/ El amor es poner tu felicidad en la felicidad de otro - Leibniz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBUSJpKZlgi5GaxT1NAQJqeAP+O5PVlmBRuzJJsBO0KpLto6olkhJxBvx+ QszPvsW6F8IJf9+1ofyKfPRnzeIMDgB7sCX6kJiW+WL8LQ9L6OpjZ/I3DWMolsBH e0jK/V6Sj64rYnvzTw5I4Y2uBXj57EoFNGXBHeEgY1v8uYWH4vNT9+RdmL3XOKhy D1vV5CNUfSI= =A6UO -END PGP SIGNATURE- ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
--- On Mon, 2/18/13, Jesus Cea j...@jcea.es wrote: From: Jesus Cea j...@jcea.es Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap To: Discussion list for OpenIndiana openindiana-discuss@openindiana.org Date: Monday, February 18, 2013, 11:47 AM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? Oracle charges $1k/year per socket. I would actually pay something. But consider this: * I can't deploy OpenIndiana without some kind of security updates. * I have tons of clients evaluating OpenIndiana, being amazed by ZFS and DTrace, but can't consider seriously since there is no security plan. An OpenIndiana future goes thru an official OI release, with security fixes for a while. Those markets are, currently, closed for OI. About how costly this could be, Red Hat is a huge business. And we could follow a major Linux release, like Debian or Ubuntu, to track security notifications/patches. Maybe even a community security supported version. I read of very high youth unemployment in Spain Greece. What's the minimum cost of 3 young people w/ appropriate skills?3-5x that amount is what one would need to generate in revenue to make a supported secure version exist. There ought to be a good pool to choose from. The problem is how to arrange for them to get paid. That's the essential first step in creating a supported secure distribution. Is there an academic at a university in Greece or Spain that could handle the employment of some grad students doing Illumos/OI security support? Maybe a joint computer science business administration business incubator or master's project? Make a new distro to suit, OI/SE? That's the cheapest it can be. If it works there will money to hire more and form a regular business. As for the roadmap, that belongs to whoever is paying for the work. If you've got clients who would buy if it were supported and had feature x on the roadmap, hire someone to support it and make the roadmap what your client's want. The only thing that will make OI really work is money spent on people's time working on OI. When IBM started supporting Linux, they spent $1 billion. That's a lot of salaries. It also tipped the edge in commercial deployments. We're probably a long way from having that level of resources again for quite a while. But who knows? Larry might have a come to Jesus moment. Have Fun! Reg ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Jesus Cea wrote: On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? Oracle charges $1k/year per socket. I would actually pay something. But consider this: * I can't deploy OpenIndiana without some kind of security updates. * I have tons of clients evaluating OpenIndiana, being amazed by ZFS and DTrace, but can't consider seriously since there is no security plan. An OpenIndiana future goes thru an official OI release, with security fixes for a while. Those markets are, currently, closed for OI. About how costly this could be, Red Hat is a huge business. And we could follow a major Linux release, like Debian or Ubuntu, to track security notifications/patches. Maybe even a community security supported version. The popular Linux distributions all have a commercial backer, OI does not. It's as simple as that. There are other Illumos based distributions that do have a commercial backer, maybe you would be better off with one of those? It's a reflection of commercial reality that those distributions focus on specific market segments. It would be nice to have a backed general purpose OS to rival Solaris, but the demand doesn't seem to be there. -- Ian. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On Mon, 18 Feb 2013, Jesus Cea wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/01/13 02:43, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? I would be willing to pay $100-200/year per system for simple binary updates and no support calls (other than if simple updates don't work). I see that OmniOS offers commercial support ($1000/year for 2 sockets) but they don't say if that includes security support. The notion of support usually seems to include someone to call to work through difficult technical issues and not just delivery of updated binaries. It is really not all that difficult to offer security support. A couple of people should be able to accomplish it for the whole OS. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
