Category Archives: Open Source

What is the best project management software for a startup

Somehow I got roped into a thread on Quora and noticed this item

Lots of people shilling their Web 2.0 SaaS services for project management but at the end of the day, you have to ask why a startup even needs project management software.

I’ve been thru a few startups either as founder or CTO and I’m surprised that no one has mentioned the easiest and cheapest project management system of all:

A pencil and paper.
The average startup in the software space is 3-5 people. Right? 3-5 people is a small army when it comes to developing software and who is going to be coding if they are busy using same fancy Web 2.0 app like Clarizen to manage Gantt charts and integrate with

Your first order of business is to iterate quickly and get real people using the product.

Hold on a minute – what about the design?

Yes, Roberta, there is no design.

If there is no design, then there is no Gantt and no 200 page SRDs, PRMs, SES, SRS, SIS, SDA and all the other vintage SDM-70 TLAs

Instead – you have an idea. A few smart people. A software architecture and set of programming standards that you can write down in less than 20 pages.

So – you have a startup.

You can spend the time coding and selling or you can spend the time planning, updating your Gantt charts and having ops reviews.

As a programmer colleague once said: “Code overrides all memos”


Tell your friends and colleagues about us. Thanks!
Share this

The security of open source software

A conversation with a client this morning revolved around software development tool alternatives in an environment of Web Socket.
Why not use Flash on the client and AMF on the server side?, the client asked. I hesitated for a moment and answered – because Adobe is proprietary and closed source and the only developers looking at the code are Adobe employees. If you’ve ever gotten a white screen of death and a cryptic #1707 upload failed message – you know what I mean. Everything else – the security vulnerabilities of Flash, the cost of development, the support costs, all derive from the closed-source proprietary software.

In 2011, there seems to be more awareness that Open Source software is more secure and more reliable. In reality, the most secure systems available today are based on the open source model and peer review. There is absolutely no question that the secret to creating great software that is also secure software is by marshaling as many smart people as possible to the task.

Natalie Walker-Whitlock wrote an excellent article – The security implications of open source software almost 10 years ago and it’s still an excellent read.

Traditionally, software security was equated with secrecy. You lock up your house, your car and your valuables. In the software community, you “lock up” the programming source code as a means of securing it against hackers and competitors.

To the closed source camp, a system can’t be truly secure when its source is open for all to read. This is patently a very bad idea since with good guys and bad guys all looking at a supposedly secure system, disclosing the source discloses software defects and by remedying defects, the software becomes more reliable. More reliable software slows up intruders and reduces the attack surface and, in the event of a data breach, keeps damages due to data loss at a minimum.

Tell your friends and colleagues about us. Thanks!
Share this

Mcafee embedded device security

If Mcafee is jumping into this area – then it might explain some of the synergy with the Intel acquisition – two years ago, Intel went public with products aimed at driving medical monitoring into the home – see Intel launches medical device for home patient monitoring.  Home monitoring (the Intel Health Guide is a 10.5″ tablet) “is a big area of focus and a growth opportunity for Intel” according to Mariah Scott, director of sales and marketing for Intel’s Digital Health Group.

Enhance device security
Protect embedded devices against existing and unknown zero-day threats via malware (such as worms, viruses, Trojans and buffer-overflow threats, etc.). Because many embedded devices such as ATMs and kiosks have a large attack area, they face increased security vulnerabilities. McAfee Embedded Security ensures that the device—when in production and in the field—is secure and cannot be compromised.

The Mcafee product is clearly aimed at embedded Windows devices – which are unfortunately over 1/2 of embedded medical devices since a good many software developers come from IT backgrounds and don’t have the cojones to deal with Linux let alone embedded Linux on small footprint hardware.  Some of the collateral makes a lot of sense while other parts seem like typical security vendor marcom   –  like the part about assuring HIPAA compliance with tamper free logs. When you have a hammer, everything looks like a nail as I noted in my post last year on the true cost of HIPAA privacy violations

The product feels like a commercialization of a project that their professional services group did for a particular customer. The discussion about supporting integration of multi vendor channels sort of  smells like an Intel aphorism and while it might serve Intel, multi-vendor channel integration may be  the exception rather than the rule in the medical device space,  since most medical device vendors are  small specialized business units or startups intent on preserving their own IP.

Tell your friends and colleagues about us. Thanks!
Share this

Secure collaboration, agile collaboration

One of the biggest challenges in global multi-center clinical trials (after enrollment of patients) is collaboration between multi-center clinical trial teams: CRAs, investigators, regulatory, marketing, manufacturing, market research, data managers, statisticians and site administrators.

In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is an expectation that file and information sharing should be easy yet there are three areas where current systems break down:

1. People forget what files had been shared and with whom they have been shared

2. People have difficulty sharing files with colleagues in a way that is accessible to everyone – firewalls, VPNs, enterprise content management, DRM, corporate data security policy, end point security, file size – these are all daunting challenges when all you want to do is share a file with a colleague in Berlin when you are working in a hospital in Washington.

3. Notifications – how do you know when new information has been added or updated? Not having timely notifications on updates can be a big source of frustration resulting in team members pinging other members over and over again with emails.

Over the past 10 years a generation of complex enterprise content management software systems have grown up – they are bloated, expensive, difficult to implement, not available to the entire multi-center team and in many cases written by English speaking software vendors who cannot conceive that there are people in the world who feel more comfortable communicating in their native tongue of French, German, Hebrew or Finnish!

