Some big news out of LibLime this AM:

ATHENS, OH and BLACKSBURG, VA–July 29, 2008 -– LibLime, the leader in open source solutions for libraries and CARE Affiliates™ announced today that they have entered into a definitive agreement to sell select assets of CARE Affiliates to LibLime. The sale will include select products, related services and domain names along with associated service contracts. Final closing is scheduled for August 2008.

Read the entire press release here.

Technorati Tags: liblime

There is a rash of articles on the web this week regarding a recent study by Fortify Inc. (a software security firm) of open source software:

Companies who opt for an open source software within their organizations could be leaving themselves open to security breaches.

That’s according to software company Fortify which has researched the implementation of several open source projects and found them lacking, with one executive suggesting that they could learn from Microsoft in how to improve security.

Is anyone else giggling a little? While this may seem funny, it is something we have to take seriously. This article from PC World is one of 8 that I have read and I’m sure that there are even more out there.

Some facts on the study. First, they researched 16 (although some reports say 11) Java-based enterprise-level applications:

• Cayenne, an object-relational mapping tool.
• Hibernate, an object-relational mapping tool.
• Derby, an application server.
• Geronimo, an application server.
• Hipergate, a Web-based customer relationship management
  application.
• JBoss, an application server.
• Jonas, an application server.
• Jbopen source, an application server.
• Ofbiz, a Web-based CRM application.
• OpenJMS, a Java Message Service solution.
• OpenCMS, a content management tool.
• Resin, an application server.
• Shale, JSF Web framework.
• Struts, a Web application.
• Tomcat, a servlet engine.
• Webharvest, a Web crawler.

Next, I haven’t seen any reports where Fortify compared these results to proprietary counterparts.

The fact of the matter is that all software has security issues. And anyone using Windows or Internet Explorer knows all about that. I should mention (since I mentioned IE) that Fortify did state that open source developers should follow the model that Mozilla is using since Firefox is so well developed and secure.

I think that Cyndy Aleo-Carreira puts it best in her response to the report:

Obviously, Fortify has everything to gain with this study, as the company provides “products and services protect companies from the threats posed by security flaws in business-critical software applications.” The more security flaws Fortify finds in applications, the more money they can make from companies who need help in fixing those flaws.

What Fortify (and Network World, by taking the press release at face value) does not understand is generally, non-hackers who discover any exploits should be smart enough to fix the problem themselves. Fortify wants to make money fixing those problems, and therefore has no interest in supporting the projects by fixing the alleged errors. Fortify would probably be happy to do so as a billable effort in providing services to a paying customer, however.

With the source code freely available, anyone can submit a fix, even if the codebase is locked down to approved committers.

Having been monitoring an open source mailing list and developer community for the last 5 months, I can tell you that they are constantly considering the most secure way to resolve problems and if someone can’t come up with a good way to do it, there is always someone to pick up the slack.

The shame of it is that people will see these types of reports and just assume that all open source is insecure - and suddenly forget about that virus that made them lose all of their family pictures last year or the fact that the last time they received a patch from their proprietary vendor was 2 years ago. All software has it’s issues - it’s programmed by humans - and humans aren’t perfect, but I do have to say that I much prefer the open source development model to the others.

First, if you haven’t visited Bookpool - you should! They have some awesome prices on techie books. Second, now is the best time to visit because open source books from OSCON are on sale.

The Earl Gregg Swem Library is proud to announce the release of it’s Facebook application, Swem Tools to the open source community. Released under the Apache 2.0 license, the project, Facebook Athenaeum (http://code.google.com/p/facebook-athenaeum), allows libraries to quickly develop and customize a Facebook application that provides a searching interface for a library’s catalog, website, databases, or any other search target, pull RSS feeds, and provide users with the ability to show friends their location in the library.

Requirements for the application are relatively light. A set of floor plans in image form, a database compatible with the Pear DB package (MySQL, MSSQL, PostgreSQL, Oracle, etc), and PHP 5.

If you’re interested, check out the code. Any comments, questions, etc. can be posted at one of the Google groups (http://groups.google.com/group/facebook-athenaeum-users and http://groups.google.com/group/facebook-athenaeum-tech).

Awesome!! This found via Code4Lib.

I just found out about a neat white paper from ActiveState to educate people about using open source in their business.

Ten Myths About Running Open Source Software in Your Business

Open source software, combined with responsible checks and balances, will put your business development projects in good stead. In this white paper, we debunk the myths and help you decide how best to adopt open source software in your business…

Recently there have been two press releasing announcing that museums have chosen Koha for their ILS.