)))THANK YOU) Sorry, last msg. for today before the upload completes, must pack boxes w/o accidently touching the half-broken dsl cable. off the screen now ... %martin On Tue, Jan 29, 2013 at 7:54 AM, Frank Lahm frankl...@gmail.com wrote: 2013/1/29 Martin Bochnig mar...@martux.org: PayPal-Guthaben: -$378,99 USD Took care of $78,99 USD. Hth! --f -- regards %martin bochnig http://wiki.openindiana.org/oi/MartUX_OpenIndiana+oi_151a+SPARC+LiveDVD http://www.youtube.com/user/MartUXopensolaris http://www.facebook.com/pages/MartUX_SPARC-OpenIndiana/357912020962940 https://twitter.com/MartinBochnig http://www.martux.org (new page not yet online, but pretty soon) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Or still one thing that troubles me: Everybody who ever donates to this project goes into a dedicated SPONSORS section. Ken Mays already offered us to help with our wiki and web-page. This means we will have a nice site quite soon :) Based on the other slide-show and web-page that I had prepped in September, although still under the old name. Today only the repo and isos. All that will come - and be maintained by us all, somehow. I don't like governance. But we will find a democratic model with flat hierarchy. So if we succeed, then we will have the first tru really fair functioning democracy on earth (lol). Suggestions, thoughts appreciated. And, status: Yes, the repo is uploaded about 65%. Afterwards the isos ... Well, 2MBit ... %martin ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Martin, Is there any way to provide funds other than paypal? I'm in the States, if that makes any difference. Either way, thank you for all your efforts towards SPARC, they are appreciated. Jerry On 01/29/13 01:11 AM, Volker A. Brandt wrote: Reginald Beardsley writes: I'd like to suggest funding Martin. He's committed and needs the money. Even as little as $50US per site would certainly help him a lot. +1 Is there someone who can get him online to discuss this? That is a problem. Martin, please speak up! Regards -- Volker ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 28/01/2013 13:55, Dmitry Kozhinov wrote: How much are you willing to pay for this service? Correct me if I am wrong, but roadmap and paid services are different things. The fact that OI is an open source and community driven project does not mean a no roadmap strategy. - Dmitry. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss As I understand it the strategy was always to encourage the proliferation of solution providers and integrators to fulfill this function.These It was thought would form in the market where a stable release,sufficient development had taken place to provide significant market penetration and adoption.If this time has come perhaps it maybe helpful to welcome the listing of interested parties on the website? Rob Jones -- A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves. Lao Tzu This transmission is intended to be private and confidential.Intended solely for the person or organisation to whom it is addressed.It may contain privileged and confidential information.If you are not the intended recipient,you should not copy,distribute or take any action in reliance on it. If you have received this transmission in error, please notify the sender at the e-mail address above.Thank you. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
As I understand it the strategy was always to encourage the proliferation of solution providers and integrators to fulfill this function.These It was thought would form in the market where a stable release,sufficient development had taken place to provide significant market penetration and adoption.If this time has come perhaps it maybe helpful to welcome the listing of interested parties on the website? Which is fine to some extent, but what that has led to are a lot of quite specific solutions for situations not everyone is in (SmartOS is obviously heavily cloud-oriented) or companies very focussed on selling (not necessarily cheap) support. I'd quite like to see OpenIndiana thrive as a community supported general purpose OS based on Illumos. James ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Which is fine to some extent, but what that has led to are a lot of quite specific solutions for situations not everyone is in (SmartOS is obviously heavily cloud-oriented) or companies very focussed on selling (not necessarily cheap) support. I'd quite like to see OpenIndiana thrive as a community supported general purpose OS based on Illumos. James Just as an addendum, we're happy to pay for support/development (and we're deploying Nexenta somewhere at the moment), but it's not the solution for a lot of our clients (either smaller businesses or large cheap storage for bigger companies) and yet we don't have the staff who can really contribute directly with code, or the connections/capital to find and hire a bunch of developers to create our own distro. James ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On 01/28/13 02:43 AM, Bob Friesenhahn wrote: On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? Oracle charges $1k/year per socket. Yes, support needs to be payed. In means of human resources doing the job of support. I just hope you have in mind doing it in open source way, like many other free software distributions, without closed source, like Oracle is doing. Maybe support could be organized around public stable release that could be supported. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