We are developing (currently in beta with a Tier 1 bio-pharma in EMEA)  a Web-based, agile collaboration system with a light-weight, easy to use, simple architecture, that saves time and reduces IT and travel costs – and literally gets everyone on the same page.

The system resolves the 3 breakdowns above while recording all user activities in a detailed audit trail in order to meet internal control and FDA regulatory requirements.

The system also provides significant cost benefits in addition to improving information collaboration:

• Reduces travel costs: Using online events, integrated media and file sharing and discussions, the clinical trial team and investigators can conduct program reviews, education activities and special events.

• Eliminates proprietary IT: No proprietary software or hardware and no IT integration. No extra investments in information technologies, CRM, sales force integration and data mining.

If this interests you – drop me a line!

Tell your friends and colleagues about us. Thanks!
Share this hack

Friday morning August 28, a compromised SSH key  enabled attackers to deploy a rootkit and upload files to one of the Apache Foundation servers, the files were then synch’ed to a production server.

A blog post from the Apache Foundation explained that attackers accessed an account at a hosting provider:

“To the best of our knowledge at this time, no end users were affected by this incident,  and the attackers were not able to escalate their privileges on any machines. While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided,” the staff wrote. “The attackers created several files in the directory containing files for, including several CGI scripts.  These files were then rsynced to our production webservers by automated processes.  At about 07:00 on August 28 2009 the attackers accessed these CGI scripts over HTTP, which spawned processes on our production web services”

Last year – we heard that SSH keys generated on certain versions of Debian and Ubuntu were considered compromised because of a highly predictable random number generator.

Considering that serves up the most popular Web server on the planet for both Windows and Linux – it’s a significant event, although being Open Source – it’s not an issue of confidentiality – but an issue of the software integrity – which is easy enough to ensure by reloading fresh copies from the SVN, of the files that were uploaded

First noted on F-Secure

Tell your friends and colleagues about us. Thanks!
Share this

Open source trumps closed access

The comparison between an open source collaborative recommender system and a closed access research effort is revealing – the open source project is already implementing production grade systems and the closed source research  project can allow us to read their article for a fee.

The Apache Mahout/Taste version 0.1 open source software project is being used by Synthese for collaborative filtering of over 1.5 million medical articles. I’ve been playing with the application and the precision and recall of the system is impressive.

By comparison, the article published by M.K. Kavitha Devi, P. Venkatesh in a recent issue of the International Journal of Business Excellence describes design and implementation of  “ICRS: an intelligent collaborative recommender system for electronic purchasing“. The article is available for purchase only and the implementation doesn’t appear to have been released as an free open source project. The work itself seems quite interesting:

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Postgresql 8.4 or MySQL

MySQL now belongs to Oracle – Oracle’s track record on keeping acquisitions alive is mixed. If you want a real database that is extremely Oracle compliant (PLpgSQL is very close to PL/SQL) look no further than then harder (more secure), better, faster Postgresql 8.4 the world’s most advanced Open Source database.   Using the new cloud computing functionality in Ubuntu 9.04 and pretty soon we’re talking very high performance and very accessible databases.

So – now is the time to switch to a real database.

Tell your friends and colleagues about us. Thanks!
Share this

Why do people commit crimes?

The president of a prospect was recently discussing with us whether Oracle IRM (information rights management)  was a good way of preventing data loss, and a viable alternative to a DLP (data loss prevention) system. Rights management would appear at first blush to be orthogonal to data loss prevention but it’s an interesting question that got me thinking.

The answer lies in understanding the fundamentals of crime.

Like any other crime, a trusted insider needs a  combination of means, opportunity, and intent.
Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

The worst bugs are the simplest bugs

It is a truism of security that the worst vulnerabilities are usually the simplest – many  are configuration bugs or simple design flaws like leaving temp files world read.

Many Open Source projects such as Open Clinica use the excellent PostgreSQL database. You get 90% of Oracle at 10% of the weight and for free.   The problem with projects such as Open Clinica is that the end users are generally security innocents. Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Teachers Matter More Than PCs

Just as I was wondering how pumping trillions into banks will solve the GFC (great financial crisis) – along comes Craig Barrett (former CEO of Intel) and tells us that Teachers Matter More Than PCs

“We’re bailing out Wall Street, we’ll be bailing out Detroit soon, we’re bailing out the agricultural sector with high subsidies at a time of record crop prices,” Mr. Barrett said. “Where is the public outrage that the U.S. education system is failing our kids?”

This is a particularly cogent point for someone like me who lives in Israel. The Israeli Ministry of Education has been installing massive quantities of PCs in classrooms from kindergarden to 12th grade high school.  The lip-service to PC and Microsoft Windows usage in the classroom has reached new levels of absurdity when I heard from my niece, who is a  first grade teacher, that they teach computer literacy and how to use Microsoft Paint.  It is no accident that achievements of Israeli High School students in international math tests have fallen from the top 10 to the bottom 50 in less than 20 years.

Schools should take a lesson from best practice risk management of large software engineering projects:  increasing the number of programmers in the middle of a failing project is a very bad idea.  Less is more in programming and less PCs are more in the classroom.

Give the classroom back to the teachers.   Invest all that money in better salaries.   Our kids live and breathe Internet and computers – its part of their life and just as there is no reason to teach children how to use a phone, there is no reason for a first grade class to learn how to use Paint.

Tell your friends and colleagues about us. Thanks!
Share this