Fort Wayne Museum of Art Selects Koha
ATHENS, OH and FORT WAYNE, IN–July 17, 2008– LibLime, the leader in open-source solutions for libraries, and the Fort Wayne Museum of Art in Indiana announced today that The Edward D. Auer Memorial Library has selected a Koha Classic hosted solution for their integrated library system.

Read More…

Birmingham Museum of Art Selects Koha
ATHENS, OH and BIRMINGHAM, AL–July 15, 2008– LibLime, the leader in open-source solutions for libraries, and the Birmingham Museum of Art announced today that the Museum’s Clarence B. Hanson, Jr. Library has selected a Koha Classic hosted solution for their integrated library system.

Read More…

Also, there was one last year:

Koha is Chosen by the Guggenheim Museum
ATHENS, OH -March 27, 2007- LibLime, the leader in open-source solutions for libraries, announced today that the Solomon R. Guggenheim Museum in New York has selected LibLime’s Koha Classic Hosted package. Koha is the first and most mature open-source integrated library system (ILS).

Read More…

Technorati Tags: koha, museums

Matt Asay always writes such great posts.

Forrester finds that European enterprises cite support as their biggest reason for not adopting open-source software. This has persisted for years, with support (or, a lack thereof) consistently listed as one of the top reasons that enterprises throughout the world avoid open source.

The ironic thing is that open-source companies primarily sell support, not software. So…while proprietary-software vendors sell licenses with support as an afterthought, enterprises don’t seem to question that they’re going to get support. At the same time, open-source companies sell support with licenses as an afterthought…and enterprise buyers worry that they won’t get support.

…

I’m just suggesting that stifling your company’s open-source adoption because of a perceived lack of support is silly and outdated. Welcome to the 21st Century. Open-source vendors provide support as good or better than their proprietary peers. Really.

When I teach my open source classes I always focus on this detail because I know that people worry about the support model for open source software. There is also a discussion going on a mailing list I subscribe to about this very topic.

If you’ve heard this as a reason for not using open source in your organization how would you recommend someone like me educate people that this is a mis-conception?

While the title of Dana Blankenhorn’s post is misleading (The fastest way to learn open source) it’s still a handy post. Dana makes you think that you’re going to learn about open source, when in reality you’re going to learn open source programming.

O’Reilly’s Head First series, and it makes the Dummies series read like they were written for Einstein.

Tim O’Reilly has taken everything he and his company have learned training people in programming for two decades and condensed it into the format of this series. Even I can learn with it.

I love the O’Reilly books, but I don’t have any of the Head First books - maybe I should pick a few up to learn Perl … since Koha is in Perl and I’m a PHP girl.

While this isn’t a new video, it’s a great post for this blog. I love Clay Shirky, he’s an amazing speaker! And speaking of love, Shirky makes a great point, the Perl is an act of love. The reason it’s so successful is because millions of people love Perl.

Lori Ayre writes about Ten Years of Learned Helplessness Coming to an End and how the proprietary ILS has put up roadblocks that have stopped librarians from being able to do what they want:

It’s ridiculous that libraries are stuck with the systems they’ve got without options to determine what changes get made or even the access or privileges that would allow them to make the changes for themselves.

Enter Open Source library systems.

This all changes when libraries start building, supporting, and contributing to the development of their own software. Georgia PINES and the Koha libraries proved it could be done. Now, it is time we all got involved.

Exactly!! It’s time for people to get involved!! I head from librarians all the time that wish that they could switch to open source, but their IT staff or administration won’t let them. That doesn’t mean that they can’t participate in the community and make improvements that might change people’s minds. Lori has a great list of ways to get involved and I hope she doesn’t mind me quoting it in it’s entirety here:

1) develop strong IT staff in your library or consortia who can read code, write code, beta test, write specs, and/or find bugs.

2) get over the fear of Open Source. Do some reading about how Open Source development works (read The Cathedral and the Bazaar). Find out about the migration and support options available from vendors like Equinox, LibLime, Care Affiliates.

3) jump in and play. Koha and Evergreen can be downloaded and you can take a look for yourself. That’s one of the amazing things about Open Source. You get to look it over inside and out. No big surprises three months after you’ve negotiated a $200,000-$300,000 deal.

4) talk amongst yourselves. Open Source projects rely on a community of users who are involved in the product. We don’t want Liblime and ESI to replace the other ILS vendors. We want to control the products ourselves and that means getting very much involved. Find the product that excites you and hook up with similarly situated libraries. For example, the Evergreen community is leading the way for large consortia (see http://open-ils.org/) , King County (WA) is heading up the effort for large, high-volume libraries (check out their OSS4PL site). There were many meetings ALA 2008 in Anaheim focused on Open Source, and more are planned at Midwinter, LITA, Access and other conferences so you isn’t hard to get plugged in somewhere.

Read Lori’s post here and get involved!!