How much are you willing to pay for this service? Correct me if I am wrong, but roadmap and paid services are different things. The fact that OI is an open source and community driven project does not mean a no roadmap strategy. - Dmitry. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On Mon, 28 Jan 2013, Dmitry Kozhinov wrote: How much are you willing to pay for this service? Correct me if I am wrong, but roadmap and paid services are different things. The fact that OI is an open source and community driven project does not mean a no roadmap strategy. I was referring more to the request for security supported version which implies that someone is continually monitoring security alerts and issues and issuing fixed packages and security notices. This sort of thing is more easily done if the people doing the work receive compensation for it rather than doing the work in their spare time from a different paying job. If there was an OpenIndiana Foundation which could receive contributions/payments, then it would be possible to pay someone to act as a security coordinator with sufficiently real-time response. If Oracle thinks that it can collect $1k per socket, then this suggests that the OpenIndiana user-base could voluntarily contribute to the foundation for a small fraction of what a commercial enterprise would pay Oracle. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
This sort of thing is more easily done if the people doing the work receive compensation for it rather than doing the work in their spare time from a different paying job. If there was an OpenIndiana Foundation which could receive contributions/payments, then it would be possible to pay someone to act as a security coordinator with sufficiently real-time response. That's certainly something we'd be very interested in contributing to, I've offered bounties before, but without an official structure it's just been via this list and hasn't been replied to (if ever even read by someone who could do it). James ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
--- On Mon, 1/28/13, James Relph ja...@themacplace.co.uk wrote: From: James Relph ja...@themacplace.co.uk Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap To: Discussion list for OpenIndiana openindiana-discuss@openindiana.org Date: Monday, January 28, 2013, 11:31 AM This sort of thing is more easily done if the people doing the work receive compensation for it rather than doing the work in their spare time from a different paying job. If there was an OpenIndiana Foundation which could receive contributions/payments, then it would be possible to pay someone to act as a security coordinator with sufficiently real-time response. That's certainly something we'd be very interested in contributing to, I've offered bounties before, but without an official structure it's just been via this list and hasn't been replied to (if ever even read by someone who could do it). Would a Kickstarter project to fund an OI support group be possible? The problem is you need a certain level of commitments to justify setting up a support operation. I was quite happy to pay Sun for a 3 year Gold level contract on my Ultra 20 when I bought it. $250/yr to fund someone to help when I run into problems would be money well spent to me. Have Fun! Reg ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Would a Kickstarter project to fund an OI support group be possible? The problem is you need a certain level of commitments to justify setting up a support operation. I was quite happy to pay Sun for a 3 year Gold level contract on my Ultra 20 when I bought it. $250/yr to fund someone to help when I run into problems would be money well spent to me. I'm sure it would be possible, but whether Kickstarter would be the best way or not would need looking into. I guess the real question is who is currently in charge of Oi, how many developers are actively involved and what they think? James ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
--- On Mon, 1/28/13, James Relph ja...@themacplace.co.uk wrote: From: James Relph ja...@themacplace.co.uk Subject: Re: [OpenIndiana-discuss] OpenIndiana roadmap To: Discussion list for OpenIndiana openindiana-discuss@openindiana.org Date: Monday, January 28, 2013, 4:49 PM Would a Kickstarter project to fund an OI support group be possible? The problem is you need a certain level of commitments to justify setting up a support operation. I was quite happy to pay Sun for a 3 year Gold level contract on my Ultra 20 when I bought it. $250/yr to fund someone to help when I run into problems would be money well spent to me. I'm sure it would be possible, but whether Kickstarter would be the best way or not would need looking into. I guess the real question is who is currently in charge of Oi, how many developers are actively involved and what they think? I'd like to suggest funding Martin. He's committed and needs the money. Even as little as $50US per site would certainly help him a lot. I'd be happy to pay $100US/year to have him work on OI in a stable living situation. I suspect he'd be even more productive if he wasn't sleeping in his car. Once he's living comfortably, add some more people as funds become available. Is there someone who can get him online to discuss this? Have Fun! Reg ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
