Chief Illogical Officer?

Sometime you would have to wonder whether logic totally escapes CIOs. In an article making comment on the The Australian Open Source Industry and Community Report 2008 prepared by Waugh Partners, ZDnet put out an article entitled “Open source barred from Australian government”. What I found particularly curious was a comment from the CIO of the Australian Tax Office, Bill Gibson. In it, he says that he “is concerned that open source software could not be as easily scrutinised as proprietary software”. This is probably a paraphrase from an earlier published interview by Zdnet where he is quoted as saying – “We are very, very focused on security and privacy and the obligations that we have as an agency to ensure that we protect those rights of citizens’ information in that respect. So, we’ve continued to have concerns about the security related aspects around open source products. We would probably need to make sure that we will be very comfortable — through some form of technical scrutiny — of what is inside such a product so that there was nothing unforeseen there.”

So how does he “scrutinise” proprietary software? I guess at best, you might be able to get to see the source code, but the license to see is usually going to be under a NDA, and it is unlikely one organisation is really going to have the skills and resources to examine all the code. And even then there are going to be dependendent libraries that you may not be able to have source code access. But in most cases, you will only be able see your software as a blackbox. If you do perform security analysis you will always limited in what you can test in this case. I just don’t see how with a blackbox you can successfully search out all the nooks and crannies with a high level of confidence.

Only with open source code to you, and the “many eyes” out there, do you have the opportunity to truly scrutinise the code. You also then are able to create and receive patches for any found vulnerabilities. Clearly the bad guys have a similar opportunity to review the source, but the evidence overwhelming supports the idea that open source inherently is less likely to have hidden security flaws and is able react to unforeseen attacks with greater rapidity.

I would be really interested to find out who Bill Gibbons has been taking advice from on software security.

HP’s incy-wincy-little notebook

HP 2133
Well it seems the rumours were right – HP have launched their EEEpc competitor, the HP 2133 Mini Note PC. (OK, they are my employer, and yes I have been looking at some of the internal info for some weeks). It is definitely being marketed at the education market, but clearly any user with a need for a proper PC and wants absolutely minimum weight will clearly like this.
It is very cool that one of the standard options (in fact the cheapest) is to purchase it with SuSE Linux Enterprise Desktop installed. I am wondering whether it will be a standard SLED install or have a mobile UI similar to what Asus did with Xandros on their baby laptop. I will certainly be keen to see this running with SLED (though I am sure we can shoe-horn Ubuntu onto it). This option also comes sans hard disk (it will have 4GB flash instead) so I expect it will have better battery life than the standard Vista version with the spinning disk.
If I do get to have a play on one, I’ll let you know what I think.

How to get from A to B the long way

I was just researching a route from my home to the Canberra Hospital in Woden. The route Google Maps provided was through the city centre. I tried to use the route drag feature to get it go via Majura Road, which seemed more sensible. However it always seemed to want to do a U-turn near the airport. After a bit of fiddling around, I have found that seems to be a discontinuity. This map shows the exact spot – the 100m obvious route becomes 25km when navigating with Google Maps! Does Lazyweb know how to report this to Google? I can’t find anything obvious.

Update 31/12/2008: Well it looks as if the discontinuity has been fixed. I think I last checked about 2 months ago, and it still wasn’t working. So I guess on this sample of 1 , the turnaround time on patching the database is at least 6 months or so.
The other interesting fact is that I believe the hospital is Woden, which is the town centre there. But Google Maps doesn’t seem to have heard of Woden, ACT. Is that because it is a town centre and not a suburb?