Reginald Beardsley writes: I'd like to suggest funding Martin. He's committed and needs the money. Even as little as $50US per site would certainly help him a lot. +1 Is there someone who can get him online to discuss this? That is a problem. Martin, please speak up! Regards -- Volker -- Volker A. Brandt Consulting and Support for Oracle Solaris Brandt Brandt Computer GmbH WWW: http://www.bb-c.de/ Am Wiesenpfad 6, 53340 Meckenheim Email: v...@bb-c.de Handelsregister: Amtsgericht Bonn, HRB 10513 Schuhgröße: 46 Geschäftsführer: Rainer J. H. Brandt und Volker A. Brandt ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On Tue, Jan 29, 2013 at 7:11 AM, Volker A. Brandt v...@bb-c.de wrote: Reginald Beardsley writes: I'd like to suggest funding Martin. He's committed and needs the money. Even as little as $50US per site would certainly help him a lot. +1 Is there someone who can get him online to discuss this? That is a problem. Martin, please speak up! Dear community, oh ))) That would help me with the banks in my neck, and stuff like schufa.de In the SPARC Caiman gui-install there is a slide show. I love it so much, that I view it again and again. At its end there is my Paypal address. And at that time you can decide, if you like it. But please do not donate before you have it. But today is really the day. Still contains some bugs, e.g. Firefox 18 does not have any icon or menu entry in JDS. But if you read that I call something like that a bug, you can witness how much this stuff has matured. Although it will never be complete or ready. But after all the delays and deferrals, today is the upload (still running). So by evening you should or rather: _will_ be able to fetch it. Hopefully the dsl modem or router don't get hot again. Thank you, and join in: Open___(SXCE) is the name. Not by accident ... Here my current paypal balance (and you do not _want_ to see my other accounts ...). It happened because I sold a U45 Mainboard in November and in December the buyer fooled me. He destroyed the board but claimed it arrived DOA ... eBay gave him his $$$ back, and I shall pay for this. It is unbelievable. Willkommen, Martin Bochnig Letzter Login m...@gmx.com am 28. Januar 2013 10:08 PST * Firmenname: # mb1x_solves_IT.sh * Kontotyp: Geschäftskonten * Status: Verifiziert PayPal-Guthaben: -$378,99 USD * Währungsrechner * Verfügbares Guthaben in USD (Hauptwährung): -$378,99 USD * Negativen Kontostand ausgleichen * Gesamtguthaben (alle Währungen, einschließlich verfügbarer und offener Beträge) umgerechnet in USD: -$378,99 USD Informationen zum Guthaben erweiternAnzeigen Informationen zum Guthaben verkleinernAusblenden Währung Summe USD (Standard) -$378,99 USD AUD $0,00 AUD CAD $0,00 CAD EUR €0,00 EUR GBP £0,00 GBP See the minus sign? Have a nice time.And thank you all for your offers to help. BTW: I donate my V490 8 core 1500MHz USIV+ to Illumos/OpenSXCE.org . Only need some university or so where it can live. It's the best box imaginable, compromise between electricity bill and performance! The smallest USIV/USIV+ machine ever built. Really fast (Don't compare it ti III-i). You can carry the V490 as one person, especially if you temporarily take out the PSU's. Till evening. Busy regards, tnx, %martin ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] OpenIndiana roadmap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. - -- Jesús Cea Avión _/_/ _/_/_/_/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/_/_/ _/_/_/_/ _/_/ jabber / xmpp:j...@jabber.org _/_/_/_/ _/_/_/_/_/ . _/_/ _/_/_/_/ _/_/ _/_/ Things are not so easy _/_/ _/_/_/_/ _/_/_/_/ _/_/ My name is Dump, Core Dump _/_/_/_/_/_/ _/_/ _/_/ El amor es poner tu felicidad en la felicidad de otro - Leibniz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBUQXPLplgi5GaxT1NAQI8ogP/ZALkXFBZ+YC+AJzYnmeFama1+bDQ1EkX Qh6wpIszlIYvjH+t3RO7mvgbjPnIB6sRM2PK7/lQucIe4/enkpIPkz/HBDjg6yy/ 8cjx5qPfnyRIbxtif9YenmM8/kZrHbOxaJgb8mFTCFYtiJx5iuvS9pFQOceWaMrx Z1ewvscu8yI= =IGGZ -END PGP SIGNATURE- ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana roadmap
On Mon, 28 Jan 2013, Jesus Cea wrote: Is out there an OpenIndiana Roadmap?. In particular, I am VERY interested in a security supported version. How much are you willing to pay for this service? Oracle charges $1k/year per socket. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss